INTERNETLAWCASESMATERIALSbyEricGoldmanz-lib.org.pdf

INTERNET LAW:

CASES & MATERIALS

Professor Eric Goldman

July 2020 version

i.

Portions © Eric Goldman

Follow new developments in Internet Law at my Technology & Marketing Law blog

[http://blog.ericgoldman.org/] and my Twitter feed [https://twitter.com/ericgoldman].

To make sure you always are looking at the most current version, I have excluded the text

of most statutes and similar rulesets from the book and linked to the statutes in the table of

contents. However, Internet law is principally a statute-driven course, and there’s no

substitute for actually reading the statutes!

Editing Notes:

 Textual omissions are noted with ellipses

 Omitted footnotes are not indicated, but all footnote numbers are original

 In-text citations are omitted without indication (including parenthetical

explanations and some parallel citations)

 Although I have tried to preserve the original formatting (such as italics, bold and

blockquotes), some formatting may have changed or been lost.

 I included the authoring judge’s name only when I think that may be interesting.

 I’ve made minor edits to my blog posts without indicating those changes.

To improve readability, I have aggressively stripped out case citations and parenthetical

explanations (more so than in most casebooks). If you are interested in the court’s actual

words or intend to quote or cite one of these opinions, I STRONGLY recommend that you

pull the actual opinion and read the unedited version.

There are a few review questions sprinkled throughout the book. Answers are at the end of

the book, but no fair peeking until you’ve tried your best!

People disagree whether the “I” in Internet should be capitalized. See, e.g., Susan C.

Herring, Should You Be Capitalizing the Word 'Internet'?, WIRED, Oct. 19, 2015,

https://www.wired.com/2015/10/should-you-be-capitalizing-the-word-internet/. Like most

old-timers, I always capitalize “Internet”!

If you are a professor and you’re adopting this book for your course, please email me at

([email protected]). I can share my course notes and PowerPoint deck.

If you bought a hard copy of this book: I’ve done my best to make the hard copy version of

the book useful to you, but it lacks color images, clickable links, and keyword searching.

Please email me ([email protected]) your hard copy purchase receipt showing which

edition you bought, and I will happily email you a PDF at no extra cost to you.

I’m grateful to many people over the years who have provided helpful comments to improve

this book, including Venkat Balasubramani, Lydia de la Torre, James Grimmelmann,

Daphne Keller, Jeff Kosseff, Alex Levy, Jess Miers, and Nathan Walker. I welcome your

comments or corrections at [email protected].

ii.

TABLE OF CONTENTS

I. What is the Internet? Who Regulates It?

Noah v. AOL (E.D. Va.) .............................................................................................. Page 10

Determining the Geography of Internet-Connected Devices ............................................ 23

II. Jurisdiction

Evaluating Personal Jurisdiction ....................................................................................... 29

Toys ‘R’ Us v. Step Two (3d Cir.) ........................................................................................ 30

Illinois v. Hemi Group (7th Cir.) ........................................................................................ 41

III. Contracts

Meyer v. Uber (2d Cir.) ....................................................................................................... 46

Register.com v. Verio (2d Cir.) ........................................................................................... 70

Harris v. Blockbuster ......................................................................................................... 80

IV. Trespass/Computer Fraud & Abuse Act

Review: the Computer Fraud & Abuse Act, 18 U.S.C. §1030

[http://www.law.cornell.edu/uscode/text/18/1030], and California Penal Code §502

[https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=502.&lawC

ode=PEN]

Comparison of Trespass to Chattels Doctrines .................................................................. 91

Intel v. Hamidi (Cal. Sup. Ct.) ........................................................................................... 92

Register.com v. Verio (Trespass to Chattels section)........................................................ 112

Online Trespass to Chattels: a Failed Experiment ......................................................... 117

V. Copyright

Copyright Basics (Copyright Office Circular 1) ............................................................... 121

Note About Fair Use ......................................................................................................... 126

Cartoon Network v. CSC (2d Cir.) .................................................................................... 130

MGM Studios v. Grokster (Sup. Ct.) ................................................................................ 143

Secondary Liability

Review: 17 U.S.C. §512 [http://www.copyright.gov/title17/92chap5.html#512]

Section 512(c) Cheat Sheet ............................................................................................... 156

UMG v. Shelter Capital (9th Cir. revised opinion) .......................................................... 158

Recap

Ticketmaster v. RMG ....................................................................................................... 179

iii.

VI. Trademarks and Domain Names

Review: 15 U.S.C. §1114 [http://www.law.cornell.edu/uscode/text/15/1114], 15 U.S.C. §1125

[http://www.law.cornell.edu/uscode/text/15/1125], and 15 U.S.C. §8131

[http://www.law.cornell.edu/uscode/text/15/8131]

Trademark FAQs .............................................................................................................. 192

Trademark Glossary ......................................................................................................... 194

A. Domain Names and Metatags

Review: ICANN Uniform Domain Name Dispute Resolution Policy

[https://www.icann.org/resources/pages/policy-2012-02-25-en] and Rules for Uniform

Domain Name Dispute Resolution Policy [https://www.icann.org/resources/pages/udrp-

rules-2015-03-11-en]

Lamparello v. Falwell (4th Cir.) ....................................................................................... 197

Promatek v. Equitrac (7th Cir.) Original Order and Revision ........................................ 211

B. Search Engines

Review: Google’s Trademark Policy [https://support.google.com/adwordspolicy/answer/6118]

Network Automation v. Advanced Systems Concepts (9th Cir.) ..................................... 218

Tiffany v. eBay (2d Cir.) ................................................................................................... 236

VII. Pornography

Pornography Glossary ...................................................................................................... 251

Reno v. ACLU (Sup. Ct. 1997) .......................................................................................... 252

Ashcroft v. ACLU (Sup. Ct. 2004) .................................................................................... 267

VIII. Defamation and Information Torts

47 U.S.C. §230 .................................................................................................................. 282

An Introduction to Section 230 ........................................................................................ 285

A Note About FOSTA ....................................................................................................... 293

Zeran v. America Online (4th Cir.) .................................................................................. 301

Fair Housing Council v. Roommates.com (9th Cir. en banc) ........................................... 312

Top Myths of Content Moderation ................................................................................... 341

International Approaches to Liability for Information Torts .......................................... 343

IX. Privacy

Review: 16 C.F.R. Part 312 [http://www.gpo.gov/fdsys/pkg/FR-2013-01-17/pdf/2012-

31341.pdf (starting at page 38)]

Excerpts from 16 C.F.R. Part 312, the Children’s Online Privacy Protection Act’s

Regulations ....................................................................................................................... 355

Note About the E.U.’s General Data Protection Regulation (GDPR) .............................. 357

An Introduction to the California Consumer Privacy Act (CCPA) .................................. 365

iv.

In re. Pharmatrak (1st Cir.) ............................................................................................. 372

X. Spam

Review: CAN-SPAM Act of 2003 [http://www.gpo.gov/fdsys/pkg/PLAW-

108publ187/pdf/PLAW-108publ187.pdf] and 16 C.F.R. Part 316 [http://www.ecfr.gov/cgi-

bin/text-idx?c=ecfr&rgn=div5&view=text&node=16:1.0.1.3.40&idno=16]

Where’s the Beef? Dissecting Spam’s Purported Harms ................................................. 384

XI. Blogs and Social Networking Sites

The Third Wave of Internet Exceptionalism ................................................................... 393

People v. Lopez (Cal. App. Ct.) ......................................................................................... 395

Doe v. MySpace (5th Cir.) ................................................................................................. 399

Zimmerman v. Weis Markets ........................................................................................... 406

Farley v. Callais & Sons .................................................................................................... 409

In re Rolando S. (Cal. App. Ct.) ........................................................................................ 416

Moreno v. Hanford Sentinel (Cal. App. Ct.) ..................................................................... 421

REVIEW QUESTION ANSWERS ................................................................................ 428

v.

1.

I. What is the Internet? Who Regulates It?

This book is about Internet Law. But is it possible to distinguish between “the Internet”

and “not the Internet”? What defines this boundary? From a policy and regulatory

standpoint, why does this boundary matter?

Defining the Internet

The Internet is an electronic communication network. There are many other electronic

networks, including wired and wireless telephony and radio and television broadcast, all of

which have historical roots that differ greatly from the Internet. We generally consider

those networks as distinct from the Internet, even though those networks can carry

Internet traffic, and even though the Internet makes it possible to replicate telephony,

radio, and television functions.

So what distinguishes the Internet from other electronic communications networks? There

is no single well-accepted answer to this question.

Perhaps most distinctively, the Internet uses “packet switching.” To understand packet

switching, it helps to understand a bit about Internet history. The following explanation

comes from American Civil Liberties Union v. Reno, 929 F. Supp. 824 (E.D. Pa. 1996):

5. The Internet had its origins in 1969 as an experimental project of the

Advanced Research Project Agency (“ARPA”), and was called ARPANET.

This network linked computers and computer networks owned by the

military, defense contractors, and university laboratories conducting defense-

related research. The network later allowed researchers across the country to

access directly and to use extremely powerful supercomputers located at a

few key universities and laboratories. As it evolved far beyond its research

origins in the United States to encompass universities, corporations, and

people around the world, the ARPANET came to be called the “DARPA

Internet,” and finally just the “Internet.”

6. From its inception, the network was designed to be a decentralized, self-

maintaining series of redundant links between computers and computer

networks, capable of rapidly transmitting communications without direct

human involvement or control, and with the automatic ability to re-route

communications if one or more individual links were damaged or otherwise

unavailable. Among other goals, this redundant system of linked computers

was designed to allow vital research and communications to continue even if

portions of the network were damaged, say, in a war.

7. To achieve this resilient nationwide (and ultimately global)

communications medium, the ARPANET encouraged the creation of multiple

links to and from each computer (or computer network) on the network. Thus,

a computer located in Washington, D.C., might be linked (usually using

dedicated telephone lines) to other computers in neighboring states or on the

Eastern seaboard. Each of those computers could in turn be linked to other

computers, which themselves would be linked to other computers.

2.

8. A communication sent over this redundant series of linked computers could

travel any of a number of routes to its destination. Thus, a message sent from

a computer in Washington, D.C., to a computer in Palo Alto, California,

might first be sent to a computer in Philadelphia, and then be forwarded to a

computer in Pittsburgh, and then to Chicago, Denver, and Salt Lake City,

before finally reaching Palo Alto. If the message could not travel along that

path (because of military attack, simple technical malfunction, or other

reason), the message would automatically (without human intervention or

even knowledge) be re-routed, perhaps, from Washington, D.C. to Richmond,

and then to Atlanta, New Orleans, Dallas, Albuquerque, Los Angeles, and

finally to Palo Alto. This type of transmission, and re-routing, would likely

occur in a matter of seconds.

9. Messages between computers on the Internet do not necessarily travel

entirely along the same path. The Internet uses “packet switching”

communication protocols that allow individual messages to be subdivided into

smaller “packets” that are then sent independently to the destination, and

are then automatically reassembled by the receiving computer. While all

packets of a given message often travel along the same path to the

destination, if computers along the route become overloaded, then packets

can be re-routed to less loaded computers.

Statutory definitions of the “Internet” often reference packet switching or its enabling

protocol called Transmission Control Protocol/Internet Protocol (TCP/IP). For example, in

the United States Code, you’ll find two alternative definitions of “Internet”:

 “the international computer network of interoperable packet switched data

networks” (e.g., 31 U.SC. § 5362; 47 U.S.C. § 230).

 “collectively the myriad of computer and telecommunications facilities, including

equipment and operating software, which comprise the interconnected world-wide

network of networks that employ the Transmission Control Protocol/Internet

Protocol, or any predecessor [or] successor protocols to such protocol, to communicate

information of all kinds by wire or radio” (e.g., the Children’s Online Privacy

Protection Act, 15 U.S.C. § 6555; the now-defunct Internet Tax Freedom Act, 47

U.S.C. § 151 note).

Historically, the Internet has been perceived as a virtual space. However, the emergence of

the “Internet-of-Things” has further blurred the boundaries between “the Internet” and “not

the Internet.” Physical items are now routinely Internet-enabled, including cars,

thermostats, juicers (the Juicero), and adult toys (the “We-Vibe”). As the Internet pervades

physical items in the “offline” world, is there a coherent border between “the Internet” and

“not the Internet”?

Accessing the Internet

Internet access providers (IAP) are the service providers that get users and services online.

IAPs are sometimes called “Internet Service Providers” or “ISPs,” but that term is also

3.

sometimes confusingly used to describe websites as well. To reduce semantic ambiguity,

never use the term “ISP;” use the term “IAP” when referring to Internet access.

Some of the primary ways that we access the Internet:

 At home, most people obtain Internet access from their telephony or cable provider,

such as AT&T or Comcast.

 Most people also access the Internet on their smartphones through their cellular

service provider or third-party wi-fi services.

 Employers and schools routinely provide Internet access to their

employees/students.

 Businesses routinely provide wi-fi Internet access to their customers.

What Can We Do on the Internet?

There are many communication modalities on the Internet, including email, chat, message

boards, social media, web publishing and more. The Internet enables individuals to create

their own personal website or blog. More typically, people use third-party publishing tools,

such as social media, which expedite the content distribution process and provide exposure

to an existing audience.

Many of these content publication options are free; others are relatively low cost. The ACLU

v. Reno court said in 1996, “the Internet provides an easy and inexpensive way for a

speaker to reach a large audience, potentially of millions. The start-up and operating costs

entailed by communication on the Internet are significantly lower than those associated

with use of other forms of mass communication, such as television, radio, newspapers, and

magazines.” This low cost has led to an explosion of content unprecedented in human

history, with a virtually infinite diversity of content (for better and for worse). As the ACLU

v. Reno court wrote in 1996, “It is no exaggeration to conclude that the content on the

Internet is as diverse as human thought.”

There are two other distinctive aspects of the Internet as a content publication platform.

First, the Internet makes it seamless to browse content from diverse sources due to

abundant and easy-to-use links. As the ACLU v. Reno court wrote in 1996, “[Hyper]links

from one computer to another, from one document to another across the Internet, are what

unify the Web into a single body of knowledge, and what makes the Web unique…The

power of the Web stems from the ability of a link to point to any document, regardless of its

status or physical location.”

Second, we routinely flip between being consumers and producers of online content, often

without thinking about that transition. As the ACLU v. Reno court wrote in 1996:

79. Because of the different forms of Internet communication, a user of the

Internet may speak or listen interchangeably, blurring the distinction

between “speakers” and “listeners” on the Internet. Chat rooms, e-mail, and

newsgroups are interactive forms of communication, providing the user with

the opportunity both to speak and to listen.

4.

80. It follows that unlike traditional media, the barriers to entry as a speaker

on the Internet do not differ significantly from the barriers to entry as a

listener. Once one has entered cyberspace, one may engage in the dialogue

that occurs there. In the argot of the medium, the receiver can and does

become the content provider, and vice-versa.

81. The Internet is therefore a unique and wholly new medium of worldwide

human communication.

Mobile Devices as Computers. As further evidence of the degradation of the boundaries

between the Internet and not-the-Internet, most people carry a mobile computer—with

Internet access—around with them at virtually all times. From Riley v. California, 573 U.S.

373 (2014):

The term “cell phone” is itself misleading shorthand; many of these devices

are in fact minicomputers that also happen to have the capacity to be used as

a telephone. They could just as easily be called cameras, video players,

rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions,

maps, or newspapers.

One of the most notable distinguishing features of modern cell phones is their

immense storage capacity. Before cell phones, a search of a person was

limited by physical realities and tended as a general matter to constitute only

a narrow intrusion on privacy. Most people cannot lug around every piece of

mail they have received for the past several months, every picture they have

taken, or every book or article they have read—nor would they have any

reason to attempt to do so. And if they did, they would have to drag behind

them a trunk of the sort held to require a search warrant in Chadwick rather

than a container the size of the cigarette package in Robinson.

But the possible intrusion on privacy is not physically limited in the same

way when it comes to cell phones. The current top-selling smart phone has a

standard capacity of 16 gigabytes (and is available with up to 64 gigabytes).

Sixteen gigabytes translates to millions of pages of text, thousands of

pictures, or hundreds of videos. Cell phones couple that capacity with the

ability to store many different types of information: Even the most basic

phones that sell for less than $20 might hold photographs, picture messages,

text messages, Internet browsing history, a calendar, a thousand-entry phone

book, and so on. We expect that the gulf between physical practicability and

digital capacity will only continue to widen in the future.

The storage capacity of cell phones has several interrelated consequences for

privacy. First, a cell phone collects in one place many distinct types of

information—an address, a note, a prescription, a bank statement, a video—

that reveal much more in combination than any isolated record. Second, a cell

phone’s capacity allows even just one type of information to convey far more

than previously possible. The sum of an individual’s private life can be

reconstructed through a thousand photographs labeled with dates, locations,

and descriptions; the same cannot be said of a photograph or two of loved

5.

ones tucked into a wallet. Third, the data on a phone can date back to the

purchase of the phone, or even earlier. A person might carry in his pocket a

slip of paper reminding him to call Mr. Jones; he would not carry a record of

all his communications with Mr. Jones for the past several months, as would

routinely be kept on a phone.

Finally, there is an element of pervasiveness that characterizes cell phones

but not physical records. Prior to the digital age, people did not typically

carry a cache of sensitive personal information with them as they went about

their day. Now it is the person who is not carrying a cell phone, with all that

it contains, who is the exception. According to one poll, nearly three-quarters

of smart phone users report being within five feet of their phones most of the

time, with 12% admitting that they even use their phones in the shower. A

decade ago police officers searching an arrestee might have occasionally

stumbled across a highly personal item such as a diary. But those discoveries

were likely to be few and far between. Today, by contrast, it is no

exaggeration to say that many of the more than 90% of American adults who

own a cell phone keep on their person a digital record of nearly every aspect

of their lives—from the mundane to the intimate. Allowing the police to

scrutinize such records on a routine basis is quite different from allowing

them to search a personal item or two in the occasional case.

Although the data stored on a cell phone is distinguished from physical

records by quantity alone, certain types of data are also qualitatively

different. An Internet search and browsing history, for example, can be found

on an Internet-enabled phone and could reveal an individual’s private

interests or concerns—perhaps a search for certain symptoms of disease,

coupled with frequent visits to WebMD. Data on a cell phone can also reveal

where a person has been. Historic location information is a standard feature

on many smart phones and can reconstruct someone’s specific movements

down to the minute, not only around town but also within a particular

building.

Mobile application software on a cell phone, or “apps,” offer a range of tools

for managing detailed information about all aspects of a person’s life. There

are apps for Democratic Party news and Republican Party news; apps for

alcohol, drug, and gambling addictions; apps for sharing prayer requests;

apps for tracking pregnancy symptoms; apps for planning your budget; apps

for every conceivable hobby or pastime; apps for improving your romantic life.

There are popular apps for buying or selling just about anything, and the

records of such transactions may be accessible on the phone indefinitely.

There are over a million apps available in each of the two major app stores;

the phrase “there’s an app for that” is now part of the popular lexicon. The

average smart phone user has installed 33 apps, which together can form a

revealing montage of the user’s life.

In 1926, Learned Hand observed that it is “a totally different thing to search

a man’s pockets and use against him what they contain, from ransacking his

house for everything which may incriminate him.” If his pockets contain a

6.

cell phone, however, that is no longer true. Indeed, a cell phone search would

typically expose to the government far more than the most exhaustive search

of a house: A phone not only contains in digital form many sensitive records

previously found in the home; it also contains a broad array of private

information never found in a home in any form—unless the phone is.

Who Controls the Internet? In the 1990s, many people referred to the Internet as the

ultimate disintermediator; some technologists even thought it would make centralized

control of the communication network impossible. From the 1996 ACLU v. Reno opinion:

11. No single entity—academic, corporate, governmental, or non-profit—

administers the Internet. It exists and functions as a result of the fact that

hundreds of thousands of separate operators of computers and computer

networks independently decided to use common data transfer protocols to

exchange communications and information with other computers (which in

turn exchange communications and information with still other computers).

There is no centralized storage location, control point, or communications

channel for the Internet, and it would not be technically feasible for a single

entity to control all of the information conveyed on the Internet….

46. A distributed system with no centralized control. Running on tens of

thousands of individual computers on the Internet, the Web is what is known

as a distributed system. The Web was designed so that organizations with

computers containing information can become part of the Web simply by

attaching their computers to the Internet and running appropriate World

Wide Web software. No single organization controls any membership in the

Web, nor is there any single centralized point from which individual Web

sites or services can be blocked from the Web. From a user’s perspective, it

may appear to be a single, integrated system, but in reality it has no

centralized control point.

This might still be true in a literal sense. However, as technology has developed new

communication innovations, governments have counter-innovated ways of controlling those

communications. Some “chokepoints” that governments have targeted:

 Internet access providers determine what their users can do on the Internet. In

many countries, there are a small number of IAPs; and the government licenses

IAPs or otherwise exercises substantial control over their businesses. In extreme

cases, a government can require all of a country’s IAPs to shut down and take the

country off the Internet entirely.

 The domain name system and IP address systems are targetable chokepoints. For

example, turning off a domain name makes the associated service functionally

invisible. Website blocking orders, which block domain names of illegal activity,

have become increasingly routine in Europe. Alternatively, blocking an IP address

makes the associated computer(s) invisible to other parts of the Internet. In extreme

cases, a government can force all of the country’s IAPs to block a domain name or IP

address. For example, Turkey regularly blocks YouTube. To get around these blocks,

people in the country might use “VPNs.” VPN services allow users to “rent” an IP

7.

address from them. Using such services can allow a user to appear to third party

websites as if they are coming from a different country than the user’s actual

country. For example, if the BBC tries to restrict its online content only to viewers in

the United Kingdom, people in other countries can rent an IP address from a UK-

based VPN service and gain access BBC’s content by appearing to be located in the

UK. This creates a cat-and-mouse game, as governments then seek to block or

restrict access to VPNs.

 Search engines are often a key chokepoint because they affect what people see. For

example, governments can mandate that search engines do not “auto-complete”

certain queries, implicitly obscuring the search results associated with those

queries.

 Browser software manufacturers are a chokepoint because their settings and

functionality often dictate what users can do online.

 The major social media services can become a chokepoint when they control a large

portion of the desired audience.

Governments have other techniques to assert control over Internet actors. First, they can

require that any service available in their country have a physical presence there. Some

geographic-specific domain names, such as “.eu,” require a local physical presence. That

physical presence makes it easier for governments to target any associated physical assets

or employees, including the threat of jailing the personnel.

Second, many countries have gone further and required that Internet services must store

all personal information from the country’s residents in the country (called “data

localization” requirements). In addition to giving the government more assets to target, the

requirement facilitates the government’s censorship of that data because it can forcibly

suppress the data stored in its territory.

At its most extreme, Russia has developed its own country-specific Internet (the “Runet”)

that can be disconnected from the rest of the Internet for purposes of “Internet sovereignty”

or “national security.” Jane Wakefield, Russia 'Successfully Tests' Its Unplugged Internet,

BBC, Dec. 24, 2019, https://www.bbc.com/news/technology-50902496. Such a system has

unlimited potential for censorship by ensuring that the only content available to Russian

citizens on the “Internet” comes from publishers and services that the Russian government

can control.

We will revisit ways that governments can subject Internet actors to legal consequences in

the jurisdiction module.

Authenticating User Attributes on the Internet

You may be familiar with this iconic 1993 New Yorker cartoon:

8.

In the optimistic period of the 1990s, this cartoon stood for the proposition that people could

be someone different on the Internet. In particular, on the Internet, people could interact

with other people without displaying—and, in theory, without being judged based on—their

visible physical characteristics such as age, gender, or race. It also meant people could

engage in role-playing and experience what life is like for people with different attributes.

Later, the New Yorker cartoon took on an unexpectedly ironic meaning. Extensive data

gathering by Internet companies that they knew virtually everything about Internet

users—perhaps more than the users know about themselves. Some folks on the Internet

may not know you’re a dog, but Google and Facebook do.

Authenticating users’ ages has been a perennial authentication challenge. In 1995, a cyber-

panic swept through Congress because minors could find pornography online. However, the

First Amendment protects the availability of pornography to adults, so Congress could not

categorically ban pornography online. Nevertheless, Congress passed the Communications

Decency Act, which led to a legal battle covered in the Reno v. ACLU opinion later in this

book.

In the mid-1990s, it was not feasible to distinguish minors from adults online. To work

around that technological limitation, the Communications Decency Act created a safe

harbor for treating users as adults if they presented a valid credit card number. There are a

number of problems with this approach, including the now-dubious assumption that minors

don’t have access to a valid credit card number.

Remarkably, age authentication technologies have not materially improved in the past

quarter-century. Some social media services “age-gate” by blocking minors’ access to some

material on their services, but the efficacy of such age-gating depends on whether the user

self-reported his/her age accurately in the first place. Otherwise, most forms of online

communication—ranging from web publishers to email correspondents—still lack an

effective way of reliably and accurately distinguishing minors from adults. Nowadays, the

privacy-invasive implications of age authentication seemingly conflict with consumers’

increasing desire for privacy online.

Have We Fallen Out of Love With the Internet? The Internet is a major advance in human

technology, and it enables functionality that truly would have seemed like science fiction to

people before the Internet. That’s why most people still love the Internet. Yet, over time,

the Internet’s brand has been degrading:

9.

Americans have grown somewhat more ambivalent about the impact of

digital connectivity on society as a whole. A sizable majority of online adults

(70%) continue to believe the internet has been a good thing for society. Yet

the share of online adults saying this has declined by a modest but still

significant 6 percentage points since early 2014, when the Center first asked

the question….

Those who think the internet has had a good impact on society tended to

focus on two key issues, according to follow-up items which allowed

respondents to explain their views in their own words. Most (62% of those

with a positive view) mentioned how the internet makes information much

easier and faster to access. Meanwhile, 23% of this group mentioned the

ability to connect with other people, or the ways in which the internet helps

them keep more closely in touch with friends and family.

By contrast, those who think the internet is a bad thing for society gave a

wider range of reasons for their opinions, with no single issue standing out.

The most common theme (mentioned by 25% of these respondents) was that

the internet isolates people from each other or encourages them to spend too

much time with their devices. These responses also included references to the

spread and prevalence of fake news or other types of false information: 16%

mentioned this issue. Some 14% of those who think the internet’s impact is

negative cited specific concerns about its effect on children, while 13% argued

that it encourages illegal activity. A small share (5%) expressed privacy

concerns or worries about sensitive personal information being available

online.

Declining Majority of Online Adults Say the Internet Has Been Good for Society, Pew

Research Center, Apr. 30, 2018, http://www.pewinternet.org/2018/04/30/declining-

majority-of-online-adults-say-the-internet-has-been-good-for-society/. Government

regulators routinely take a much dimmer view of the Internet than the average

consumer.

10.

In the next case, the court legally distinguishes an online chatroom from an offline

restaurant. Do you agree?

Noah v. AOL Time Warner Inc., 261 F. Supp. 2d 532 (E.D. Va. 2003)

Plaintiff, on behalf of himself and a class of those similarly situated, sues his Internet

service provider (ISP)* for damages and injunctive relief, claiming that the ISP wrongfully

refused to prevent participants in an online chat room from posting or submitting harassing

comments that blasphemed and defamed plaintiff’s Islamic religion and his co-religionists.

Specifically, plaintiff claims his ISP’s failure to prevent chat room participants from using

the ISP’s chat room to publish the harassing and defamatory comments constitutes a

breach of the ISP’s customer agreement with plaintiff and a violation of Title II of the Civil

Rights Act of 1964, 42 U.S.C. § 2000a et seq.

At issue on a threshold dismissal motion are

(i) the now familiar and well-litigated question whether a claim, like

plaintiff’s, which seeks to hold an ISP civilly liable as a publisher of third

party statements is barred by the immunity granted ISP’s by the

Communications Decency Act of 1996, 47 U.S.C. § 230,

(ii) the less familiar, indeed novel question whether an online chat room is a

“place of public accommodation” under Title II, and

(iii) the rather prosaic question whether plaintiff’s breach of contract claim is

barred by the very contract on which he relies, namely the Member

Agreement contract.

For the reasons that follow, plaintiff’s claims do not survive threshold inspection and must

therefore be dismissed.

I.

Plaintiff Saad Noah, a Muslim, is a resident of Illinois and was a subscriber of defendant

America Online, Inc. (“AOL”)’s Internet service until he cancelled the service in July of

2000. AOL, which is located in the Eastern District of Virginia, is, according to the

complaint, the world’s largest Internet service provider, with more than 30 million

subscribers, or “members,” worldwide. Defendant AOL Time Warner Inc. is the parent

company of AOL.

Among the many services AOL provides its members are what are popularly known as

“chat rooms.” These occur where, as AOL does here, an ISP allows its participants to use its

facilities to engage in real-time electronic conversations. Chat room participants type in

their comments or observations, which are then read by other chat room participants, who

may then type in their responses. Conversations in a chat room unfold in real time; the

submitted comments appear transiently on participants’ screens and then scroll off the

screen as the conversation progresses. AOL chat rooms are typically set up for the

* [Editor’s note: even though this court did, please don’t use the term ISP.]

11.

discussion of a particular topic or area of interest, and any AOL member who wishes to join

a conversation in a public chat room may do so.

Two AOL chat rooms are the focus of plaintiff’s claims: the “Beliefs Islam” chat room and

the “Koran” chat room. It is in these chat rooms that plaintiff alleges that he and other

Muslims have been harassed, insulted, threatened, ridiculed and slandered by other AOL

members due to their religious beliefs. The complaint lists dozens of harassing statements

made by other AOL members in these chat rooms on specified dates, all of which plaintiff

alleges he brought to AOL’s attention together with requests that AOL take action to

enforce its member guidelines and halt promulgation of the harassing statements. The

statements span a period of two and one-half years, from January 10, 1998 to July 1, 2000,

and are attributable to various AOL chat room participants only by virtue of a screen name.

A representative sample of the reported offensive comments follows:

(i) On January 10, 1998 the AOL Member with the screen name “Aristotlee”

wrote “islam is meaniglessssss thought,” “allahsdick cut offfffffff,” “dumballah

bastard,” “allah assssshole,” “allajs dick is in holy dick place hey.” “FUCK

ALLAH,” etc.

(ii) On April 26, 1998, “Twotoneleg” wrote “I HATE MUSLIMS,” “THE

KORAN SUCKS,” etc., and “BOSS30269” wrote “I LIKE SHOOTING

MUSLIMS,” “I WILL BOMB THE MIDDLE EAST,” and “FUCK ISLAM.”

(iii) On November 4, 1998, “Hefedehefe” wrote “SMELLY TOWEL HEADS”

and “MUSLIM TOWEL HEADS.”

(iv) On July 11, 1999, “Jzingher” wrote “The Koran and Islam are creations of

Satan to distract people from the true faith which is Judaism. Mohammed

was merely a huckster who found a simple people he could manipulate.”

(v) On July 18, 1999 “SARGON I” wrote “Qura’n lies about everything—a

Satan made verses of darkness and destruction!”, “Mohammed was no shit,

only a killer, thief, a liar and a adulterer!”, and “BYE STUPID

MUSLIMS....ALL GO TO HELL.”

(vi) On July 1, 2000, “DXfina3000 wrote “muslims suck,” “they suck ass,”

“korans is use to wipe ass,” “fuckin muslins,” and “well allah can suck my

dick you peice of ass.”

Plaintiff understandably complained about these offensive, obnoxious, and indecent

statements, initially through the channels provided by AOL for such complaints and

eventually through emails sent directly to AOL’s CEO Steve Case. Plaintiff alleges that

although he reported every one of the alleged violations to AOL, AOL refused to exercise its

power to eliminate the harassment in the “Beliefs Islam” and “Koran” chat rooms.

Moreover, plaintiff contends that AOL gave a “green light” to the harassment of Muslims in

these forums, claiming that such harassment was not tolerated in chat rooms dealing with

other subjects and faiths. In protest, plaintiff cancelled his AOL account in July 2000.

Plaintiff further alleges that other Muslim members of AOL have also complained to AOL

about similar harassing statements.

12.

The relationship between AOL and each of its subscribing members is governed by the

Terms of Service (“TOS”), which include a Member Agreement and the Community

Guidelines. The Member Agreement is a “legal document that details [a member’s] rights

and obligations as an AOL member,” and it requires, inter alia, that AOL members adhere

to AOL’s standards for online speech, as set forth in the Community Guidelines. These

Guidelines state, in pertinent part, that

... You will be considered in violation of the Terms of Service if you (or others

using your account) do any of the following: ....

* Harass, threaten, embarrass, or do anything else to another member that is

unwanted. This means: ... don’t attack their race, heritage, etc....

* Transmit or facilitate distribution of content that is harmful, abusive,

racially or ethnically offensive, vulgar, sexually explicit, or in a reasonable

person’s view, objectionable. Community standards may vary, but there is no

place on the service where hate speech is tolerated.

* Disrupt the flow of chat in chat rooms with vulgar language, abusiveness, ...

The Member Agreement states that AOL has the right to enforce these Community

Guidelines “in its sole discretion.” In response to a violation, “AOL may take action against

your account,” ranging from “issuance of a warning about a violation to termination of your

account.” AOL’s Community Action Team is responsible for enforcing the content and

conduct standards and members are encouraged to notify AOL of violations they observe

online. Importantly, however, the Member Agreement states that AOL members “... also

understand and agree that the AOL Community Guidelines and the AOL Privacy Policy,

including AOL’s enforcement of those policies, are not intended to confer, and do not confer,

any rights or remedies upon any person.”…

IV.

Plaintiff’s Title II claim fails for two alternate and independent reasons. First, plaintiff’s

claim against AOL is barred because of the immunity granted AOL, as an interactive

computer service provider, by the Communications Decency Act of 1996, 47 U.S.C. § 230.

Second, plaintiff’s claim fails because a chat room is not a “place of public accommodation”

as defined by Title II, 42 U.S.C. § 2000a(b). Each dismissal ground is separately

addressed….

[Editor’s note: after studying Section 230, you might revisit this case to think about why

Section 230 applied to Noah’s claims.]

B.

Even assuming, arguendo, that plaintiff’s Title II claim is not barred by § 230, it must

nonetheless be dismissed for failure to state a claim because AOL’s chat rooms and other

online services do not constitute a “place of public accommodation” under Title II.

13.

Title II provides that “[a]ll persons shall be entitled to full and equal enjoyment of the

goods, services, facilities, privileges, advantages, and accommodations of any place of public

accommodation, as defined in this section, without discrimination or segregation on the

ground of race, color, religion, or national origin.” 42 U.S.C. § 2000a(a). Title II defines a

“place of public accommodation” as follows:

Each of the following establishments which serves the public is a place of

public accommodation within the meaning of this subchapter ...

(1) any inn, hotel, motel, or other establishment which provides lodging to

transient guests, other than an establishment located within a building

which contains not more than five rooms for rent or hire and which is

actually occupied by the proprietor of such establishment as his residence;

(2) any restaurant, cafeteria, lunchroom, lunch counter, soda fountain, or

other facility principally engaged in selling food for consumption on the

premises, including, but not limited to, any such facility located on the

premises of any retail establishment; or any gas station;

(3) any motion picture house, theater, concert hall, sports arena, stadium or

other place of exhibition or entertainment; and

(4) any establishment (A)(i) which is physically located within the premises of

any establishment otherwise covered by this subsection, or (ii) within the

premises of which is physically located any such covered establishment, and

(B) which holds itself out as serving patrons of such covered establishment.

42 U.S.C. § 2000a(b).

The theory of plaintiff’s Title II claim is that he was denied the right of equal enjoyment of

AOL’s chat rooms because of AOL’s alleged failure to take steps to stop the harassing

comments and because of AOL’s warnings to plaintiff and brief termination of plaintiff’s

service. In this regard, plaintiff contends that the chat rooms are “place[s] of ...

entertainment” and thus within the public accommodation definition. Yet, as the relevant

case law and an examination the statute’s exhaustive definition make clear, “places of

public accommodation” are limited to actual, physical places and structures, and thus

cannot include chat rooms, which are not actual physical facilities but instead are virtual

forums for communication provided by AOL to its members.

Title II’s definition of “places of public accommodation” provides a list of “establishments”

that qualify as such places. This list, without exception, consists of actual physical

structures; namely any “inn, hotel, motel, ... restaurant, cafeteria, lunchroom, lunch

counter, soda fountain, ... gasoline station ... motion picture house, theater, concert hall,

sports arena [or] stadium.” In addition, § 2000a(b)(4) emphasizes the importance of physical

presence by referring to any “establishment ... which is physically located within” an

establishment otherwise covered, or “within ... which” an otherwise covered establishment

“is physically located.” (emphasis added) Thus, in interpreting the catchall phrase “other

place of exhibition or entertainment” on which plaintiff relies, the statute’s consistent

14.

reference to actual physical structures points convincingly to the conclusion that the phrase

does not include forums for entertainment that are not physical structures or locations.

As the Supreme Court has held, § 2000a(b)(3) should be read broadly to give effect to the

statute’s purpose, namely to eliminate the “daily affront and humiliation” caused by

“discriminatory denials of access to facilities ostensibly open to the general public.”

(emphasis added). This broad coverage stems from a “natural reading of [the statute’s]

language,” which should be “given full effect according to its generally accepted meaning.”

As such, it is clear that the reach of Title II, however broad, cannot extend beyond actual

physical facilities. Given Title II’s sharp focus on actual physical facilities, such as inns,

motels, restaurants, gas stations, theaters, and stadiums, it is clear that Congress intended

the statute to reach only the listed facilities and other similar physical structures, not to

“regulate a wide spectrum of consensual human relationships.”

This emphasis on actual physical facilities is reinforced by the cases rejecting Title II claims

against membership organizations. In Welsh, the plaintiffs, who were atheists, claimed that

the Boy Scouts of America violated Title II in denying them membership, arguing that the

Boy Scouts were a “place of ... entertainment.” The majority of the Seventh Circuit panel in

Welsh concluded that the Boy Scouts of America is not a “place of public accommodation”

under Title II because it is not “closely connected to a particular facility.” In doing so, the

Welsh majority distinguished the Boy Scouts from membership organizations in which

membership “functions as a ‘ticket’ to admission to a facility or location,” that have been

consistently held to be places of public accommodation under Title II. Similarly, the Ninth

Circuit in Clegg held that the Cult Awareness Network, a nonprofit organization that

provides information to the public concerning cults and supports former cult members, was

not a “place of public accommodation” because it had “no affiliation with any public facility.”

In short, it is clear from the cases considering membership organizations that status as a

place of public accommodation under Title II requires some connection to some specific

physical facility or structure. As noted in Welsh and Clegg, to ignore this requirement is to

ignore the plain language of the statute and to render the list of example facilities provided

by the statute superfluous.

In arguing that places of public accommodation are not limited to actual physical facilities

under Title II, plaintiff turns to the case law interpreting the analogous “place of public

accommodation” provision under Title III of the Americans With Disability Act (ADA).

While the case law concerning places of public accommodation under the ADA is more

abundant than that under Title II, it is not entirely uniform. Yet, a detour into the parallel

ADA cases is instructive and ultimately supports the conclusion that “places of public

accommodation” must consist of, or have a clear connection to, actual physical facilities or

structures.

The circuits are split regarding the essential question whether a place of public

accommodation under the ADA must be an actual concrete physical structure. On the one

hand, as plaintiff notes, the First Circuit has held that “places of public accommodation”

under Title III of the ADA are not limited to actual physical facilities. See Carparts

Distribution Center, Inc. v. Automotive Wholesaler’s Assoc. of New England, Inc., 37 F.3d

12, 18-20 (1st Cir. 1994) (holding that a trade association which administers a health

insurance program, without any connection to a physical facility, can be a “place of public

15.

accommodation”).9 On the other hand, the Third, Sixth and Ninth Circuits, in similar cases

involving health insurance programs, followed the logic of Welsh and Clegg in holding that

places of public accommodation under Title III of the ADA must be physical places. Thus, it

appears that the weight of authority endorses the “actual physical structure” requirement

in the ADA context as well.

Most significantly, two more recent ADA cases involving fact situations much closer to

those at bar reaffirm the principle that a “places of public accommodation,” even under the

ADA’s broader definition, must be actual, physical facilities. In one case, the plaintiffs

claimed that Southwest Airlines was in violation of the ADA because its “southwest.com”

web site was incompatible with “screen reader” programs and thus inaccessible to blind

persons. See Access Now, Inc. v. Southwest Airlines, Co., 227 F. Supp. 2d 1312, 1316 (S.D.

Fla. 2002). Thus, the question presented was whether the airline’s web site, which serves as

an online ticket counter, constitutes a “place of public accommodation” under the ADA. The

Access Now court held that places of public accommodation under the ADA are limited to

“physical concrete structures,” and that the web site was not an actual physical structure.

Rejecting the invitation to endorse the Carparts approach and apply the ADA to Internet

web sites despite their lack of physical presence, the Access Now court concluded that “[t]o

expand the ADA to cover ‘virtual’ spaces would create new rights without well-defined

standards.”11 Similarly, in another case, plaintiff contended that the defendant’s digital

cable system was in violation of the ADA because its on-screen channel guide was not

accessible to the visually impaired. Here too, the district court rejected the notion that the

digital cable system was a “place of public accommodation,” because “in no way does

viewing the system’s images require the plaintiff to gain access to any actual physical

public place,” Furthermore, the Torres court sensibly concluded that the mere fact that the

digital cable system relied on physical facilities to support and transmit its services did not

convert the cable service into a “physical public place.”

In sum, whether one relies on the Title II case law or looks to the broader ADA definition of

public place of accommodation, it is clear that the logic of the statute and the weight of

authority indicate that “places of entertainment” must be actual physical facilities. With

this principle firmly established, it is clear that AOL’s online chat rooms cannot be

construed as “places of public accommodation” under Title II. An online chat room may

arguably be a “place of entertainment,” but it is not a physical structure to which a member

of the public may be granted or denied access, and as such is fundamentally different from

a “motion picture house, theater, concert hall, sports arena, [or] stadium.” Although a chat

9 In reaching this conclusion, the First Circuit in Carparts relied on the ADA’s more expansive definition of

“place of public accommodation,” in particular its inclusion of a “travel service,” “insurance office,” and “other

service establishments” as places of public accommodation. Focusing on these terms, the First Circuit concluded

that “Congress clearly contemplated that ‘service establishments’ include providers of services which do not

require a person to physically enter an actual physical structure,” and thus that the Title III of the ADA is not

limited to “physical structures which person must enter to obtain goods and services.” Simply put, the Carparts

court found it irrational to conclude that Title III of the ADA reaches those who enter an office to purchase

insurance services, but not those who purchase them over the mail or by telephone. Notably, Title II of the Civil

Rights Act does not include a “travel service,” “insurance office,” or “other service establishments” in its

definition, making the relevance of Carparts and its progeny to Title II questionable, at best. 11 But see Doe v. Mutual of Omaha Ins. Co., 179 F.3d 557, 559 (7th Cir. 1999) (citing Carparts approvingly and

stating, in dicta, that Title III of the ADA reaches “the owner or operator of a store, hotel, restaurant, dentist’s

office, travel agency, theater, Web site, or other facility (whether in physical space or in electronic space)”)

(emphasis added) (citation omitted).

16.

room may serve as a virtual forum through which AOL members can meet and converse in

cyberspace, it is not an “establishment,” under the plain meaning of that term as defined by

the statute. Unlike a theater, concert hall, arena, or any of the other “places of

entertainment” specifically listed in § 2000a(b), a chat room does not exist in a particular

physical location, indeed it can be accessed almost anywhere, including from homes,

schools, cybercafes and libraries. In sum, although a chat room or other online forum might

be referred to metaphorically as a “location” or “place,” it lacks the physical presence

necessary to constitute a place of public accommodation under Title II. Accordingly, even if

plaintiff’s Title II claim were not barred by § 230’s grant of immunity to service providers, it

would be fail [sic] on the independent ground that AOL’s chat rooms are not places of public

accommodation….

[The court rejected Noah’s breach of contract claim based on various limitations in the

contract terms. The court also rejected Noah’s First Amendment claims because AOL is not

a state actor.]

NOTES AND QUESTIONS

For a more recent case involving very similar issues, see Ebeid v. Facebook, Inc., 2019 WL

2059662 (N.D. Cal. 2019) (reaching the same outcome).

The Race and Religious Dimensions of this Case. How do you think Noah’s race and religion

affected AOL’s dealings with him? Why do you think AOL didn’t enforce its TOS more

aggressively? Do you think Noah’s race and religion played a role in the court’s opinion?

If civil rights laws protect against online services’ discrimination based on a person’s

characteristics, they may equally protect the interests of people with majority

characteristics. If Noah won this case against AOL, would a Christian user be able to force

AOL to remove any Muslim-advocacy chatrooms because any criticisms of Christianity in

the chatrooms discriminate against him? Cf. Wilson v. Twitter, 2020 WL 3410349 (S.D.W.V.

2020) (a Christian heterosexual unsuccessfully sued Twitter for discrimination because it

removed his pro-Christian and pro-heterosexual content); Lewis v. Google LLC, 2020 WL

2745253 (N.D. Cal. 2020) (the plaintiff claimed national origin discrimination by YouTube

because he “is a patriotic American citizen who promotes Constitutional rights of

Americans, Christian beliefs and American laws and culture”); Domen v. Vimeo, Inc., 433

F. Supp. 3d 592 (SDNY 2020) (the plaintiff claimed Vimeo discriminated against him based

on his sexual orientation because it removed his videos lauding conversion therapy).

Questioning AOL’s Choices. What do you think should AOL do differently? Some options:

 AOL could remove posts that users complain about. In other words, Noah could send

takedown notices for posts that offend him. That solution would be after-the-fact, so

offending posts would still cause some harm before removal. Further, do you agree

that all of the posts highlighted by Noah should be removed? Some posts are

unquestionably offensive and stupid, but they are likely First Amendment-protected

speech (which doesn’t apply to AOL, but it does indicate their “legality”), and other

comments might be bona fide, if misguided, contributions to an actual debate.

Because everyone in their chatroom will have idiosyncratic standards for they think

17.

is acceptable content, how can an intermediary like AOL successfully navigate its

chatroom users’ different and possibly constantly shifting standards?

 To avoid acting after-the-fact, AOL could prescreen all chatroom submissions. Even

if AOL could do a perfect job of prescreening, the time-delay would turn the

chatroom into an asynchronous message board.

 If the prescreening costs or liability risks are too great, AOL could decide chatrooms

aren’t worth it and shut them down entirely.

Do you prefer any of these options over the approach AOL actually deployed? Can you think

of any options not mentioned above that will make some people better off without making

anyone worse off? Or can you think of other options that will benefit some people and

disadvantage others? In the latter case, who should decide which groups to privilege and

which to disadvantage?

We will revisit the balancing act faced by intermediaries when we talk about intermediary

liability later in the book, especially with respect to Section 512 and Section 230.

Internet Exceptionalism. “Internet exceptionalism” means regulating the Internet

differently than other media. In some cases, the Internet is sufficiently different from other

media that we can justify Internet exceptionalist regulation. In other cases, the differences

between the Internet and other media are exaggerated, making the different legal

treatment impossible to justify.

Internet exceptionalism can cut both ways—we could give legal preferences to Internet

actors (like 47 U.S.C. §230, discussed later in the book), or we could burden Internet actors

more than other media actors. More commonly, as part of a “techno-panic,” regulators

overreact to emerging Internet technologies and seek to burden the new development

because it’s new and scary, not because the legal distinctions are analytically justifiable.

Is Internet exceptionalism justified? In 2017, Justice Kennedy wrote:

While we now may be coming to the realization that the Cyber Age is a

revolution of historic proportions, we cannot appreciate yet its full

dimensions and vast potential to alter how we think, express ourselves, and

define who we want to be. The forces and directions of the Internet are so

new, so protean, and so far reaching that courts must be conscious that what

they say today might be obsolete tomorrow.

Packingham v. North Carolina, 137 S. Ct. 1730 (2017). In a concurrence, Justice Alito

added: “Cyberspace is different from the physical world.”

A November 2017 online survey asked: “Should the federal government regulate large

social media platforms (eg Facebook/Twitter) that display, but don't produce, content in the

way the government regulates media companies?” Respondents answered yes 34% and no

62%. (see https://drive.google.com/file/d/0B-OW6-tDrcdMN0h4THpwUnJadFE/view). But

did respondents favor more, or less, regulation of social media platforms compared to offline

media?

18.

In support of Internet exceptionalism, consider some categories of activity that do not exist

in the offline world:

 Consumer review websites like Yelp, where consumers can share their opinions

about businesses with strangers.

 Consumer-to-consumer marketplaces like eBay

 Peer-posted free-to-access “how-to” videos on YouTube. (And cat videos).

 Wikipedia

Can you think of other examples of content and services that exist only online? Also, recall

the ACLU v. Reno discussion about some of the ways that the Internet differs from other

media.

Social Media Exceptionalism. In exploring social media exceptionalism (we’ll define and

discuss “social media” later) as a subset of Internet exceptionalism, researcher danah boyd

identified four key attributes of social media:

• persistence: the durability of online expressions and content;

• visibility: the potential audience who can bear witness;

• spreadability: the ease with which content can be shared;

• and searchability: the ability to find content.

DANAH BOYD, IT’S COMPLICATED: THE SOCIAL LIVES OF NETWORKED TEENS (2014). She adds

that these attributes “are not in and of themselves new….What is new is the way in which

social media alters and amplifies social situations by offering technical features that people

can use to engage in these well-established practices.” What do you think of this?

Cyber-Bullying. Was Noah “cyber-bullied” or “cyber-harassed” (based on whatever those

terms mean to you)? Have you ever experienced similar online remarks directed towards

you? If you’re not Muslim, do you think your first-hand experiences might differ from

Noah’s? Do the Trump-era anti-Muslim actions by the U.S. government highlight why

Muslim-Americans might feel threatened or vulnerable?

Cyberspace and “Places of Public Accommodation.” What policy rationales did the court

provide in rejecting Noah’s argument that AOL was a place of public accommodation?

Because of the court’s ruling, AOL has more favorable legal treatment than certain

categories of offline retail establishments. Can you think of persuasive reasons to treat

online venues like AOL differently than physical venues like restaurants?

As the Noah case indicates, courts will look past the online nomenclature and metaphors

that invoke familiar offline concepts. See, e.g., Young v. Facebook, Inc., 790 F. Supp. 2d

1110 (N.D. Cal. 2011):

Despite its frequent use of terms such as “posts” and “walls,” Facebook

operates only in cyberspace, and is thus is not a “place of public

accommodation” as construed by the Ninth Circuit. While Facebook’s physical

headquarters obviously is a physical space, it is not a place where the online

19.

services to which Young claims she was denied access are offered to the

public.

Nevertheless, the caselaw is split about the Internet’s physicality. Compare Freedom

Watch, Inc. v. Google, Inc., 368 F. Supp. 3d 30 (D.D.C. 2019) (D.C. Human Rights Act only

applies to physical places, not Facebook or Twitter speech forums) with Harrington v.

Airbnb, Inc., 348 F. Supp. 3d 1085 (D. Ore. 2018) (Airbnb is a “place of public

accommodation” because it offers a “service of searching for, finding, and booking an

accommodation using its online platform”).

In particular, in Americans with Disabilities Act claims (Title III, compared with the Noah

court’s analysis of Title II), courts increasingly classify Internet services as places of public

accommodation. This has become routine in cases where the defendant has offline retail

stores and the website/app relates to those stores, such as the ability to place orders. See,

e.g., Robles v. Domino’s Pizza, LLC, 913 F.3d 898 (9th Cir. 2019) (“the ADA mandates that

places of public accommodation, like Domino’s, provide auxiliary aids and services to make

visual materials available to individuals who are blind. This requirement applies to

Domino’s website and app, even though customers predominantly access them away from

the physical restaurant”).

Some courts have gone further and imposed ADA requirements on online-only defendants.

See, e.g., National Association of the Deaf v. Netflix, Inc., 869 F. Supp. 2d 196 (D. Mass.

2012) (Netflix is a place of public accommodation for purposes of the Americans with

Disabilities Act); compare National Association of the Deaf v. Harvard University, 377 F.

Supp. 3d 49 (D. Mass. 2019) (Section 230—discussed more later in the book—may apply to

the ADA claims when applied to third-party videos hosted on Harvard’s network).

For a recap of the various majority/minority legal standards in applying the ADA to online

services, see Martinez v. San Diego County Credit Union, 2020 WL 3396649 (Cal. App. Ct.

June 19, 2020).

The “Company Town” Analogy. In traditional government-operated public forums, such as

streets and sidewalks, the First Amendment robustly protects citizens’ speech. For this

reason, the First Amendment limits the ability of privately owned “company towns” to

restrict speech on their streets and sidewalks. Online, some commentators have claimed

that the Internet giants own the “virtual streets and sidewalks” and should be similarly

required to comply with First Amendment restrictions. These arguments have not fared

well in court. See, e.g., Prager University v. Google LLC, 951 F.3d 991 (9th Cir. 2020):

YouTube does not perform a public function by inviting public discourse on

its property….Unlike the company town in Marsh, YouTube merely operates

a platform for user-generated video content; it does not “perform[] all the

necessary municipal functions,” nor does it operate a digital business district

that has ‘all the characteristics of any other American town.’

In contrast, when the government (including elected officials) runs an online speech forum,

such as social media accounts, any restrictions on constituent speech can trigger First

Amendment scrutiny. See Knight First Amendment Institute at Columbia University v.

20.

Trump, 928 F.3d 226 (2d Cir. 2019) (Pres. Trump’s Twitter account, which he admitted he

used for official government purposes, was a public forum, so his blocking of citizens from

responding to his Twitter account violated the First Amendment).

What Does Physical Presence Mean? In Minnesota, it’s a crime to “engage in masturbation

or lewd exhibition of the genitals in the presence of a minor under the age of 16, knowing or

having reason to know the minor is present.” Does the statute refer to physical presence,

virtual presence (whatever that means), or both? In other words, does texting a dick pic to a

minor violate this statute? Compare State v. Decker, 916 N.W.2d 385 (Minn. 2018) with

State v. Legassie, 171 A.3d 589 (Me. 2017) (no conviction for Maine’s “indecency” crime).

Another scenario: Journalist Kurt Eichenwald has epilepsy, something he’s publicly

discussed many times. A Twitter troll knew of Eichenwald’s epilepsy, and the troll tweet-

replied to Eichenwald’s Twitter account a strobing animated GIF with the goal—and

effect—of triggering an epileptic seizure.

Eichenwald brought a civil lawsuit against the troll, including a claim for battery. The legal

standard for civil battery: “intentionally, knowingly, or recklessly caus[ing] bodily injury

[or] intentionally or knowingly caus[ing] physical contact with another when the person

knows or should reasonably believe that the other will regard the contact as offensive or

provocative.” Did sending the GIF constitute a “battery”?

The court rejected a motion to dismiss. “Plaintiff has alleged that light waves emitted from

the GIF touched Plaintiff’s retina, generated an electric signal, and caused a seizure.

Taking, as the Court must, Plaintiff’s allegations as true, including his characterization of

the science and Plaintiff’s physical condition, there was physical contact.” Eichenwald v.

Rivello, 318 F. Supp. 3d 766 (D. Md. 2018).

The court explained:

Defendant here allegedly chose to use the electronic capabilities of a

computer as a weapon—as a means of causing physical harm. Defendant’s

tweet, activating certain harmful capabilities of the transmitting computer,

converted the computer into a weapon to inflict physical injury. The computer

and the tweet were no longer merely a mode of communication. Something

more, and separate, from mere communication occurred...an offensive

touching.

If light waves touching a human eyeball constitutes physicality, does that collapse any

distinction between the online and offline worlds?

CHAPTER 1 REVIEW QUESTION #1

Which of the following regulations reflect Internet exceptionalism?

a) A court opinion holding that Uber must treat its drivers as employees instead of

independent contractors

b) A city regulation imposing a “bed tax” on hotel stays, and defining the word “hotel” to

include Airbnb rentals

21.

c) A federal law banning states from imposing sales tax collection obligations on e-

commerce transactions

d) A state law excluding e-books from sales tax, even if the same material published in hard

copy form would be subject to sales tax

e) A state law requiring online dating websites to check the criminal backgrounds of all

paying members

22.

Determining the Geographic Location of Internet-Connected Devices

The “geography question” is one of the most crucial issues in Internet law. How do

geographically structured laws and enforcement overlay an electronic network that crosses

geographic borders? The answer may partially depend on technological facts: how easy it is

to know the geographic location of an Internet user, and how easy is it to restrict/limit

interactions with users in “unwanted” locations? Technology continues to evolve, but the

legal answers remain unresolved.

In 1996, the ACLU v. Reno court wrote: “Once a provider posts its content on the Internet,

it cannot prevent that content from entering any community. Unlike the newspaper,

broadcast station, or cable system, Internet technology necessarily gives a speaker a

potential worldwide audience.”

The situation today is more complicated. Every device connected to the Internet has a

unique identifier, called an “IP address,” that functions as the address for sending packets

to it. An IP address serves the same purpose as a postal mailing address or a telephone

number, which similarly help identify the destination for incoming communications by mail

and telephony, respectively.

IP addresses can reveal information about the user’s geography, whether the user intends

to or not. (A VPN reduces this risk by masking the user’s actual IP address from the desired

service; but the VPN operator in the middle may be able to deduce the user’s geography).

First, IP addresses ranges are allocated to IP address registries that operate on a trans-

national regional basis. It’s easy to look up an IP address and determine which registry it

belongs to. That provides a clue about the user’s geographic region.

Second, each regional registry can further provide chunks of IP addresses to licensees, such

as businesses or universities. It is easy to look up an IP address and determine its licensee.

That information supports an inference that the user and the licensee are in the same

geography. For example, when I use my work computer with an IP addressed licensed to

my university employer, it’s possible to deduce that I am in the same geography as my

employer. In my case, that should narrow down my geography to just a few city blocks.

Inferring the user’s geography based on the location of the IP address’ licensee is an

imperfect science. For example, many major Internet access providers might have a single

geographic location for all of the IP addresses they provide to users nationwide. For

example, I use Comcast as my home Internet access provider. If an Internet service tried to

infer my geography by knowing I used a Comcast-licensed IP address, they might get my

country right but probably would be wrong (by a lot!) about my state or city.

There are many ways to determine the actual geography of an IP address more precisely.

The following excerpt comes from Ben Kneen, Geotargeting Explained: How Ad Servers

Understand Physical Locations (May 7, 2012), http://www.adopsinsider.com/ad-

serving/geotargeting-explained-how-ad-servers-understand-physical-locations/:

23.

Pings, Traceroutes, Reverse DNS, and Other Technical Methods of Geolocation

…the heavy lifting is usually done through a combination of three technical

processes known as pings, traceroutes, and reverse DNS lookups. Let’s run through

a high level explanation of all three processes, and then explain how they work in

concert to geographically locate a single IP address.

A ping is just a small piece of information sent from one computer to another, with a

request to call the originating computer back. Pings can also record the round trip

time of the journey, and are used for a variety of administrative network processes.

Think of it like a submarine’s sonar technology, applied to the internet.

Tracerouting is basically a way to record the network routing process of the ping

service, or the detail behind how the ping got from one machine to its destination.

Tracerouting records how a ping is routed, who it is routed through, and the time it

takes at each step. When information travels across the internet, be it a ping or just

regular surfing, it moves through a series of very high speed fiber optic networks

owned by various public and private entities. Now, when the information gets

physically close to a user, it passes down to an Internet Service Provider (ISP),*

which sells internet access to consumers. The ISP eventually moves the packet of

information to a nearby network router to the user, which connects directly to the

user. By using the traceroute utility, the geolocation service can know every system

the information was passed through in order to get to its final destination. The

important piece of information the service gets from a traceroute is the IP address of

that final network router, geographically nearest to the user….

With the network router’s IP address in hand, the geolocation service can finally use

a technique known as a reverse DNS lookup to identify who owns that network

router, which it can use to lock in on the physical location of the user. Reverse DNS

is simply a service to identify the hostname of an IP address, that is, who owns an IP

address. For many home computers, the host ends up being the ISP. For businesses,

the host ends up being the company’s domain….

Geolocation in Action

Now that you understand the basic approach, here’s how it all works together at a

high level.

When a geolocation service wants to triangulate an IP, it starts by pinging that IP

address from a central server it owns, and then looking at the traceroute. From the

traceroute, the service can identify the nearest network router to the user by IP,

labeled point A on the diagram below. Then, using a reverse DNS lookup, the service

can find out which ISP owns that router, and then query the location from public

data, the ISP itself if the service has a business relationship in place, or failing that,

triangulate the location with the process below.

* [Editor’s note: yet another reminder to use IAP instead of ISP.]

24.

In all likelihood, the geolocation service already knows the location of this network

router, either by working with an ISP directly, or through previous triangulation

efforts. With that location in hand, the geolocation service hands off the

triangulation process to servers closest to that network router, of which it also

knows the exact geographic location. Now, the service sends a ping from at least

three of its own separate servers (1, 2, 3), and records the time it takes to reach the

user. Only time can be recorded from a ping, not distance, but using time as a

radius, the geolocation service can draw a circle around each server, and know that

the target location must exist at some point on the arc.

With three separate locations, the target location should exist at the one point where

all the arcs meet, which also gives the service the exact vector to the target from

each server. And, since information runs through fiber optic cable at a known,

constant speed (about 2/3 the speed of light), the service can now translate that time

into a distance, and with the vector and a known server location, calculate the exact

location of the target, within a certain margin of error, depending on the exact

method used, and how many points of triangulation are employed. Currently, the

most advanced geolocation triangulation methods employ as many as 36 points to

eliminate problem data and increase accuracy, and can accurately map an IP

address within 700m….

25.

Network Maps & WHOIS Lookups

Using either piece of information, the ISP or the business domain, the geolocation

service can further refine the geographic values of a given IP. Geolocation services

may also work directly with ISPs to get the general physical location, when available

of a given IP, since the ISP will know the exact address of the customer using that

connection at any given time. It’s important to note that no PII [personally

identifiable information] is exchanged in that process, a zip code is just mapped to

the IP address, and not all ISPs participate, or may simply provide the location of

the final network router instead of the end-user’s zip.

Some of the more sophisticated geolocation services may be able to deduce the

physical location of an ISPs network routers, also known as the ISP’s network map,

by pinging those routers from various servers with known geographic locations,

measuring the time it takes to get a response, and using that information to

triangulate the router.

Businesses may also have a specific address, available through a WHOIS lookup,

which allows country, state, city, and zip to be assigned. The WHOIS directory is a

public registry of who owns what domain, along with their name, and importantly,

address. Through this information, geolocation services can get a better idea of the

physical location of each machine….

IP address mapping techniques aren’t infallible. For example, they might reveal the

location of the IAP’s server in a nearby zip code, rather than the user’s actual computer.

Also, users using a VPN cannot be accurately located.

Please try this yourself: go to http://www.maxmind.com/app/locate_my_ip. There, you will

get your computer’s IP address and an estimate of your geographic location. How accurate

is the estimate? MaxMind, like most IP address location vendors, has its own limitations.

See Kashmir Hill, How Cartographers for the U.S. Military Inadvertently Created a House

of Horrors in South Africa, GIZMODO, Jan. 9, 2019, https://gizmodo.com/how-cartographers-

for-the-u-s-military-inadvertently-c-1830758394 (MaxMind sometimes assigns a default—

and thus incorrect—location for IP addresses that it can’t otherwise identify). For more fun,

try playing around with the tools at http://www.dnsstuff.com/tools.

Historically, IP address analysis is the preeminent method of geolocating users, but other

techniques are available.

First, users might voluntarily self-report their location. For example, users routinely self-

report their mailing addresses to e-commerce retailers.

Second, cellphones constantly pings local cell towers. This geolocates the cellphone with

some specificity; and if combined with triangulation among multiple cellphone towers, it

can be extremely precise.

Third, cellphones constantly ping wi-fi hotspots. This, too, provides a very specific location

for your cellphone and, with triangulation of wi-fi hotspots, can produce location accuracy

down to a few feet. Retail stores use this information to track the movements of in-store

26.

customers. Stephanie Clifford & Quentin Hardy, Attention, Shoppers: Store Is Tracking

Your Cell, N.Y. TIMES, July 14, 2013.

Fourth, cellphones capture GPS location. If it reports that GPS information to a third-party

service—something apps do if the phone user permits the app to access geolocation

information—it can also locate the cellphone within a few dozen feet. This is why ride-

sharing services like Uber and Lyft and map services like Google Maps are so accurate.

To get a sense of how much people’s lives can be reversed-engineered by tracking their

phone’s location and combining it with publicly available information about their activities,

see this visual representation of the life of German politician Malte Spitz:

http://www.zeit.de/datenschutz/malte-spitz-data-retention; see also Stuart A. Thompson and

Charlie Warzel, Twelve Million Phones, One Dataset, Zero Privacy, N.Y. TIMES, Dec. 19,

2019, https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-

phone.html.

All told, Internet services may be able to determine the geography of their users with

varying levels of precision. If a service has access to GPS data or wi-fi pinging, it probably

knows its users’ geography by country, state, county, city, and even city block. If it’s using

IP address analysis, it probably knows its users’ country and state and possibly city.

An example of how law enforcement can use online databases to determine the location,

and ultimately the identity, of criminal suspects:

On November 10, 2014, Detective William Arnold, Jr. of the Junction City

Police Department received a tip from the Wichita Police Department.

Tumblr—a website typically used to post image blogs—reported to the

Wichita Police Department that an account titled “dadydaughtertimes”

uploaded an image suspected to be child pornography. Tumblr disabled the

account and reported the IP address— i.e., the internet service provider's

address, or the location to which the internet sends information—and the

associated email address from which the image was uploaded.

Detective Arnold confirmed the image appeared to be child pornography. He

researched the IP address and determined it was located in Junction City,

Geary County, Kansas and was registered to Cox Communications. By

researching the email address provided by Tumblr, Arnold discovered an

associated account with Google Picasa—a cloud-based photo archive

website—which displayed the name “Jimmy Henning.” Believing the name

“Jimmy” to be a nickname for “James,” Arnold searched the Junction City

Police Department internal database records and identified James Henning

living at a residence on 12th Street in Junction City.

Detective Arnold also searched the IP address in the Child Protective System

(CPS) database. He found the IP address was associated with a Globally

Unique Identifier (GUID)—an internet-capable machine, such as a

computer—for a period of time including October 11, 2014, which was the

date of the last login to the Tumblr account. Therefore, he concluded that the

IP address and GUID were connected on the same date as the last login of

27.

the Tumblr account that uploaded the child pornography image. Arnold

identified two images of suspected child pornography associated with the

GUID and IP address together. In addition, CPS records indicated the GUID

had been in possession of 1,612 images of known or suspected child

pornography and was associated with several other network or proxy IP

addresses, which could indicate an attempt to hide online activity.

Detective Arnold drafted a probable cause affidavit, upon which the district

court issued a search warrant to Cox Communications seeking account

information—name, address, date of birth, and social security number—for

the account assigned to the IP address on October 11, 2014. Cox

Communication’s response revealed the account in question was registered to

Mary Henning, who resided at the same address Arnold had previously

identified as James Henning's residence. Arnold added the information

received from Cox Communications to his probable cause affidavit in support

of a search warrant for his residence on 12th Street, which was issued by the

district court.

State v. Henning, 401 P.3d 185 (Kan. Ct. App. 2017). Why did Tumblr believe the IP

address was located in the Wichita, Kansas area? This is not especially accurate; Wichita is

over 110 miles from Junction City. What is the Child Protective System database, who has

access to it, and how reliable is its information? Notice how law enforcement used the

Tumblr email address to find a seemingly related account in Google Picasa that revealed

the suspect’s real name. Do you find it encouraging, or disturbing, that law enforcement can

gather clues to the suspect’s identity that easily? (To state the obvious, many criminals,

especially those in the child pornography community, use email addresses that are not

linked to any other accounts).

Does the increasing availability and accuracy of geolocation technology make it more likely

that regulators will compel its usage? See Marketa Trimble, To Geoblock, or Not To

Geoblock – Is That Still a Question?, TECH. & MKTG. L. BLOG, May 9, 2017,

http://blog.ericgoldman.org/archives/2017/05/to-geoblock-or-not-to-geoblock-is-that-still-a-

question-guest-blog-post.htm.

From AF Holdings v. Does 1-1058, 752 F.3d 990 (D.C. Cir. 2014):

AF Holdings’s discovery demands were overbroad because it made no attempt

to limit its inquiry to those subscribers who might actually be located in the

District. It could have easily done so using what are known as geolocation

services, which enable anyone to estimate the location of Internet users based

on their IP addresses. Such services cost very little or are even free. See

Amicus Br. of Electronic Frontier Foundation, et al. 24 (observing that

“Neustar IP Intelligence . . . provides on-demand geolocation services for $8

per 1,000 addresses); see also http://freegeoip.net (last visited May 22, 2014)

(providing this service for free). While perhaps not precise enough to identify

an Internet user’s street address, these services “can be accurate”—certainly

sufficiently accurate to provide at least some basis for determining whether a

particular subscriber might live in the District of Columbia rather than, say,

Oregon.

28.

CHAPTER 1 REVIEW QUESTION #2

Which of the following identifiers indicate some geographic information about the

associated person?

a) mailing address

b) telephone number

c) IP address

d) credit card number

e) Social Security number

29.

II. Jurisdiction

Evaluating Personal Jurisdiction

The following five-step methodology helps determines if the defendant can be sued in the

plaintiff’s preferred forum:

Step 1: Even if personal jurisdiction is proper, can a judgment be enforced against the

defendant (or parties related to the defendant)? If the answer is no, then how can the

lawsuit accomplish the plaintiff’s goals—even if the plaintiff wins in court?

Step 2: Does the forum have general jurisdiction over the defendant? General jurisdiction

applies when the defendant has a physical presence in the forum or has “systematic and

continuous contacts” that are the functional equivalent of physical presence.

Step 3: If the forum does not have general jurisdiction, did the defendant nevertheless

consent to jurisdiction in the forum? If not, the plaintiff needs to establish specific

jurisdiction or the lawsuit fails.

Step 4: Does the state long-arm statute confer jurisdiction? If not, the lawsuit fails.

Step 5: If yes, does the exercise of jurisdiction satisfy Constitutional Due Process? Three

alternative ways to evaluate Due Process:

a) Minimum contacts test

 Did the defendant have minimum contacts with the forum…

 Such that it made “purposeful availment” of the state’s laws

 …and would jurisdiction comport with traditional notions of fair play and

substantial justice?

 Could the defendant “reasonably anticipate” being haled into court?

b) “Effects Test”: Defendant expressly aims intentional tortious actions at state and causes

foreseeable harm.

c) In rem actions against domain names (15 U.S.C. §1125(d)(2)).

30.

The next case deals with the less common situation where a U.S. plaintiff is suing an

international defendant. More commonly, a U.S. plaintiff sues a U.S. defendant. The case

provides a useful summary of the law for both situations. To extrapolate to the more

common U.S.-only situation, consider what evidence would be convincing if a U.S. plaintiff

claimed that the U.S. defendant had sufficient ties to the plaintiff’s home court. The Hemi

case, following the Toys ‘R’ Us case, provides additional insight to that question.

Toys ‘R’ Us, Inc. v. Step Two, S.A., 318 F.3d 446 (3d Cir. 2003)

Toys ‘R’ Us, Inc. and Geoffrey, Inc. (“Toys”) brought this action against Step Two, S.A. and

Imaginarium Net, S.L. (“Step Two”), alleging that Step Two used its Internet web sites to

engage in trademark infringement, unfair competition, misuse of the trademark notice

symbol, and unlawful “cybersquatting,” in violation of the Lanham Act, 15 U.S.C. § 1501* et

seq., and New Jersey state law. The District Court denied Toys’ request for jurisdictional

discovery and, simultaneously, granted Step Two’s motion to dismiss for lack of personal

jurisdiction. We hold that the District Court should not have denied Toys’ request for

jurisdictional discovery. We therefore reverse and remand for limited jurisdictional

discovery, relating to Step Two’s business activities in the United States, and for

reconsideration of personal jurisdiction with the benefit of the product of that discovery,

with a view to its renewing administration of the case, in the event the District Court finds

that it does have jurisdiction.

I.

Toys, a Delaware corporation with its headquarters in New Jersey, owns retail stores

worldwide where it sells toys, games, and numerous other products. In August 1999, Toys

acquired Imaginarium Toy Centers, Inc., which owned and operated a network of

“Imaginarium” stores for the sale of educational toys and games. As part of this acquisition,

Toys acquired several Imaginarium trademarks, and subsequently filed applications for the

registration of additional Imaginarium marks. Prior to Toys’ acquisition, the owners of the

Imaginarium mark had been marketing a line of educational toys and games since 1985

and had first registered the Imaginarium mark with the United States Patent and

Trademark Office in 1989. Toys currently owns thirty-seven freestanding Imaginarium

stores in the U.S., of which seven are located in New Jersey. In addition, there are

Imaginarium shops within 175 of the Toys “R” Us stores in the U.S., including five New

Jersey stores.

Step Two is a Spanish corporation that owns or has franchised toy stores operating under

the name “Imaginarium” in Spain and nine other countries. It first registered the

Imaginarium mark in Spain in 1991, and opened its first Imaginarium store in the Spanish

city of Zaragoza in November 1992. Step Two began expanding its chain of Imaginarium

stores by means of a franchise system in 1994. It has registered the Imaginarium mark in

several other countries where its stores are located. There are now 165 Step Two

Imaginarium stores. The stores have the same unique facade and logo as those owned by

Toys, and sell the same types of merchandise as Toys sells in its Imaginarium stores.

However, Step Two does not operate any stores, maintain any offices or bank accounts, or

have any employees anywhere in the United States. Nor does it pay taxes to the U.S. or to

* [Editor’s note: this appears to be a typo in the original court opinion. It should be 15 U.S.C. 1051 et seq.]

31.

any U.S. state. Step Two maintains that it has not directed any advertising or marketing

efforts towards the United States. The record does, however, indicate some contacts

between Step Two and the United States: for example, a portion of the merchandise sold at

Step Two’s Imaginarium stores is purchased from vendors in the United States.

Additionally, Felix Tena, President of Step Two, attends the New York Toy Fair once each

year.

[Imaginarium Store in Leon, Spain, 2013.

Photo courtesy of Lydia de la Torre]

In the mid-1990s, both parties turned to the Internet to boost their sales. In 1995,

Imaginarium Toy Centers, Inc. (which Toys later acquired) registered the domain name

<imaginarium.com> and launched a web site featuring merchandise sold at Imaginarium

stores. In 1996, Step Two registered the domain name <imaginarium.es>, and began

advertising merchandise that was available at its Imaginarium stores. In April 1999,

Imaginarium Toy Centers registered the domain name <imaginarium.net>, and launched

another web site where it offered Imaginarium merchandise for sale. In June 1999, Step

Two registered two additional “Imaginarium” domain names, <imaginariumworld.com>

and <imaginarium-world.com>. In May 2000, Step Two registered three more domain

names: <imaginariumnet.com>, <imaginariumnet.net>, and <imaginariumnet.org>. Step

Two’s web sites are maintained by Imaginarium Net, S.L., a subsidiary of Step Two, S.A.

formed in 2000.

At the time this lawsuit was filed, four of the aforementioned sites operated by Step Two

were interactive, allowing users to purchase merchandise online. When buying

merchandise via Step Two’s web sites, purchasers are asked to input their name and email

address, as well as a credit card number, delivery address, and phone number. At no point

during the online purchase process are users asked to input their billing or mailing address.

The web sites provide a contact phone number within Spain that lacks the country code

that a user overseas would need to dial. Moreover, the prices are in Spanish pesetas and

32.

Euros, and goods ordered from those sites can be shipped only within Spain. Step Two’s

Imaginarium web sites are entirely in Spanish.

Visitors to the four sales-oriented Step Two web sites may elect to receive an electronic

newsletter, or sign up for membership in “Club Imaginarium,” a promotional club with

games and information for children. Each registrant for Club Imaginarium is required to

provide a name and an email address. At the time this suit was filed, there was a section

for “voluntary information,” including the registrant’s home address, on the Club

Imaginarium registration page. This optional portion of the page required users to choose

from a pull-down list of Spanish provinces, and did not accommodate mailing addresses in

the United States. After joining Club Imaginarium via the web site, registrants receive an

automatic email response.

Mr. Tena submitted an affidavit stating that Step Two had not made any sales via its web

sites to U.S. residents. Toys, however, adduced evidence of two sales to residents of New

Jersey conducted via Step Two’s Imaginarium web sites. These purchases were initiated by

Toys. Lydia Leon, a legal assistant in the Legal Department of Geoffrey, Inc., made the first

purchase. Ms. Leon, a resident of New Jersey, purchased a toy via

<www.imaginariumworld.com> on January 23, 2001. The second purchase was made in

February 2001 by Luis M. Lopez, an employee of Darby & Darby P.C., attorneys for Toys.

Mr. Lopez is also a resident of New Jersey, and accessed <www.imaginarium.es> to make

his purchase.

For both of these sales, the items were shipped to Angeles Benavides Davila, a Toys

employee in Madrid, Spain; Ms. Benavides Davila then forwarded the items to the offices of

Geoffrey, Inc. in New Jersey. Both purchases were made with credit cards issued by U.S.

banks. Additionally, both purchasers received in New Jersey an email confirming their

purchases, and a subsequent email with a login and password to access Club Imaginarium.

One of the two purchasers also separately registered for Club Imaginarium, exchanged

emails with a Step Two employee about his purchase, and received a copy of an email

newsletter from Step Two. Aside from these two sales, there is no evidence in the record of

a sale to anyone in the United States. After learning of these two sales, Mr. Tena submitted

a second affidavit stating that his company does not know where its purchasers reside, as

that information is not apparent from a purchaser’s email address, and Step Two keeps

records only of shipping addresses….

II.

In the following discussion, we first consider the standard for personal jurisdiction based

upon a defendant’s operation of a commercially interactive web site, as articulated by courts

within this circuit and other Courts of Appeals. In light of that standard and the arguments

presented in the proceeding below, we then assess the propriety of the District Court’s

denial of jurisdictional discovery.

A. Personal Jurisdiction Based on the Operation of a Web Site

The advent of the Internet has required courts to fashion guidelines for when personal

jurisdiction can be based on a defendant’s operation of a web site. Courts have sought to

articulate a standard that both embodies traditional rules and accounts for new factual

33.

scenarios created by the Internet. Under traditional jurisdictional analysis, the exercise of

specific personal jurisdiction requires that the “plaintiff’s cause of action is related to or

arises out of the defendant’s contacts with the forum.” Beyond this basic nexus, for a

finding of specific personal jurisdiction, the Due Process Clause of the Fifth Amendment

requires (1) that the “defendant ha[ve] constitutionally sufficient ‘minimum contacts’ with

the forum,” id. (quoting Burger King Corp. v. Rudzewicz, 471 U.S. 462, 474 (1985)), and (2)

that “subjecting the defendant to the court’s jurisdiction comports with ‘traditional notions

of fair play and substantial justice,’” id. (quoting Int’l Shoe Co. v. Washington, 326 U.S. 310,

316 (1945)). The first requirement, “minimum contacts,” has been defined as “‘some act by

which the defendant purposefully avails itself of the privilege of conducting activities

within the forum State, thus invoking the benefits and protections of its laws.’” Asahi Metal

Indus. Co., Ltd. v. Superior Court of California, 480 U.S. 102, 109 (1987) (quoting Burger

King Corp., 471 U.S. at 475). Second, jurisdiction exists only if its exercise “comports with

traditional notions of fair play and substantial justice,” i.e., the defendant “should

reasonably anticipate being haled into court” in that forum. World-Wide Volkswagen Corp.

v. Woodson, 444 U.S. 286, 297 (1980).

The precise question raised by this case is whether the operation of a commercially

interactive web site accessible in the forum state is sufficient to support specific personal

jurisdiction, or whether there must be additional evidence that the defendant has

“purposefully availed” itself of the privilege of engaging in activity in that state. Prior

decisions indicate that such evidence is necessary, and that it should reflect intentional

interaction with the forum state. If a defendant web site operator intentionally targets the

site to the forum state, and/or knowingly conducts business with forum state residents via

the site, then the “purposeful availment” requirement is satisfied. Below, we first review

cases from this and other circuits that articulate this requirement. Next, we consider the

role of related non-Internet contacts in demonstrating purposeful availment. We then

assess whether the “purposeful availment” requirement has been satisfied in the present

case.

1. The “Purposeful Availment” Requirement in Internet Cases

a. Third Circuit Cases

The opinion in Zippo Mfg. Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119 (W.D. Pa. 1997)

has become a seminal authority regarding personal jurisdiction based upon the operation of

an Internet web site. The court in Zippo stressed that the propriety of exercising

jurisdiction depends on where on a sliding scale of commercial interactivity the web site

falls. In cases where the defendant is clearly doing business through its web site in the

forum state, and where the claim relates to or arises out of use of the web site, the Zippo

court held that personal jurisdiction exists. In reaching this conclusion, the Zippo court

relied on CompuServe, Inc. v. Patterson, 89 F.3d 1257 (6th Cir. 1996), which found the

exercise of personal jurisdiction to be proper where the commercial web site’s interactivity

reflected specifically intended interaction with residents of the forum state.

Analyzing the case before it, the Zippo court similarly underscored the intentional nature of

the defendant’s conduct vis-a-vis the forum state. In Zippo, the defendant had purposefully

availed itself of doing business in Pennsylvania when it “repeatedly and consciously chose

to process Pennsylvania residents’ applications and to assign them passwords,” knowing

34.

that the contacts would result in business relationships with Pennsylvania customers. The

court summarized the pivotal importance of intentionality as follows:

When a defendant makes a conscious choice to conduct business with the

residents of a forum state, ‘it has clear notice that it is subject to suit there.’

... If [the defendant] had not wanted to be amenable to jurisdiction in

Pennsylvania, ... it could have chosen not to sell its services to Pennsylvania

residents.

Since Zippo, several district court decisions from this Circuit have made explicit the

requirement that the defendant intentionally interact with the forum state via the web site

in order to show purposeful availment and, in turn, justify the exercise of specific personal

jurisdiction. As another district court in this Circuit put it, “[c]ourts have repeatedly

recognized that there must be ‘something more’ ... to demonstrate that the defendant

directed its activity towards the forum state.”

b. Case Law from Other Circuits

Several Courts of Appeals decisions have adopted “purposeful availment” requirements that

are consistent with the principles articulated in the Zippo line of cases. The Fourth Circuit,

in ALS Scan v. Digital Service Consultants, Inc., 293 F.3d 707 (4th Cir. 2002), expressly

incorporated an “intentionality” requirement when fashioning a test for personal

jurisdiction in the context of the Internet:

a State may, consistent with due process, exercise judicial power over a

person outside of the State when that person (1) directs electronic activity

into the State, (2) with the manifested intent of engaging in business or other

interactions within the State, and (3) that activity creates, in a person within

the State, a potential cause of action cognizable in the State’s courts.

In Cybersell, Inc. v. Cybersell, Inc., 130 F.3d 414 (9th Cir. 1997), the Ninth Circuit

considered an infringement action brought against a Florida web site operator whose

allegedly infringing site was accessible in Arizona, the state where the plaintiff had its

principal place of business. In declining to exercise specific personal jurisdiction, the

Cybersell court found there must be “‘something more’ [beyond the mere posting of a

passive web site] to indicate that the defendant purposefully (albeit electronically) directed

his activity in a substantial way to the forum state.” Decisions from other circuits have

articulated similar standards. See, e.g., Neogen Corp. v. Neo Gen Screening, Inc., 282 F.3d

883, 890 (6th Cir. 2002) (holding that the purposeful availment requirement is satisfied “if

the web site is interactive to a degree that reveals specifically intended interaction with

residents of the state”) (citation omitted) (emphasis added).

2. Non-Internet Contacts

In deciding whether to exercise jurisdiction over a cause of action arising from a defendant’s

operation of a web site, a court may consider the defendant’s related non-Internet activities

as part of the “purposeful availment” calculus. One case that relies on non-Internet contacts

for the exercise of jurisdiction—a case Toys repeatedly cites—is Euromarket Designs, Inc. v.

Crate and Barrel Ltd., 96 F. Supp. 2d 824 (N.D. Ill. 2000). In Euromarket, the court

35.

exercised jurisdiction over an Irish manufacturer based on its commercially interactive web

site, even though the products purchased through the web site could not be shipped to

Illinois. The court identified a number of non-Internet contacts between the defendant and

Illinois, including the fact that the defendant’s vendors included Illinois suppliers, its

attendance at trade shows in Illinois, and its advertisement in publications that circulate in

the United States (albeit originating outside). The Euromarket court also relied on the fact

that the defendant billed Illinois customers, collected revenues from Illinois customers, and

recorded sales from goods ordered from Illinois, and that the web site was designed to

accommodate addresses in the United States.

Thus far, Toys has not shown that Step Two maintained the type of contacts that supported

jurisdiction in Euromarket—i.e., that the defendant intentionally and knowingly transacted

business with residents of the forum state, and had significant other contacts with the

forum besides those generated by its web site. This limited record does not provide an

occasion for us to spell out the exact mix of Internet and non-Internet contacts required to

support an exercise of personal jurisdiction. That determination should be made on a case-

by-case basis by assessing the “nature and quality” of the contacts. However, non-internet

contacts such as serial business trips to the forum state, telephone and fax communications

directed to the forum state, purchase contracts with forum state residents, contracts that

apply the law of the forum state, and advertisements in local newspapers, may form part of

the “something more” needed to establish personal jurisdiction. It is noteworthy that the

Supreme Court in Burger King Corp., when expounding on the “minimum contacts”

requirement, referred generally to a defendant’s “activities” in the forum state—a term that

includes the aforementioned non-Internet contacts.

3. Personal Jurisdiction over Step Two

As Zippo and the Courts of Appeals decisions indicate, the mere operation of a

commercially interactive web site should not subject the operator to jurisdiction anywhere

in the world. Rather, there must be evidence that the defendant “purposefully availed”

itself of conducting activity in the forum state, by directly targeting its web site to the state,

knowingly interacting with residents of the forum state via its web site, or through

sufficient other related contacts.

Based on the facts established in this case thus far, Toys has failed to satisfy the purposeful

availment requirement. Step Two’s web sites, while commercial and interactive, do not

appear to have been designed or intended to reach customers in New Jersey. Step Two’s

web sites are entirely in Spanish; prices for its merchandise are in pesetas or Euros, and

merchandise can be shipped only to addresses within Spain. Most important, none of the

portions of Step Two’s web sites are designed to accommodate addresses within the United

States. While it is possible to join Club Imaginarium and receive newsletters with only an

email address, Step Two asks registrants to indicate their residence using fields that are

not designed for addresses in the United States.

Moreover, the record may not now support a finding that Step Two knowingly conducted

business with residents of New Jersey. The only documented sales to persons in the United

36.

States are the two contacts orchestrated by Toys, and it appears that Step Two scarcely

recognized that sales with U.S. residents had been consummated.5

At best, Toys has presented only inconclusive circumstantial evidence to suggest that Step

Two targeted its web site to New Jersey residents, or that it purposefully availed itself of

any effort to conduct activity in New Jersey. Many of the grounds for jurisdiction that Toys

advanced below have been deemed insufficient by the courts. First, the two documented

sales appear to be the kind of “fortuitous,” “random,” and “attenuated” contacts that the

Supreme Court has held insufficient to warrant the exercise of jurisdiction. As for the

electronic newsletters and other email correspondence, “telephone communication or mail

sent by a defendant [do] not trigger personal jurisdiction if they ‘do not show purposeful

availment.’” The court in Barrett found that the exchange of three emails between the

plaintiff and defendant regarding the contents of the defendant’s web site, without more,

did not “amount to the level of purposeful targeting required under the minimum contacts

analysis.” Non-Internet contacts, such as Mr. Tena’s visits to New York and the

relationships with U.S. vendors, have not been explored sufficiently to determine whether

they are related to Toys’ cause of action, or whether they reflect “purposeful availment.”

Absent further evidence showing purposeful availment, Toys cannot establish specific

jurisdiction over Step Two.6 However, any information regarding Step Two’s intent vis-a-vis

its Internet business and regarding other related contacts is known by Step Two, and can

be learned by Toys only through discovery. The District Court’s denial of jurisdictional

discovery is thus a critical issue, insofar as it may have prevented Toys from obtaining the

information needed to establish personal jurisdiction. We next turn to whether the District

Court properly denied Toys’ request for jurisdictional discovery.

B. Jurisdictional Discovery…

Toys requested jurisdictional discovery for the purpose of establishing either specific

personal jurisdiction, or jurisdiction under the federal long-arm statute, Fed. R. Civ. P.

5 Toys argues that Step Two was aware that it was conducting business with New Jersey residents. In

particular, Toys points to the email correspondence between Mr. Luis M. Lopez and a representative of Step

Two regarding Mr. Lopez’s overpayment. Mr. Lopez requested that the difference be mailed to his home address

in “South Orange, NJ 07079,” but did not spell out “New Jersey” or specify that he resided in the United States.

The Step Two representative, apparently uncertain about the address, sent a reply stating “I have received your

address and as far as I can see, it is pretty far from here (we are in Zaragoza). I would appreciate your giving me

more information on the address so that I can be sure that it will arrive.” Mr. Lopez’s response to this

message—if he sent one—is not included in the record. Although Step Two ultimately learned that Mr. Lopez is

a United States resident, a trier of fact could reasonably find from the correspondence that the company did not

contemplate that sales would occur with U.S.-based purchasers. 6 As an alternative to the “minimum contacts” analysis for specific jurisdiction, Toys argues that jurisdiction

over Step Two may be based on the “effects” test. Following the lead of the Supreme Court in Calder v. Jones,

465 U.S. 783, 788-89 (1984), the Third Circuit has held that personal jurisdiction may, under certain

circumstances, be based on the effects in the forum state of a defendant’s tortious actions elsewhere. One of the

Third Circuit’s requirements is that the “defendant expressly aimed his tortious conduct at the forum....”

Even assuming that Step Two’s registration of the Imaginarium domain names and its operation of web

sites under that name bring about an injury to Toys in New Jersey (its corporate headquarters), Toys has failed

to establish that Step Two engaged in intentionally tortious conduct expressly aimed at New Jersey. In the

present case, this intentionality requirement is the key missing component for jurisdiction under either the

“minimum contacts” analysis or the “effects” test.

37.

4(k)(2).7 The District Court denied Toys’ request, explaining that “the clear focus of the

Court is directed, as it should be, to the web site[,] [a]nd to the activity of the defendants

related to that web site, which is making sales here, ...” The court added that “the apparent

contradictions, if such there will be in the Tena affidavit, [and] what else Mr. Tena might

have been doing here, just have no relationship to where the eye is directed and should stay

and that is, the web site activities of this defendant.”

We are persuaded that the District Court erred when it denied Toys’ request for

jurisdictional discovery. The court’s unwavering focus on the web site precluded

consideration of other Internet and non-Internet contacts—indicated in various parts of the

record—which, if explored, might provide the “something more” needed to bring Step Two

within our jurisdiction. Although the plaintiff bears the burden of demonstrating facts that

support personal jurisdiction, courts are to assist the plaintiff by allowing jurisdictional

discovery unless the plaintiff’s claim is “clearly frivolous.” If a plaintiff presents factual

allegations that suggest “with reasonable particularity” the possible existence of the

requisite “contacts between [the party] and the forum state,” the plaintiff’s right to conduct

jurisdictional discovery should be sustained.

Where the plaintiff has made this required threshold showing, courts within this Circuit

have sustained the right to conduct discovery before the district court dismisses for lack of

personal jurisdiction. Here, instead of adopting a deferential approach to Toys’ request for

discovery, the District Court appears to have focused entirely on the web site, thereby

preventing further inquiry into non-Internet contacts.

The record before the District Court contained sufficient non-frivolous allegations (and

admissions) to support the request for jurisdictional discovery. First, Toys’ complaint

alleges that Step Two has “completely copied the IMAGINARIUM concept” from Toys. For

example, Toys alleges that “the mix of toys sold by Step Two is identical to the mix of toys

sold by Toys under the IMAGINARIUM mark,” and that “Step Two continues to copy Toys’

marketing developments and Intellectual property.” Underlying Toys’ complaint is its

concern that Step Two is “attempt[ing] to expand [its] business throughout the world

including the United States by operating international web sites that offer goods similar to

the goods offered in Toy’s [sic] IMAGINARIUM stores.” Step Two’s intent, according to

Toys, is to “capitalize for [its] own pecuniary gain on the goodwill and excellent reputation

of Toys....”

It is well established that in deciding a motion to dismiss for lack of jurisdiction, a court is

required to accept the plaintiff’s allegations as true, and is to construe disputed facts in

favor of the plaintiff. Given the allegations as to Step Two’s mimicry of Toys’ ventures on

the Internet and its copy-cat marketing efforts, it would be reasonable to allow more

detailed discovery into Step Two’s business plans for purchases, sales, and marketing.

Limited discovery relating to these matters would shed light on the extent, if any, Step

Two’s business activity—including, but not limited to, its web site—were aimed towards the

7 The federal long-arm statute sanctions personal jurisdiction over foreign defendants for claims arising under

federal law when the defendant has sufficient contacts with the nation as a whole to justify the imposition of

U.S. law, but without sufficient contacts to satisfy the due process concerns of the long-arm statute of any

particular state.

38.

United States. This information, known only to Step Two, would speak to an essential

element of the personal jurisdiction calculus.

Other aspects of the record should have also alerted the District Court to the possible

existence of the “something else” needed to exercise personal jurisdiction. For example, Step

Two concedes that a portion of the merchandise sold through its Imaginarium stores and

web sites are purchased from U.S. vendors, and that Mr. Tena attends the New York Toy

Fair each year. Further discovery into the vendor relationships and Mr. Tena’s activities

here, if any, may shed light on Step Two’s intentions with respect to the U.S. market, or the

extent of its business contacts in the United States. Discovery might also reveal whether

these non-Internet contacts directly facilitate Step Two’s alleged exploitation of Toys’

marketing techniques by providing it with a supply of items identical to Toys’ inventory to

sell on its web sites.

The two documented sales to residents of New Jersey—and the subsequent emails sent

from Step Two to the two purchasers—also speak “with reasonable particularity” to the

possible existence of contacts needed to support jurisdiction. Although affiliates of Toys

orchestrated the two sales, Mr. Tena’s conflicting affidavits raise the possibility that

additional sales to U.S. residents may have been conducted via the web sites. The need for

additional discovery regarding sales is further underscored by the parties’ uncertainty as to

whether the residence of purchasers can be determined from their credit card number or

through some other electronic means.8

Counsel for Toys mentioned some of these contacts when it explained to the District Court

why it should be allowed jurisdictional discovery:

Mr. Tena states in his affidavit that he has substantial regular and

systematic contacts with the United States, [and] he attends trade shows. He

purchases from vendors in the United States. I think at the very least, Your

Honor, we should be able to inquire into what these substantial and

continuing contacts are. Because apparently he buys a lot of the toys that he

resells from U.S. vendors, because the ones that we have got were in English

that we would be permitted to take discovery on that aspect. To determine

whether or not ... he has made more sales within the State of New Jersey and

in the United States as a whole, as far as accepting orders from United States

residents. And/or whether there’s a basis for general jurisdiction under Rule

4(k)(2), because of his regular and systematic contacts with the United

States. Apparently a lot of his toys are obtained through United States

vendors.

Toys’ request for jurisdictional discovery was specific, non-frivolous, and a logical follow-up

based on the information known to Toys. The District Court erred by denying this

8 In its brief on appeal, Step Two contends that Toys should not be allowed discovery because there is simply no

basis for believing that there are any other contacts to find and, moreover, seeking discovery about other web

site-generated contacts would be futile as Step Two does not keep track of billing addresses or the physical

location of its email correspondents. At oral argument, however, counsel for Toys suggested there are means by

which an individual’s residence can be determined from a credit card number. Toys also suggests, in its brief on

appeal, that the residence of on-line purchasers may be determined from the phone number that purchasers are

required to input. These possibilities can be explored through discovery.

39.

reasonable request. Toys should be allowed jurisdictional discovery, on the limited issue of

Step Two’s business activities in the United States, including business plans, marketing

strategies, sales, and other commercial interactions. Although Step Two does not appear to

have widespread contacts with the United States, this limited discovery will also help

determine whether jurisdiction exists under the federal long-arm statute. Accordingly, on

remand, the District Court should consider whether any newly discovered facts will support

jurisdiction under traditional jurisdictional analysis, or under Rule 4(k)(2)….

NOTES AND QUESTIONS

Enforceability. If Toys ‘R’ Us won the lawsuit and the court awarded Toys ‘R’ Us every

remedy it requested, how would Toys ‘R’ Us enforce that judgment?

The Effects Test. Calder v. Jones, 465 U.S. 783 (1984), held that a California celebrity

(Shirley Jones, the Partridge Family’s mom) could sue a Florida publication in California

because its allegedly defamatory article harmed her in California, where a lot of the

entertainment industry is located. This ruling gave rise to what’s called the “Effects Test,”

which suggests personal jurisdiction is appropriate when a defendant expressly aims

intentional tortious actions at the forum state.

Although plaintiffs frequently invoke the Effects Test when suing over intentional torts

online, a plaintiff still must show that the defendant was trying to communicate with the

forum state. As Burdick v. Superior Court, 233 Cal. App. 4th 8 (Cal. App. Ct. 2015)

explains:

We hold that posting defamatory statements about a person on a Facebook

page, while knowing that person resides in the forum state, is insufficient in

itself to create the minimum contacts necessary to support specific personal

jurisdiction in a lawsuit arising out of that posting. Instead, it is necessary

that the nonresident defendant not only intentionally post the statements on

the Facebook page, but that the defendant expressly aim or specifically direct

his or her intentional conduct at the forum, rather than at a plaintiff who

lives there. We emphasize the exercise of personal jurisdiction must be based

upon forum-related acts that were personally committed by the nonresident

defendant, not upon the plaintiff’s contacts with the forum or acts committed

by codefendants or third parties.

Supreme Court jurisprudence over the past decade has made it harder to establish personal

jurisdiction over non-resident defendants, especially via the Effects Test.

Denouement. After the Third Circuit’s ruling, the case settled without a further substantive

ruling. Shortly thereafter, Toys ‘R’ Us shut down its standalone Imaginarium stores,

integrated the brand into Toys ‘R’ Us stores, and progressively wound down the retail

brand. In 2018, Toys ‘R’ Us shut down entirely.

Meanwhile, the European Imaginarium chain has expanded substantially. It generates

over €100M/year in revenues and has retail stores throughout Europe and beyond. See

http://www.imaginarium.info/:

40.

[screenshot from 2017]

41.

Illinois v. Hemi Group LLC, 622 F.3d 754 (7th Cir. 2010)

The state of Illinois sued Hemi Group LLC for selling cigarettes to Illinois residents in

violation of state laws and for failing to report those sales in violation of federal law. The

district court denied Hemi’s motion to dismiss for lack of personal jurisdiction, finding that

the Internet transactions sufficed to establish personal jurisdiction over Hemi in Illinois.

We affirm….

[Screenshot from 2011]

1. Minimum Contacts

We find that Hemi’s contacts with Illinois were sufficient to satisfy due process. Hemi

maintained commercial websites through which customers could purchase cigarettes,

calculate their shipping charges using their zip codes, and create accounts. Hemi stated

that it would ship to any state in the country except New York. This statement is important

for two reasons. First, Hemi expressly elected to do business with the residents of forty-nine

states. Although listing all forty-nine states by name would have made a stronger case for

jurisdiction in this case, inasmuch as it would have expressly stated that Hemi wanted to

do business with Illinois residents, the net result is the same—Hemi stood ready and

willing to do business with Illinois residents. And Hemi, in fact, knowingly did do business

with Illinois residents. In light of this, Hemi’s argument that it did not purposefully avail

itself of doing business in Illinois rings particularly hollow.

Second, the fact that Hemi excluded New York residents from its customer pool shows both

that Hemi knew that conducting business with residents of a particular state could subject

42.

it to jurisdiction there and also that it knew how to protect itself from being haled into court

in any particular state….

Hemi argues that its sales to customers, specifically the sales to the special agent of the

Illinois Department of Revenue, cannot constitute the required minimum contacts because

the purchases were unilateral actions by the customers. Characterizing the sales as

unilateral is misleading, however, because it ignores several of Hemi’s own actions that led

up to and followed the sales. Hemi created several commercial, interactive websites through

which customers could purchase cigarettes from Hemi. Hemi held itself out as open to do

business with every state (including Illinois) except New York. After the customers made

their purchases online, Hemi shipped the cigarettes to their various destinations. It is Hemi

reaching out to residents of Illinois, and not the residents reaching back, that creates the

sufficient minimum contacts with Illinois that justify exercising personal jurisdiction over

Hemi in Illinois.

We wish to point out that we have done the entire minimum contacts analysis without

resorting to the sliding scale approach first developed in Zippo Mfg. Co. v. Zippo Dot Com,

Inc., 952 F. Supp. 1119, 1124 (W.D. Pa. 1997). This was not by mistake. Although several

other circuits have explicitly adopted the sliding scale approach, our court has expressly

declined to do so.… Long before the Internet became a medium for defamation, the

Supreme Court in Calder v. Jones, 465 U.S. 783 (1984), had decided the relevant

jurisdictional standard for intentional torts that cross state lines. We concluded that “the

principles articulated [in Calder] can be applied to cases involving tortious conduct

committed over the Internet.”

We reach the same conclusion here. Zippo’s sliding scale was always just short-hand for

determining whether a defendant had established sufficient minimum contacts with a

forum to justify exercising personal jurisdiction over him in the forum state. But we think

that the traditional due process inquiry described earlier is not so difficult to apply to cases

involving Internet contacts that courts need some sort of easier-to-apply categorical test….

3. Fairness…

We conclude that exercising jurisdiction over Hemi in Illinois is fair. Hemi set up an

expansive, sophisticated commercial venture online. It held itself out to conduct business

nationwide and was apparently successful in reaching customers across the country. It was

savvy enough to at least try to limit its exposure to lawsuits in states in which it felt that

the upside of doing business was outweighed by the risk of litigation. Hemi wants to have

its cake and eat it, too: it wants the benefit of a nationwide business model with none of the

exposure. There is nothing constitutionally unfair about allowing Illinois, a state with

which Hemi has had sufficient minimum contacts, to exercise personal jurisdiction over

Hemi.

To be sure, defending against a lawsuit in Illinois may prove to be a burden on Hemi, whose

physical business operations are located entirely in New Mexico. However, Illinois courts

have a strong interest in providing a forum to resolve a dispute involving the state itself,

and it would be most convenient to the state of Illinois (and likely New Mexico) to

adjudicate a dispute based on Illinois law in Illinois courts. None of the other relevant

factors weighs conclusively in Hemi’s favor….

43.

We note the legitimate concern that “[p]remising personal jurisdiction on the maintenance

of a website, without requiring some level of ‘interactivity’ between the defendant and

consumers in the forum state, would create almost universal personal jurisdiction because

of the virtually unlimited accessibility of websites across the country.” Courts should be

careful in resolving questions about personal jurisdiction involving online contacts to

ensure that a defendant is not haled into court simply because the defendant owns or

operates a website that is accessible in the forum state, even if that site is “interactive.”

Here, we affirm the district court’s conclusion that Hemi is subject to personal jurisdiction

in Illinois, not merely because it operated several “interactive” websites, but because Hemi

had sufficient voluntary contacts with the state of Illinois. We make no comment on

whether Hemi may be subject to personal jurisdiction in any other state….

NOTES AND QUESTIONS

Denouement. In 2011, the parties entered into a stipulated judgment. Hemi confirmed it

stopped selling cigarettes to Illinois consumers in 2008 and won’t reenter the Illinois

market without permission. Hemi also turned over the names and addresses of all of its

Illinois buyers, presumably so the state could collect the applicable taxes directly from

them.

The Demise of the Zippo Test. Despite its ubiquity, the Zippo test has not aged well. See,

e.g., Kindig It Design, Inc. v. Creative Controls, Inc., 157 F. Supp. 3d 1167 (D. Utah. 2016):

Given the exponential growth in the number of interactive websites, the

Zippo approach—which would remove personal jurisdiction’s geographical

limitations based on the mere existence of those websites—is particularly

troubling. And the problem would grow more acute every year as more

individuals and businesses create interactive websites.

This court is not alone in its criticism of the Zippo sliding scale as a

replacement for traditional personal jurisdiction analysis. The Second Circuit

has cautioned that the Zippo sliding scale “does not amount to a separate

framework for analyzing internet-based jurisdiction.” Rather, “traditional

statutory and constitutional principles remain the touchstone of the inquiry.”

The traditional tests are readily adaptable to the digital age, just as they

were to technological advances like the telegraph, radio, television, and

telephone. Indeed, the telephone provides an apt analogy. Although a

company may have a public telephone number that can be dialed from every

state, it is not necessarily subject to personal jurisdiction in every state.

Rather, personal jurisdiction rising from telephonic contacts can only be

based on actual phone calls. Similarly, personal jurisdiction arising from an

interactive website should only be based on actual use of the site by forum

residents.

In summary, this court finds Zippo to be unpersuasive. The traditional tests

for personal jurisdiction are readily applicable to internet-based conduct and

are therefore controlling under Federal Circuit law.

44.

Zippo is still highly cited, but it is dubious precedent. In addition to courts that have

expressly rejected it, like the Hemi and Kindig cases, many other courts have rejected it sub

silento. You should favorably cite the Zippo precedent with extreme caution.

Geotargeting Ads. Advertisers may be willing to pay a premium to deliver ads that are

targeted based on the consumer’s location. If a website or app offers this option—directly or

through a third-party ad network—it’s probable that courts will count this functionality

against it in any personal jurisdiction analysis. See UMG Recordings v. Kurbanov, 2020 WL

3476993 (4th Cir. June 26, 2020); see also Ligue Contre le Racisme et L'Antisémitisme v.

Yahoo! Inc. (LICRA c. Yahoo!), No RG:00/0538 (Tribunal de Grande Instance de Paris Nov.

22, 2000).

CHAPTER 2 REVIEW QUESTION #1

Accessing the Internet from his home, Joe Consumer books a cruise via the cruise line’s

website. The cruise line is headquartered in a different state and has no physical operations

in Joe’s home state. In order to book the cruise, Joe must provide his home address. During

the cruise, Joe suffers a personal injury from a slip-and-fall. Joe wants to sue the cruise line

for negligence in his home court. Based solely on these facts, which legal principle supports

personal jurisdiction over the cruise line in Joe’s home court?

a) General jurisdiction

b) Specific jurisdiction due to “minimum contacts”

c) Specific jurisdiction due to the “Effects Test”

d) In rem jurisdiction

e) There’s no personal jurisdiction

45.

III. Contracts

How many online contracts have you agreed to? The number is probably in the thousands.

Yet, do you know what you agreed to in these thousands of contracts?

(used with permission of the Doghouse Diaries, http://www.thedoghousediaries.com/)

Most users—including probably you—never read online contracts, wouldn’t understand

them even if they read them, and would likely object to at least some of the terms if they

understood them. The fact that people have no idea of the terms has spurred a range of

Easter Egg provisions, such as: provisions for the consequences of zombie attack (Amazon

AWS; Mailchimp); a chocolate cake recipe (Peacock TV); cash rewards to the first person to

notice the Easter Egg provision (Squaremouth--$10,000; PC Pitstop--$1,000); a commitment

to perform 1,000 hours of community service (Purple Wi-Fi); a provision to assign the user’s

first born child “for the duration of eternity” (F-Secure Wi-Fi); and a remedy for breach that

“a leather-winged demon of the night will tear itself, shrieking blood and fury, from the

endless caverns of the nether world, hurl itself into the darkness with a thirst for blood on

its slavering fangs and search the very threads of time for the throbbing of your heartbeat”

(Alchemy Mindworks).

Yet, despite the manifest problems with knowledge and consent, users routinely are legally

bound to online contracts if the formation process satisfies certain formalities. Hundreds of

cases have upheld online contract formation.

46.

In the next case, the court upholds Uber’s contract formation. This is good news for Uber.

Still, would you have done anything differently if you were Uber’s counsel? The court bases

its ruling on consumer expectations in mobile environments. What evidence does the court

cite to support its characterizations of consumer expectations?

Meyer v. Uber Technologies, Inc., 868 F.3d 66 (2d Cir. 2017).

Chin, Circuit Judge.

…BACKGROUND

A. The Facts

The facts are undisputed and are summarized as follows:

Uber offers a software application for smartphones (the “Uber App”) that allows riders to

request rides from third‐party drivers. On October 18, 2014, Meyer registered for an Uber account with the Uber App on a Samsung Galaxy S5 phone running an Android operating

system. After registering, Meyer took ten rides with Uber drivers in New York,

Connecticut, Washington, D.C., and Paris.

In support of its motion to compel arbitration, Uber submitted a declaration from Senior

Software Engineer Vincent Mi, in which Mi represented that Uber maintained records of

when and how its users registered for the service and that, from his review of those records,

Mi was able to identify the dates and methods by which Meyer registered for a user

account. Attached to the declaration were screenshots of the two screens that a user

registering in October 2014 with an Android‐operated smartphone would have seen during the registration process.

The first screen, at which the user arrives after downloading the application and clicking a

button marked “Register,” is labeled “Register” and includes fields for the user to enter his

or her name, email address, phone number, and a password (the “Registration Screen”).

The Registration Screen also offers the user the option to register via a Google+* or

Facebook account. According to Uber’s records, Meyer did not sign up using either Google+

or Facebook and would have had to enter manually his personal information.

* [Editor’s note: Google+ was Google’s social networking system, with features similar to Facebook or LinkedIn.

Google shut down Google+ in 2019.]

47.

After completing the information on the Registration Screen and clicking “Next,” the user

advances to a second screen labeled “Payment” (the “Payment Screen”), on which the user

can enter credit card details or elect to make payments using PayPal or Google Wallet,

third‐party payment services. According to Uberʹs records, Meyer entered his credit card information to pay for rides. To complete the process, the prospective user must click the

button marked “REGISTER” in the middle of the Payment Screen.

Below the input fields and buttons on the Payment Screen is black text advising users

that “[b]y creating an Uber account, you agree to the TERMS OF SERVICE & PRIVACY

POLICY.” The capitalized phrase, which is bright blue and underlined, was a hyperlink

that, when clicked, took the user to a third screen containing a button that, in turn, when

clicked, would then display the current version of both Uber’s Terms of Service and Privacy

Policy.

Meyer recalls entering his contact information and credit card details before registering,

but does not recall seeing or following the hyperlink to the Terms and Conditions. He

declares that he did not read the Terms and Conditions, including the arbitration provision.

48.

When Meyer registered for an account, the Terms of Service contained the following

mandatory arbitration clause:

Dispute Resolution

You and Company agree that any dispute, claim or controversy arising out of

or relating to this Agreement or the breach, termination, enforcement,

interpretation or validity thereof or the use of the Service or Application

(collectively, “Disputes”) will be settled by binding arbitration, except that

each party retains the right to bring an individual action in small claims

court and the right to seek injunctive or other equitable relief in a court of

competent jurisdiction to prevent the actual or threatened infringement,

misappropriation or violation of a party’s copyrights, trademarks, trade

secrets, patents or other intellectual property rights. You acknowledge and

agree that you and Company are each waiving the right to a trial by

jury or to participate as a plaintiff or class User in any purported

class action or representative proceeding. Further, unless both you and

Company otherwise agree in writing, the arbitrator may not consolidate more

than one person’s claims, and may not otherwise preside over any form of

any class or representative proceeding. If this specific paragraph is held

unenforceable, then the entirety of this “Dispute Resolution” section will be

deemed void. Except as provided in the preceding sentence, this “Dispute

Resolution” section will survive any termination of this Agreement.

The Terms of Service further provided that the American Arbitration Association (“AAA”)

would hear any dispute, and that the AAA Commercial Arbitration Rules would govern any

arbitration proceeding….

2. State Contract Law…

To form a contract, there must be “[m]utual manifestation of assent, whether by written or

spoken word or by conduct.” California law is clear, however, that ”an offeree, regardless of

apparent manifestation of his consent, is not bound by inconspicuous contractual provisions

of which he is unaware, contained in a document whose contractual nature is not obvious.”

“Thus, California contract law measures assent by an objective standard that takes into

account both what the offeree said, wrote, or did and the transactional context in which the

offeree verbalized or acted.”

Where there is no evidence that the offeree had actual notice of the terms of the agreement,

the offeree will still be bound by the agreement if a reasonably prudent user would be on

inquiry notice of the terms. Whether a reasonably prudent user would be on inquiry notice

turns on the “[c]larity and conspicuousness of arbitration terms”; in the context of web‐ based contracts, as discussed further below, clarity and conspicuousness are a function of

the design and content of the relevant interface.

Thus, only if the undisputed facts establish that there is “[r]easonably conspicuous notice of

the existence of contract terms and unambiguous manifestation of assent to those

terms” will we find that a contract has been formed.

49.

3. Web‐based Contracts “While new commerce on the Internet has exposed courts to many new situations, it has not

fundamentally changed the principles of contract.” Register.com, Inc. v. Verio, Inc., 356

F.3d 393, 403 (2d Cir. 2004). “Courts around the country have recognized that [an]

electronic ‘click’ can suffice to signify the acceptance of a contract,” and that “[t]here is

nothing automatically offensive about such agreements, as long as the layout and language

of the site give the user reasonable notice that a click will manifest assent to an

agreement.” Sgouros v. TransUnion Corp., 817 F.3d 1029, 1033‐34 (7th Cir. 2016).

With these principles in mind, one way in which we have previously distinguished web‐ based contracts is the manner in which the user manifests assent ‐ namely, “clickwrap” (or “click‐through”) agreements, which require users to click an “I agree” box after being presented with a list of terms and conditions of use, or “browsewrap” agreements, which

generally post terms and conditions on a website via a hyperlink at the bottom of the

screen.7 Courts routinely uphold clickwrap agreements for the principal reason that the

user has affirmatively assented to the terms of agreement by clicking “I agree.”

Browsewrap agreements, on the other hand, do not require the user to expressly assent.

“Because no affirmative action is required by the website user to agree to the terms of a

contract other than his or her use of the website, the determination of the validity of the

browsewrap contract depends on whether the user has actual or constructive knowledge of

a website’s terms and conditions.”

Of course, there are infinite ways to design a website or smartphone application, and not all

interfaces fit neatly into the clickwrap or browsewrap categories. Some online agreements

require the user to scroll through the terms before the user can indicate his or her assent by

clicking “I agree.” See Berkson v. Gogo LLC, 97 F. Supp. 3d 359, 386, 398 (E.D.N.Y. 2015)

(terming such agreements “scrollwraps”). Other agreements notify the user of the existence

of the website’s terms of use and, instead of providing an “I agree” button, advise the user

that he or she is agreeing to the terms of service when registering or signing up. Id. at

399 (describing such agreements as “sign‐in‐wraps”).

In the interface at issue in this case, a putative user is not required to assent explicitly to

the contract terms; instead, the user must click a button marked ”Register,” underneath

which the screen states ”By creating an Uber account, you agree to the TERMS OF

SERVICE & PRIVACY POLICY,” with hyperlinks to the Terms of Service and Privacy

Policy. We were first presented with a similar agreement in Schnabel, but the plaintiffs had

not preserved the issue of whether they were on inquiry notice of the arbitration provision

by a “terms and conditions” hyperlink on an enrollment form available before enrollment.

Most recently in Nicosia, we held that reasonable minds could disagree regarding the

sufficiency of notice provided to Amazon.com customers when placing an order through the

website.8…

7 This nomenclature derives from so‐called “shrinkwrap” licenses, in which a software consumer arguably assents to the license terms contained inside after breaking the shrinkwrap seal and using the enclosed

software. 8 In Nicosia, the Amazon website stated on the left side of the page: “By placing your order, you agree to

Amazon.com’s privacy notice and conditions of use,” with the latter phrases hyperlinked to the terms and

conditions. The user placed an order by clicking on a “Place your order” button on a different part of the page.

50.

Classification of web‐based contracts alone, however, does not resolve the notice inquiry. Insofar as it turns on the reasonableness of notice, the enforceability of a web‐based agreement is clearly a fact‐intensive inquiry. Nonetheless, on a motion to compel arbitration, we may determine that an agreement to arbitrate exists where the notice of the

arbitration provision was reasonably conspicuous and manifestation of assent unambiguous

as a matter of law.

B. Application

Meyer attests that he was not on actual notice of the hyperlink to the Terms of Service or

the arbitration provision itself, and defendants do not point to evidence from which a jury

could infer otherwise. Accordingly, we must consider whether Meyer was on inquiry notice

of the arbitration provision by virtue of the hyperlink to the Terms of Service on the

Payment Screen and, thus, manifested his assent to the agreement by clicking ”Register.”…

1. Reasonably conspicuous notice

In considering the question of reasonable conspicuousness, precedent and basic principles of

contract law instruct that we consider the perspective of a reasonably prudent smartphone

user. See Schnabel, 697 F.3d at 124 (“[T]he touchstone of the analysis is whether

reasonable people in the position of the parties would have known about the terms and the

conduct that would be required to assent to them.”). “[M]odern cell phones . . . are now such

a pervasive and insistent part of daily life that the proverbial visitor from Mars might

conclude they were an important feature of human anatomy.” Riley v. California, 134 S. Ct.

2473, 2484 (2014). As of 2015, nearly two‐thirds of American adults owned a smartphone, a figure that has almost doubled since 2011. Consumers use their smartphones for, among

other things, following the news, shopping, social networking, online banking, researching

health conditions, and taking classes. In a 2015 study, approximately 89 percent of

smartphone users surveyed reported using the internet on their smartphones over the

course of the week‐long study period. A purchaser of a new smartphone has his or her choice of features, including operating systems, storage capacity, and screen size.

Smartphone users engage in these activities through mobile applications, or “apps,” like the

Uber App. To begin using an app, the consumers need to locate and download the app, often

from an application store. Many apps then require potential users to sign up for an account

to access the app’s services. Accordingly, when considering the perspective of a reasonable

smartphone user, we need not presume that the user has never before encountered an app

or entered into a contract using a smartphone. Moreover, a reasonably prudent smartphone

user knows that text that is highlighted in blue and underlined is hyperlinked to another

webpage where additional information will be found.

Turning to the interface at issue in this case, we conclude that the design of the screen and

language used render the notice provided reasonable as a matter of California law. The

Payment Screen is uncluttered, with only fields for the user to enter his or her credit card

details, buttons to register for a user account or to connect the user’s pre‐existing PayPal account or Google Wallet to the Uber account, and the warning that “By creating an Uber

account, you agree to the TERMS OF SERVICE & PRIVACY POLICY.” The text, including

the hyperlinks to the Terms and Conditions and Privacy Policy, appears directly below the

buttons for registration. The entire screen is visible at once, and the user does not need to

scroll beyond what is immediately visible to find notice of the Terms of Service. Although

the sentence is in a small font, the dark print contrasts with the bright white background,

51.

and the hyperlinks are in blue and underlined. This presentation differs sharply from the

screen we considered in Nicosia, which contained, among other things, summaries of the

user’s purchase and delivery information, “between fifteen and twenty‐five links,” ”text . . . in at least four font sizes and six colors,” and several buttons and advertisements.

Furthermore, the notice of the terms and conditions in Nicosia was “not directly

adjacent” to the button intended to manifest assent to the terms, unlike the text and button

at issue here.

In addition to being spatially coupled with the mechanism for manifesting assent -- i.e., the

register button ‐‐ the notice is temporally coupled. As we observed in Schnabel, inasmuch as consumers are regularly and frequently confronted with non‐negotiable contract terms, particularly when entering into transactions using the Internet, the presentation of these

terms at a place and time that the consumer will associate with the initial purchase or

enrollment, or the use of, the goods or services from which the recipient benefits at least

indicates to the consumer that he or she is taking such goods or employing such services

subject to additional terms and conditions that may one day affect him or her. Here, notice

of the Terms of Service is provided simultaneously to enrollment, thereby connecting the

contractual terms to the services to which they apply. We think that a reasonably prudent

smartphone user would understand that the terms were connected to the creation of a user

account.

That the Terms of Service were available only by hyperlink does not preclude a

determination of reasonable notice. See Fteja, 841 F. Supp. 2d at 839 (“[C]licking [a]

hyperlinked phrase is the twenty‐first century equivalent of turning over the cruise ticket. In both cases, the consumer is prompted to examine terms of sale that are located

somewhere else.”). Moreover, the language “[b]y creating an Uber account, you agree” is a

clear prompt directing users to read the Terms and Conditions and signaling that their

acceptance of the benefit of registration would be subject to contractual terms. As long as

the hyperlinked text was itself reasonably conspicuous ‐‐ and we conclude that it was ‐‐ a reasonably prudent smartphone user would have constructive notice of the terms. While it

may be the case that many users will not bother reading the additional terms, that is the

choice the user makes; the user is still on inquiry notice.

Finally, we disagree with the district court’s determination that the location of the

arbitration clause within the Terms and Conditions was itself a “barrier to reasonable

notice.” In Sgouros, the Seventh Circuit determined that the defendant’s website actively

misled users by ”explicitly stating that a click on the button constituted assent for

TransUnion to obtain access to the purchaser’s personal information,” without saying

anything about ”contractual terms,” and without any indication that ”the same click

constituted acceptance of the Service Agreement.” The website did not contain a hyperlink

to the relevant agreement; instead, it had a scroll box that contained the entirety of the

agreement, only the first three lines of which were visible without scrolling, and it had no

prompt for the reader to scroll for additional terms. Here, there is nothing misleading.

Although the contract terms are lengthy and must be reached by a hyperlink, the

instructions are clear and reasonably conspicuous. Once a user clicks through to the Terms

of Service, the section heading (“Dispute Resolution”) and the sentence waiving the user’s

right to a jury trial on relevant claims are both bolded.

52.

Accordingly, we conclude that the Uber App provided reasonably conspicuous notice of the

Terms of Service as a matter of California law and turn to the question of whether Meyer

unambiguously manifested his assent to those terms.

2. Manifestation of assent

Although Meyer’s assent to arbitration was not express, we are convinced that it was

unambiguous in light of the objectively reasonable notice of the terms, as discussed in detail

above. See Register.com, 356 F.3d at 403 (“[R]egardless whether [a user] did or did not

say, ‘I agree’ . . . [the user’s] choice was either to accept the offer of contract, taking the

information subject to the terms of the offer, or, if the terms were not acceptable, to decline

to take the benefits.”); see also Schnabel, 697 F.3d at 128 (“[A]cceptance need not be

express, but where it is not, there must be evidence that the offeree knew or should have

known of the terms and understood that acceptance of the benefit would be construed by

the offeror as an agreement to be bound.”). As we described above, there is ample evidence

that a reasonable user would be on inquiry notice of the terms, and the spatial and

temporal coupling of the terms with the registration button ”indicate[d] to the consumer

that he or she is . . . employing such services subject to additional terms and conditions that

may one day affect him or her.” A reasonable user would know that by clicking the

registration button, he was agreeing to the terms and conditions accessible via the

hyperlink, whether he clicked on the hyperlink or not.

The fact that clicking the register button had two functions ‐‐ creation of a user account and assent to the Terms of Service ‐‐ does not render Meyer’s assent ambiguous. The registration process allowed Meyer to review the Terms of Service prior to registration,

unlike web platforms that provide notice of contract terms only after the user manifested

his or her assent. Furthermore, the text on the Payment Screen not only included a

hyperlink to the Terms of Service, but expressly warned the user that by creating an Uber

account, the user was agreeing to be bound by the linked terms. Although the warning text

used the term ”creat[e]” instead of ”register,” as the button was marked, the physical

proximity of the notice to the register button and the placement of the language in the

registration flow make clear to the user that the linked terms pertain to the action the user

is about to take.

The transactional context of the partiesʹ dealings reinforces our conclusion. Meyer located

and downloaded the Uber App, signed up for an account, and entered his credit card

information with the intention of entering into a forward‐looking relationship with Uber. The registration process clearly contemplated some sort of continuing relationship between

the putative user and Uber, one that would require some terms and conditions, and the

Payment Screen provided clear notice that there were terms that governed that

relationship.

Accordingly, we conclude on the undisputed facts of this case that Meyer unambiguously

manifested his assent to Uberʹs Terms of Service as a matter of California law….

53.

NOTES AND QUESTIONS

Nomenclature Note #1: The following terms are synonyms: user agreement, member

agreement, subscriber agreement, terms of use (TOU), terms of service (TOS), and EULA

(end user license agreement). The book uses these terms interchangeably. You’ll encounter

many other synonyms in the field.

Nomenclature Note #2: The “-Wrap” Taxonomy. The court describes five types of contract

formation processes:

Term Second Circuit’s Definition

“Shrinkwrap” “a software consumer arguably assents to the license terms contained

inside after breaking the shrinkwrap seal and using the enclosed

software”

“Browsewrap” “generally post terms and conditions on a website via a hyperlink at the

bottom of the screen”

“Clickwrap”/

“Clickthrough”

“require users to click an ‘I agree’ box after being presented with a list

of terms and conditions of use”

“Scrollwrap” “require the user to scroll through the terms before the user can

indicate his or her assent by clicking ‘I agree.’”

“Sign‐in‐ wraps”

“notify the user of the existence of the website’s terms of use and,

instead of providing an ‘I agree’ button, advise the user that he or she is

agreeing to the terms of service when registering or signing up”

In Nguyen v. Barnes & Noble Inc., 763 F.3d 1171 (9th Cir. 2014), the Ninth Circuit adopted

virtually identical definitions of “clickwrap” and “browsewrap,” but it did not define the

other three terms.

The –wrap terminology dates back to the days when software was sold in retail stores on

physical disks. Manufacturers shipped the disks in individual cardboard boxes and

shrinkwrapped the boxes with plastic. Often, the box would say something like “by

removing the plastic, you are agreeing to software license terms located inside the box.”

(For now, ignore the logic puzzle created by the plastic removal purportedly binding buyers

when they could not actually see the terms until they removed the plastic. Sometimes the

manufacturer avoided this conundrum by printing the terms on the box itself). Referring to

the plastic wrapping, these software license agreements became known as “shrinkwrap”

license terms.

As online contracts emerged, lawyers and judges analogized the user’s movement around a

website to the “unwrapping” of shrinkwrap contracts. This led to the development of the

terms “clickwrap” and “browsewrap.” The “scrollwrap” and “sign-in-wrap” terms came from

the Berkson case in 2015. Courts have adopted other –wrap terms as well. For example,

several courts have used the term “modified clickwrap,” and one court referred to a

“telephone-wrap.”

Unfortunately, the –wrap terminology, though ubiquitous, has numerous deficiencies.

54.

First, as is typically the case, the offline-to-online analogy does not work well. There is a

much greater intentionality and formality to the physical act of removing shrinkwrap

plastic compared to clicking around websites.

Second, because of the ill-fitting analogy and constant technological innovations, courts’

definitions of the “wrap” terms have been imprecise. The resulting gaps cause courts to

proliferate –wrap terms to characterize new facts that don’t clearly fit within prior defined

terms.

Third, and perhaps most importantly, the wrap taxonomy is not a good substitute for the

traditional contract analysis of determining whether each party has sufficiently manifested

assent. Thus, opinions often discuss the –wrap taxonomy in dicta and then proceed to

ignore the taxonomy and instead rely on a contract assent analysis using standard contract

analysis principles. The net result is that the –wrap nomenclature doesn’t help the court’s

analysis at all. See, e.g., Cullinane v. Uber Technologies, Inc., 893 F.3d 53 (1st Cir. 2018)

(“our analysis regarding the existence of an arbitration agreement is not affected by how we

categorize the online contract at issue here.”).

Look back at the Meyer opinion and see how the court taxonomized Uber’s contract using

the –wrap definitions it articulates. Why did the opinion discuss –wrap terminology in such

detail, only to not use it?

The nomenclature issue might sound academic, but it has had real-world effects. Before the

proliferation of –wrap terminology, clickthrough agreements generally were upheld. Now,

the Second Circuit’s taxonomy distinguishes “clickwraps” from “sign-in-wrap.” As a result,

online services are encouraged to require two clicks from users (first on a checkbox

indicating assent to the contract, then on another button to proceed to the next screen/page)

where one click used to suffice. Although the Meyer case only required one click, best

practices now probably require two clicks. See Scotti v. Tough Mudder Inc., 63 Misc.3d 843

(N.Y. Sup. Ct. 2019) (apparently requiring two clicks AND mandatory scrolling through the

terms).

NOTE: I advise students to skip the –wrap terminology altogether and use only the

following two terms: “clickthrough” and “not a contract.” My students may use “clickwrap”

or “browsewrap” on their exams only if it’s coupled with immediate mocking of the terms.

Mobile Devices May Be Different. Mobile devices create extra challenges for contract

formation. For example, because the device has a smaller screen size, the agreement text

may be smaller and harder for users to read. Also, lengthy agreements could unreasonably

require users to scroll through innumerable screens to read the whole agreement.

The “Reasonably Prudent Smartphone User.” The Meyer court says:

 “a reasonably prudent smartphone user knows that text that is highlighted in blue

and underlined is hyperlinked to another webpage where additional information will

be found”

 “a reasonably prudent smartphone user would understand that the terms were

connected to the creation of a user account”

55.

 “As long as the hyperlinked text was itself reasonably conspicuous ‐- and we conclude that it was ‐‐ a reasonably prudent smartphone user would have constructive notice of the terms”

 “A reasonable user would know that by clicking the registration button, he was

agreeing to the terms and conditions accessible via the hyperlink, whether he clicked

on the hyperlink or not.”

Based on your own personal experience, do you agree with this? What empirical evidence

would confirm (or refute) your intuition? Does the fact you’ve encountered similar online

contract processes dozens or hundreds of times before reinforce your intuition, or is it an

indicator of an industry-wide pathology in contract formation (or both)?

User Actions With Multiple Consequences. Design experts consider it suboptimal to design

an interface so that a single user action has multiple consequences. Doing so can surprise

the user with unexpected consequences or force them to accept an unwanted consequence

along with the desired outcome.

Nevertheless, the court says it’s immaterial that Uber’s “register” button had two

consequences, i.e., creating the account and assenting to the terms. This might explain the

increased judicial preference for two clicks, where the first click signifies assent to the

terms of service and the second click signifies assent to the desired outcome (such as

creating the online account).

Differences Between Online and Paper Contracts. Do consumers read or understand online

contracts differently that paper contracts, even if the contracts have the same substantive

content?

Research has repeatedly indicated that readers often retain information better if they read

it on paper than if they read the same content electronically. See Maia Szalavitz, Do E-

Books Make It Harder to Remember What You Just Read?, TIME, Mar. 14, 2012; Geoff

Kaufman & Mary Flanagan, High-Low Split: Divergent Cognitive Construal Levels

Triggered by Digital and Non-digital Platforms, Proceedings of the 2016 CHI Conference on

Human Factors in Computing Systems 2773-77 (2016) (“individuals who completed the

same information processing task on a digital mobile device (a tablet or laptop computer)

versus a non-digital platform (a physical print-out) exhibited a lower level of construal, one

prioritizing immediate, concrete details over abstract, decontextualized interpretations”);

Patricia A. Alexander and Lauren M. Singer, The Enduring Power of Print for Learning in

a Digital World, THE CONVERSATION, Oct. 17, 2017, https://theconversation.com/the-

enduring-power-of-print-for-learning-in-a-digital-world-84352 (online reading led to poorer

comprehension of specific details in documents over 1 page).

See also Ferris Jabr, The Reading Brain in the Digital Age: The Science of Paper Versus

Screens, SCI. AM., Apr. 11, 2013:

In most cases, paper books have more obvious topography than onscreen text.

An open paperback presents a reader with two clearly defined domains—the

left and right pages—and a total of eight corners with which to orient oneself.

A reader can focus on a single page of a paper book without losing sight of the

56.

whole text: one can see where the book begins and ends and where one page

is in relation to those borders. One can even feel the thickness of the pages

read in one hand and pages to be read in the other. Turning the pages of a

paper book is like leaving one footprint after another on the trail—there’s a

rhythm to it and a visible record of how far one has traveled. All these

features not only make text in a paper book easily navigable, they also make

it easier to form a coherent mental map of the text.

In contrast, most screens, e-readers, smartphones and tablets interfere with

intuitive navigation of a text and inhibit people from mapping the journey in

their minds. A reader of digital text might scroll through a seamless stream

of words, tap forward one page at a time or use the search function to

immediately locate a particular phrase—but it is difficult to see any one

passage in the context of the entire text….Although e-readers like the Kindle

and tablets like the iPad re-create pagination—sometimes complete with

page numbers, headers and illustrations—the screen only displays a single

virtual page: it is there and then it is gone.….

Other researchers have suggested that people comprehend less when they

read on a screen because screen-based reading is more physically and

mentally taxing than reading on paper. E-ink is easy on the eyes because it

reflects ambient light just like a paper book, but computer screens,

smartphones and tablets like the iPad shine light directly into people's faces.

Depending on the model of the device, glare, pixilation and flickers can also

tire the eyes. LCDs are certainly gentler on eyes than their predecessor,

cathode-ray tubes (CRT), but prolonged reading on glossy self-illuminated

screens can cause eyestrain, headaches and blurred vision….

An emerging collection of studies emphasizes that in addition to screens

possibly taxing people's attention more than paper, people do not always

bring as much mental effort to screens in the first place. Subconsciously,

many people may think of reading on a computer or tablet as a less serious

affair than reading on paper….

When reading on screens, people seem less inclined to engage in what

psychologists call metacognitive learning regulation—strategies such as

setting specific goals, rereading difficult sections and checking how much one

has understood along the way.

Do these data points provide justify Internet exceptionalism for online contracts? If so,

which direction—more or less favorable than the offline standards?

Does It Matter That Users Don’t Read the Contracts? Assume for a moment that less than

1% of any service’s users read the applicable terms of service. The Meyer court says: “While

it may be the case that many users will not bother reading the additional terms, that is the

choice the user makes; the user is still on inquiry notice.” Does that seem right? If a

“reasonably prudent smartphone user” won’t read the contract, does it make sense to

embrace the legal fiction that they “chose” not to do so? Does your answer change if one or

more of the following are true?

57.

 consumers would have to scroll through dozens of device screens to review the terms

of service

 it would take many minutes for a person to read the terms of service on a mobile

device

 most terms of service are written in sophisticated legalese that is above the reading

comprehension level of a “reasonably prudent smartphone user”

 consumers have no power to negotiate any changes to the terms of service

 most industry players offer similar anti-consumer terms, so an objecting consumer

isn’t likely to find better terms from a competitor.

Contracts With Children. If an online contract formation process is properly implemented

as a mandatory clickthrough, the online service doesn’t need to prove the identity of any

individual user that purportedly agreed to it. Every user had to go through the same

sequence of pages, and that sequence included a page where contract formation was

handled properly, so logic dictates that every user who completed that process has assented

to the contract regardless of their identity.

This logic breaks down if the user has a legally recognized limit to their capacity, like being

intoxicated or a minor. Even though the formation process operated properly from a

technical standpoint, the lack of capacity should prevent the formation of a valid and

binding contract.

C.M.D. v. Facebook, 2014 WL 1266291 (N.D. Cal. 2014), dealt with Facebook’s use of

minors’ names and faces in its on-site advertising called Sponsored Stories. Facebook

claimed the minors agreed to Facebook’s advertising practices via its user agreement (what

Facebook calls its “Statement of Rights and Responsibilities”). The court held that,

according to the applicable California statute, the agreement was voidable, not void ab

initio. Minors could choose to void the contract at any time, but only by terminating their

Facebook accounts. Until the minors made this election, the contract was legally valid.

Thus, Facebook wasn’t liable for its advertising practices prior to voiding.

In B.F. v. Amazon, 19-910-RAJ-MLP (W.D. Wash. Oct. 21, 2019), the court held that the

terms of service for Amazon’s Alexa did not bind children, even if their parents had

consented to it. However, Amazon could have easily fixed this by adding a provision to its

terms saying that parents were consenting on behalf of their children as well.

Importance of a Good Call-to-Action. Nguyen v. Barnes & Noble Inc., 763 F.3d 1171 (9th

Cir. 2014) held:

where a website makes its terms of use available via a conspicuous hyperlink

on every page of the website but otherwise provides no notice to users nor

prompts them to take any affirmative action to demonstrate assent, even

close proximity of the hyperlink to relevant buttons users must click on—

without more—is insufficient to give rise to constructive notice

Barnes & Noble presented a link to its “Terms of Use” near its purchase button, but

the court implicitly rejected that the phrase “Terms of Use” signaled that purchasing

58.

meant assent to those terms. Had Barnes & Noble used a stronger call-to-action, its

presentation should have worked. See also the Zappos.com example below.

If the call-to-action asks users to agree to a “terms of use” and links to the associated

document, but the linked document is titled a “license agreement,” is there a contract? See

Resorb Networks, Inc. v. YouNow.com, 30 N.Y.S.3d 506 (N.Y. Sup. Ct. 2016) (no).

Visibility of Call-to-Action. Courts are not sympathetic to services that don’t make the call-

to-action prominent. See Wilson v. Huuuge, Inc., 944 F.3d 1212 (9th Cir. 2019):

Wilson was not required to assent to Huuuge’s Terms before downloading or

using the app—or at any point at all. Huuuge did not notify users that the

app had terms and conditions, let alone put them in a place the user would

necessarily see. Instead, a user would need to seek out or stumble upon

Huuuge’s Terms, either by scrolling through multiple screens of text before

downloading the app or clicking the settings menu within the app during

gameplay.

When downloading the app, the Terms are not just submerged—they are

buried twenty thousand leagues under the sea. Nowhere in the opening

profile page is there a reference to the Terms. To find a reference, a user

would need to click on an ambiguous button to see the app's full profile page

and scroll through multiple screen-lengths of similar-looking paragraphs.

Once the user unearths the paragraph referencing the Terms, the page does

not even inform the user that he will be bound by those terms. There is no

box for the user to click to assent to the Terms. Instead, the user is urged to

read the Terms—a plea undercut by Huuuge's failure to hyperlink the Terms.

This is the equivalent to admonishing a child to “please eat your peas” only to

then hide the peas. A reasonably prudent user cannot be expected to

scrutinize the app's profile page with a fine-tooth comb for the Terms.

Accessing the terms during gameplay is similarly a hide-the-ball exercise. A

user can view the Terms through the “Terms & Policy” tab of the settings

menu. Again, the user is required to take multiple steps. He must first find

and click on the three white dots representing the settings menu, tucked

away in the corner and obscured amongst the brightly colored casino games.

The “Terms & Policy” tab within the settings is buried among many other

links, like FAQs, notifications, and sound and volume. The tab is not bolded,

highlighted, or otherwise set apart.

….Only curiosity or dumb luck might bring a user to discover the Terms.

Test yourself #1: Do you think the following call-to-action succeeds?

59.

See DeVries v. Experian Information Solutions, Inc., 2017 WL 733096 (N.D. Cal. 2017)

(looks good!).

Test yourself #2: The next screenshot depicts the footer on Zappos.com’s web pages. Notice

the obscure link entitled “Terms of Use” on the far left bottom under “Zappos.com Policies.”*

If you printed out the home page of Zappos.com, this snippet probably would be on page 3 of

a 4 page printout.

If you clicked on the “Terms of Use” link, the terms started out with:

* [Editor’s note: the “Don’t Ever Click Here” link goes to a Rickroll video featuring the Muppets.]

60.

Can Zappos.com enforce these terms in court? See In re Zappos.com Inc., Customer Data

Security Breach Litigation, 893 F. Supp. 2d 1058 (D. Nev. 2012) (no).

Test yourself #3: Does the “reference” link (inside the red box, which I added, at the very

bottom of this screen shot) act as a sufficient call-to-action to form a contract using the

terms at the terminus of that link?

See Zajac, LLC v. Walker Industrial, 2016 WL 3962830 (D. Maine 2016) (no, and it’s not

even close).

Test Yourself #4: Is the “Sign Up” button a sufficient call-to-action to bind users to the

terms and conditions?

61.

See TopstepTrader, LLC, V. OneUp Trader, LLC, 2018 WL 1859040 (N.D. Ill. 2018) (no,

because “the ‘Sign Up’ button signaled that the user wanted to sign up for an account; it did

not signal acceptance to additional Terms”). How hard is it to fix this problem?

62.

Uber’s Contract Formation Redux. Uber won the Meyer ruling, but not all of its cases have

gone as well. As depicted in the Meyer opinion, to register with Uber, prospective customers

had to navigate the following process. First, they completed this screen:

63.

After clicking “next,” registrants saw the following screen:

64.

So far so good—the Meyer court blessed this process. However, when registrants attempted

to fill in the credit card data (which they had to do to finish the registration process), the

above screen changed to look like this:

Notice how once the user starts to enter the credit card number, the keypad covers up the

language “By creating an Uber account, you agree to the Terms of Service and Privacy

Policy,” but the “Register” button remained visible. As a result, registrants who filled in the

65.

credit card information and immediately selected the “Register” button would not see the

“By creating an Uber account…” language again.

Does this implementation jeopardize Uber’s contract formation? Metter v. Uber Techs., Inc.,

2017 WL 1374579 (N.D. Cal. 2017), contains this ominous statement: “Although the terms

of service alert seems designed to put a registrant on inquiry notice of Uber’s terms of

service and to alert the registrant that registration will amount to affirmative assent to

those terms, the keypad obstruction is a fatal defect to the alert’s functioning.”

Imagine you are counsel for Uber when it rolled out the implementation described above.

Would you have structured Uber’s online contract formation process differently? If so, ask

yourself how you would have spotted this issue. If mobile device apps function differently,

sometimes substantially, based on their operating system platform (i.e., Apple v. Android),

what steps would you take to properly review Uber’s contract formation in its apps?

Best Practices for Online Contract Formation. Though it’s possible to form an online

contract in a variety of ways, some recommended or “best” practices to increase the

likelihood of contract formation:

 Clear Call-to-Action: users should be presented with a statement that says “if you do

X, you agree to Y.” Numerous contracts have failed because of weak or ambiguous

calls-to-action, and that’s a trivially easy problem to avoid.

 Call-to-Action Prominence: the call-to-action should be “above the fold,” i.e., visible

on the page/screen without the user scrolling down, and the font should be a larger

font size and more prominent color than the surrounding text. As the First Circuit

observed, “If everything on the screen is written with conspicuous features, then

nothing is conspicuous.” Cullinane v. Uber Technologies, Inc., 893 F.3d 53 (1st Cir.

2018).

 Mandatory Checkbox: preferably, the call-to-action should say “by clicking this

checkbox, you agree to the [name of the legal terms],” with an associated checkbox

that users must check to proceed. The extra checkbox is not legally required (see,

e.g., Scherillo v. Dun & Bradstreet, Inc., 684 F. Supp. 2d 313 (E.D.N.Y. 2010)) but it

helps courts avoid distinctions between “clickwraps” and “sign-in-wraps.” See, e.g.,

Cullinane v. Uber Technologies, Inc., 893 F.3d 53 (1st Cir. 2018) (“Uber chose not to

use a common method of conspicuously informing users of the existence and location

of terms and conditions: requiring users to click a box stating that they agree to a set

of terms, often provided by hyperlink, before continuing to the next screen”); Small

Justice v. Xcentric Ventures, 99 F. Supp. 3d 190 (D. Mass. 2015).

 Contract Visibility. Courts still accept making the legal terms available as a

hyperlink from the call-to-action. However, preferably the user terms are presented

on the same page as the call-to-action. Because of their length, many services

present the legal terms as “scrollboxes” where the first few lines of the legal terms

are visible and users can scroll down in the box (without leaving the page) to read

more. You can also provide options for users to “pop out” the terms into a new

window and, as a nice touch, print the legal terms if they choose. A very strong

contract formation process would require users to scroll through the terms before

they are allowed to click the “agree to” checkbox (this is the “scrollwrap” term), but

this step is not legally required.

66.

 Second Click to Proceed: though not required, it would be advisable to have a second

click that lets the user advance from the page/screen, such as a “register” or “buy

now” button.

 “Non-leaky” Formation Process: it should be impossible for users to reach their

desired outcome (such as creating the account or buying the item) without going

through the contract formation process. This means there should be no workarounds

or alternative user flows that reach that outcome. Recall, for example, that the

Meyer court says Meyer did not take advantage of Uber’s option to allow logins

through Google+ or Facebook. That raises the question: if he had used those

alternative logins, would he have followed the same contract formation process, and

would the same call-to-action have applied?

Because of the importance of the contract formation process, the lawyer isn’t done when

he/she drafts and delivers the actual substantive legal terms. The lawyer must then check

the contract formation implementation to ensure it’s airtight. This includes asking about

workarounds and—MOST IMPORTANTLY—checking the formation on multiple devices

and operating systems. Almost every service has to build an account creation flow for

mobile apps that differs from their web flow, and if either flow fails to form the contract, the

service is in deep trouble. Often, app flows must differ between iOS, Android and other

mobile device operating systems (and the flows may differ between different generations of

each operating system). IT ABSOLUTELY IS THE LAWYER’S JOB TO CONFIRM THE

CONTRACT FORMATION PROCESS WORKS ACROSS ALL OF THE DIFFERENT

TECHNOLOGICAL CHANNELS. NO LAWYER SHOULD ASSUME THE CLIENT WILL

DO IT RIGHT WITHOUT INSTRUCTIONS AND REVIEW.

Evidentiary Issues. Assume an online service has a well-drafted and well-formed

clickthrough agreement. How can the online service credibly prove its contract formation

process and applicable terms in court…preferably at the motion to dismiss or summary

judgment stages?

In Moretti v. Hertz Corporation, 2014 WL 1410432 (N.D. Cal. 2014), Hotwire invoked its

clickthrough agreement against a plaintiff who claimed he hadn’t checked the box to assent

to the agreement. To support a motion to transfer, Hotwire introduced the following

evidence:

Defendants have produced two declarations from employees at Hotwire: (1)

Sarah Bernard who at the operative time was the Vice President of Product

Management for Hotwire; and (2) Jacob Aaron Joachin Hadary who was the

Lead Product Manager for Hotwire during that time. Bernard and Hadary

affirmatively state that the Terms of Use in operation during the December

2012 time frame included a forum-selection clause. Hadary declares, and

corroborates Bernard’s declaration, that an individual using the Hotwire

website cannot complete a booking without checking the “Acceptance Box”

acknowledging the acceptance of “Hotwire’s terms and conditions and other

applicable rules.” Hadary confirms that this requirement has been in place

since 2005.

67.

Based on those declarations, and without any conflicting evidence from the plaintiff

other than his unsubstantiated assertion, the court upheld Hotwire’s venue-selection

clause and granted its motion to transfer.

A similar result occurred in Zaltz v. JDate, 952 F. Supp. 2d 439 (E.D.N.Y. 2013). JDate has

a two-click process for registration. First, users must check-the-box to confirm reading the

terms, then click on a button to confirm registration. Nevertheless, the plaintiff claimed: “I

don’t believe these are the same terms I signed up with. I don’t believe that I agreed to any

terms stating that I have to sue within California if an issue arises.” JDate rebutted her

unsupported assertion with screenshots of its registration page plus:

a sworn statement from its North American Director of Customer Support

that the “Terms of Service were applicable to all subscribers of Spark

Networks’ website at JDate.com and no material changes were made thereto

during all four periods where Ms. Zaltz was a subscriber of Spark’s website at

JDate.com” and the forum selection clause at issue was part of those Terms of

Service and “remained unchanged during Ms. Zaltz’s subscription to

JDate.com.”

On this basis, JDate successfully transferred the case to its home court without a mini-trial

to resolve what contract terms governed the case.

To achieve similar results, it’s essential to maintain a chain of evidence that can

convincingly show (1) the agreement’s terms on any specific date, and (2) what user

interactions were technologically required to manifest assent on that date (preferably

including screenshots in color). You should also consider how to introduce this evidence

even if all of the relevant employees have left the company by the time the matter reaches

litigation.

What Contract Law Applies to Online Contracts? It’s an overgeneralization, but broadly

stated, there are two major bodies of contract law: “common law” and the “Uniform

Commercial Code” (UCC). UCC Article 2 applies to the sale of physical goods, and common

law (which states may have codified into statutes) applies to many other types of contracts,

including the performance of services. Your 1L Contracts class probably focused on the

common law and spent little time talking about UCC Article 2. 1L Contracts professors

often defer discussion of UCC Article 2 to an upper-division elective, such as “Sales.”

As noted earlier, in the 1980s and 1990s, most software was sold in shrinkwrap packaging,

and UCC Article 2 governed the sale of the physical goods. In turn, most early software

contracts cases applied UCC Article 2 both to the tangible storage disks and the software

stored on those disks—even though Article 2 didn’t contemplate the unique aspects of

intangible software. Article 2’s applicability to software became even more dubious when

software was distributed as an Internet download, without any associated sale of a physical

item.

In the 1990s, the American Law Institute (ALI) and National Conference of Commissioners

on Uniform State Laws (NCCUSL) jointly developed a proposed UCC Article 2B that would

apply to intangible items like software and electronic content. That partnership dissolved

when ALI rejected the proposal.

68.

Undeterred, NCCUSL rebranded the proposal as the Uniform Computer Information

Transactions Act (UCITA) and offered it to state legislatures as a model state law. Only two

states, Maryland and Virginia, adopted UCITA. No other states have done so (or will do so).

Indeed, about a half-dozen states adopted “bomb shelter” statutes saying that UCITA would

not apply to those states’ residents.

Thus, UCITA failed as a model law, though it continues to apply in Maryland and Virginia.

Few lawyers have expertise in UCITA; it’s quite lengthy and detailed, and it does not

reflect modern technology. As a result, Internet companies based in Maryland and Virginia

sometimes expressly opt-out of UCITA in their contracts’ choice-of-law provisions.

The failure of UCC Article 2B and UCITA still leaves a hole in contract law for intangible

items online, such as software and content. Should UCC Article 2 apply, as historically it

did to software, or should the common law apply, as it would normally apply to services?

Courts often sidestep this issue, so whether UCC Article 2 or common law applies to online

contracts remains unresolved.

The failure of UCC Article 2B has not deterred ALI from revisiting this issue. After the

failure of UCC Article 2B, in 2009, ALI adopted a document called the “Principles of the

Law of Software Contracts” that addressed online contracts. That document was largely

ignored.

Now, ALI is developing a new “Restatement of the Law of Consumer Contracts” that

purports to address many online contracts. At a very high level, the Restatement of

Consumer Contracts’ terms are biased towards forming more contracts, coupled with an

expectation that courts will rigorously police those contract terms using unconscionability

and other consumer-protective doctrines. However, courts are reluctant to use the

unconscionability doctrine too aggressively, so the Restatement of Consumer Contracts’

structure will either require judges to change their historical approaches or will lead to too

many binding consumer contracts with problematic terms. Even if ALI adopts the new

restatements, it remains uncertain how judges will respond to it.

The Swinging Pendulum of Arbitration Enforceability. This book primarily focuses on the

procedure of online contract formation, not the substantive terms of the contract. If the

formation process is botched, the substantive contract terms don’t matter. But if contract

formation is handled properly, then the substantive terms of that contract absolutely

matter—especially when subjected to unconscionability challenges.

In particular, arbitration clauses have been the subject of substantial litigation. The

Federal Arbitration Act says that agreements to arbitrate generally shall be “valid,

irrevocable, and enforceable.” 9 U.S.C. §2. Accordingly, courts often go to great lengths to

honor arbitration agreements. Some of this reflects courts’ workloads—every case sent to

arbitration means one less case on the judge’s docket. More importantly, historically

arbitration has been perceived as cheaper and faster than litigation, so getting cases into

arbitration should benefit everyone.

This pro-arbitration view has degraded in the last couple decades. First, arbitration often

isn’t faster or cheaper than litigation. Second, businesses select arbitration services where

69.

they are likely to win consistently. If a business loses arbitrations too often, it will switch

arbitration services. Third, arbitration bypass jury trials (and the associated risk of high

damages that can result from those trials) and inhibit class actions, effectively allowing

businesses to short-circuit some of the due process features of the judicial system.

As courts recognized the potential abuses of arbitration clauses, they became more

circumspect about sending cases to arbitration, relying on doctrines like formation and

unconscionability to block the applicability of an arbitration clause in an online contract.

For example, in Comb v. PayPal, 218 F. Supp. 2d 1165 (2002), a federal court deemed

PayPal’s arbitration clause unconscionable. Following the Comb decision, many online

businesses removed arbitration clauses from their online contracts.

The pendulum swung again after AT&T Mobility v. Concepcion, 563 U.S. 333 (2011), which

invalidated states’ efforts to restrict arbitration, even when arbitration blocked class action

lawsuits. Following Concepcion, many online businesses added arbitration clauses back into

their online contracts. However, most businesses now do a number of things to reduce the

risk of the clause being unconscionable, such as excluding low-value cases (letting those go

to small claims court), allowing class formation in arbitration, covering the out-of-pocket

costs to the arbitration service, allowing consumers to arbitrate without making a costly

appearance in person, and letting consumers opt-out of arbitration when forming the

contract (usually through an onerous opt-out mechanism, such as sending a postal letter

within 30 days of agreeing to the terms).

If you’re advising a business about online contract formation that includes an arbitration

clause, make sure to keep up with the caselaw and the state-of-the-art arbitration terms

that reduce the risk of unconscionability. The law in this area keeps changing rapidly.

70.

The Meyer case discusses the most common methods of forming contracts via the web or

mobile apps. The next case represents perhaps the most prominent alternative to Meyer’s

approach. In the next case, a website operator successfully forms an online contract without

a mandatory clickthrough agreement. Because this exception has the potential to swallow

up the rule, courts apply it sparingly.

Register.com, Inc. v. Verio, Inc., 356 F.3d 393 (2d Cir. 2004).

Leval, Circuit Judge.*

Defendant, Verio, Inc. (“Verio”) appeals from an order of the United States District Court

for the Southern District of New York (Barbara S. Jones, J.) granting the motion of plaintiff

Register.com, Inc. (“Register”) for a preliminary injunction. The court’s order enjoined Verio

from (1) using Register’s trademarks; (2) representing or otherwise suggesting to third

parties that Verio’s services have the sponsorship, endorsement, or approval of Register; (3)

accessing Register’s computers by use of automated software programs performing multiple

successive queries; and (4) using data obtained from Register’s database of contact

information of registrants of Internet domain names to solicit the registrants for the sale of

web site development services by electronic mail, telephone calls, or direct mail. We

affirm.1…

BACKGROUND

This plaintiff Register is one of over fifty companies serving as registrars for the issuance of

domain names on the world wide web. As a registrar, Register issues domain names to

persons and entities preparing to establish web sites on the Internet. Web sites are

identified and accessed by reference to their domain names.

Register was appointed a registrar of domain names by the Internet Corporation for

Assigned Names and Numbers, known by the acronym “ICANN.” ICANN is a private, non-

profit public benefit corporation which was established by agencies of the U.S. government

to administer the Internet domain name system. To become a registrar of domain names,

Register was required to enter into a standard form agreement with ICANN, designated as

the ICANN Registrar Accreditation Agreement, November 1999 version (referred to herein

as the “ICANN Agreement”).

Applicants to register a domain name submit to the registrar contact information, including

at a minimum, the applicant’s name, postal address, telephone number, and electronic mail

address. The ICANN Agreement, referring to this registrant contact information under the

* The Honorable Fred I. Parker was a member of the panel but died on August 12, 2003. Judge Parker would

have voted to reverse the district court’s order. This appeal is being decided by the two remaining members of

the panel, who are in agreement. 1 Judge Parker was not in agreement with this disposition. Deliberations have followed an unusual course.

Judge Parker initially was assigned to prepare a draft opinion affirming the district court. In the course of

preparing the draft, Judge Parker changed his mind and proposed to rule in favor of the defendant, overturning

the injunction in most respects. Judge Parker’s draft opinion, however, failed to convince the other members of

the panel, who adhered to the view that the injunction should be affirmed. Judge Parker died shortly thereafter,

prior to the circulation of a draft opinion affirming the injunction, from which Judge Parker presumably would

have dissented. [Editor’s note: The court attached Judge Parker’s draft opinion as an Appendix. It’s a scholarly

and thoughtful opinion that will reward interested readers.]

71.

rubric “WHOIS information,” requires the registrar, under terms discussed in greater detail

below, to preserve it, update it daily, and provide for free public access to it through the

Internet as well as through an independent access port, called port 43.

Section II.F.5 of the ICANN Agreement (which furnishes a major basis for the appellant

Verio’s contentions on this appeal) requires that the registrar “not impose terms and

conditions” on the use made by others of its WHOIS data “except as permitted by ICANN-

adopted policy.” In specifying what restrictions may be imposed, the ICANN Agreement

requires the registrar to permit use of its WHOIS data “for any lawful purposes except to: ...

support the transmission of mass unsolicited, commercial advertising or solicitations via

email (spam); [and other listed purposes not relevant to this appeal].” (emphasis added).

Another section of the ICANN Agreement (upon which appellee Register relies) provides as

follows,

No Third-Party Beneficiaries: This Agreement shall not be construed to

create any obligation by either ICANN or Registrar to any non-party to this

Agreement....

Third parties could nonetheless seek enforcement of a registrar’s obligations set forth in the

ICANN Agreement by resort to a grievance process under ICANN’s auspices.

In compliance with § II.F.1 of the ICANN Agreement, Register updated the WHOIS

information on a daily basis and established Internet and port 43 service, which allowed

free public query of its WHOIS information.* An entity making a WHOIS query through

Register’s Internet site or port 43 would receive a reply furnishing the requested WHOIS

information, captioned by a legend devised by Register, which stated,

By submitting a WHOIS query, you agree that you will use this data only for

lawful purposes and that under no circumstances will you use this data to ...

support the transmission of mass unsolicited, commercial advertising or

solicitation via email.

The terms of that legend tracked § II.F.5 of the ICANN Agreement in specifying the

restrictions Register imposed on the use of its WHOIS data. Subsequently, as explained

below, Register amended the terms of this legend to impose more stringent restrictions on

the use of the information gathered through such queries.

* [Editor’s note: IETF RFC 3912 (https://tools.ietf.org/html/rfc3912) from Sept. 2014 describes Port 43 and the

WHOIS protocol:

A WHOIS server listens on TCP port 43 for requests from WHOIS clients. The WHOIS client

makes a text request to the WHOIS server, then the WHOIS server replies with text content.

All requests are terminated with ASCII CR and then ASCII LF. The response might contain

more than one line of text, so the presence of ASCII CR or ASCII LF characters does not

indicate the end of the response. The WHOIS server closes its connection as soon as the output

is finished. The closed TCP connection is the indication to the client that the response has been

received….

WHOIS lacks mechanisms for access control, integrity, and confidentiality. Accordingly,

WHOIS-based services should only be used for information which is non-sensitive and

intended to be accessible to everyone.]

72.

In addition to performing the function of a registrar of domain names, Register also

engages in the business of selling web-related services to entities that maintain web sites.

These services cover various aspects of web site development. In order to solicit business for

the services it offers, Register sends out marketing communications. Among the entities it

solicits for the sale of such services are entities whose domain names it registered.

However, during the registration process, Register offers registrants the opportunity to

elect whether or not they will receive marketing communications from it.

The defendant Verio, against whom the preliminary injunction was issued, is engaged in

the business of selling a variety of web site design, development and operation services. In

the sale of such services, Verio competes with Register’s web site development business. To

facilitate its pursuit of customers, Verio undertook to obtain daily updates of the WHOIS

information relating to newly registered domain names. To achieve this, Verio devised an

automated software program, or robot, which each day would submit multiple successive

WHOIS queries through the port 43 accesses of various registrars. Upon acquiring the

WHOIS information of new registrants, Verio would send them marketing solicitations by

email, telemarketing and direct mail. To the extent that Verio’s solicitations were sent by

email, the practice was inconsistent with the terms of the restrictive legend Register

attached to its responses to Verio’s queries.

At first, Verio’s solicitations addressed to Register’s registrants made explicit reference to

their recent registration through Register. This led some of the recipients of Verio’s

solicitations to believe the solicitation was initiated by Register (or an affiliate), and was

sent in violation of the registrant’s election not to receive solicitations from Register.

Register began to receive complaints from registrants. Register in turn complained to Verio

and demanded that Verio cease and desist from this form of marketing. Register asserted

that Verio was harming Register’s goodwill, and that by soliciting via email, was violating

the terms to which it had agreed on submitting its queries for WHOIS information. Verio

responded to the effect that it had stopped mentioning Register in its solicitation message.

In the meantime, Register changed the restrictive legend it attached to its responses to

WHOIS queries. While previously the legend conformed to the terms of § II F.5, which

authorized Register to prohibit use of the WHOIS information for mass solicitations “via

email,” its new legend undertook to bar mass solicitation “via direct mail, electronic mail, or

by telephone.”2 Section II.F.5 of Register’s ICANN Agreement, as noted above, required

Register to permit use of the WHOIS data “for any lawful purpose except to ... support the

transmission of mass unsolicited solicitations via email (spam).” Thus, by undertaking to

prohibit Verio from using the WHOIS information for solicitations “via direct mail ... or by

telephone,” Register was acting in apparent violation of this term of its ICANN Agreement.

Register wrote to Verio demanding that it cease using WHOIS information derived from

Register not only for email marketing, but also for marketing by direct mail and telephone.

Verio ceased using the information in email marketing, but refused to stop marketing by

direct mail and telephone. [Register sued Verio in August 2000]….

2 The new legend stated:

By submitting a WHOIS query, you agree that ... under no circumstances will you use this

data to ... support the transmission of mass unsolicited ... advertising or solicitations via direct

mail, electronic mail, or by telephone.

73.

[Editor’s note: the following diagram may help you understand the relationships visually]

DISCUSSION…

(a) Verio’s enforcement of the restrictions placed on Register by the ICANN Agreement

Verio conceded that it knew of the restrictions Register placed on the use of the WHOIS

data and knew that, by using Register’s WHOIS data for direct mail and telemarketing

solicitations, it was violating Register’s restrictions. Verio’s principal argument is that

Register was not authorized to forbid Verio from using the data for direct mail and

telemarketing solicitation because the ICANN Agreement prohibited Register from

imposing any “terms and conditions” on use of WHOIS data, “except as permitted by

ICANN-adopted policy,” which specified that Register was required to permit “any lawful

purpose, except ... mass solicitation[] via email.”

Register does not deny that the restrictions it imposed contravened this requirement of the

ICANN Agreement. Register contends, however, that the question whether it violated §

II.F.5 of its Agreement with ICANN is a matter between itself and ICANN, and that Verio

cannot enforce the obligations placed on Register by the ICANN Agreement. Register points

to § II.S.2 of the ICANN Agreement, captioned “No Third-Party Beneficiaries,” which, as

74.

noted, states that the agreement is not to be construed “to create any obligation by either

ICANN or Registrar to any non-party.” Register asserts that Verio, a non-party, is asking

the court to construe § II.F.5 as creating an obligation owed by Register to Verio, and that

the Agreement expressly forbids such a construction.

ICANN intervened in the district court as an amicus curiae and strongly supports

Register’s position, opposing Verio’s right to invoke Register’s contractual promises to

ICANN. ICANN explained that ICANN has established a remedial process for the

resolution of such disputes through which Verio might have sought satisfaction. “If Verio

had concerns regarding Register.com’s conditions for access to WHOIS data, it should have

raised them within the ICANN process rather [than] simply taking Register.com’s data,

violating the conditions [imposed by Register], and then seeking to justify its violation in

this Court .... [Verio’s claim was] intended to be addressed only within the ICANN process.”

ICANN asserted that the No Third-Party Beneficiary provision, barring third parties from

seeking to enforce promises made by a registrar to ICANN through court proceedings, was

“vital to the overall scheme of [its] various agreements.”

This is because proper expression of the letter and spirit of ICANN policies is

most appropriately achieved through the ICANN process itself, and not

through forums that lack the every day familiarity with the intricate

technical and policy issues that the ICANN process was designed to address.

ICANN’s brief went on to state:

[E]nforcement of agreements with ICANN [was to] be informed by the

judgment of the various segments of the internet community as expressed

through ICANN. In the fast-paced environment of the Internet, new issues

and situations arise quickly, and sometimes the language of contractual

provisions does not perfectly match the underlying policies. For this and

other reasons, hard-and-fast enforcement [by courts] of the letter of every

term of every agreement is not always appropriate. An integral part of the

agreements that the registrars ... entered with ICANN is the understanding

that these situations would be handled through consultation and

consideration within the ICANN process.... Allowing issues under the

agreements registrars make with ICANN to be diverted from [ICANN’s]

carefully crafted remedial scheme to the courts, at the behest of third

parties..., would seriously threaten the Internet community’s ability, under

the auspices of ICANN, to achieve a proper balance of the competing policy

values that are so frequently involved.

We are persuaded by the arguments Register and ICANN advance. It is true Register

incurred a contractual obligation to ICANN not to prevent the use of its WHOIS data for

direct mail and telemarketing solicitation. But ICANN deliberately included in the same

contract that persons aggrieved by Register’s violation of such a term should seek

satisfaction within the framework of ICANN’s grievance policy, and should not be heard in

courts of law to plead entitlement to enforce Register’s promise to ICANN. As experience

develops in the fast changing world of the Internet, ICANN, informed by the various

constituencies in the Internet community, might well no longer consider it salutary to

75.

enforce a policy which it earlier expressed in the ICANN Agreement. For courts to

undertake to enforce promises made by registrars to ICANN at the instance of third parties

might therefore be harmful to ICANN’s efforts to develop well-informed and sound Internet

policy.

Verio’s invocation of the ICANN Agreement necessarily depends on its entitlement to

enforce Register’s promises to ICANN in the role of third party beneficiary. The ICANN

Agreement specified that it should be deemed to have been made in California, where

ICANN is located. Under § 1559 of the California Civil Code, a “contract, made expressly

for the benefit of a third person, may be enforced by him.” For Verio to seek to enforce

Register’s promises it made to ICANN in the ICANN Agreement, Verio must show that the

Agreement was made for its benefit. Verio did not meet this burden. To the contrary, the

Agreement expressly and intentionally excluded non-parties from claiming rights under it

in court proceedings.

We are not persuaded by the arguments Judge Parker advanced in his draft. Although

acknowledging that Verio could not claim third party beneficiary rights to enforce

Register’s promises to ICANN, Judge Parker nonetheless found three reasons for enforcing

Verio’s claim: (i) “public policy interests at stake,” (ii) Register’s “indisputable obligations to

ICANN as a registrar,” and (iii) the equities, involving Register’s “unclean hands” in

imposing a restriction it was contractually bound not to impose. We respectfully disagree.

As for the first argument, that Register’s restriction violated public policy, it is far from

clear that this is so. It is true that the ICANN Agreement at the time ICANN presented it

to Register permitted mass solicitation by means other than email. But it is not clear that

at the time of this dispute, ICANN intended to adhere to that policy. As ICANN’s amicus

brief suggested, the world of the Internet changes rapidly, and public policy as to how that

world should be governed may change rapidly as well. ICANN in fact has since changed the

terms of its standard agreement for the accreditation of registrars to broaden the uses of

WHOIS information that registrars may prohibit to include not only mass email

solicitations but also mass telephone and fax solicitations. It is far from clear that ICANN

continues to view public policy the way it did at the time it crafted Register’s agreement. In

any event, if Verio wished to have the dispute resolved in accordance with public policy, it

was free to bring its grievance to ICANN. Verio declined to do so. ICANN included the “No

Third-Party Beneficiary” provision precisely so that it would retain control of enforcement

of policy, rather than yielding it to courts.

As for Judge Parker’s second argument, Register’s “indisputable obligation to ICANN as a

registrar” to permit Verio to use the WHOIS information for mass solicitation by mail and

telephone, we do not see how this argument differs from Verio’s claim of entitlement as a

third party beneficiary, which § II.S.2 explicitly negates. The fact that Register owed a

contractual obligation to ICANN not to impose certain restrictions on use of WHOIS

information does not mean that it owed an obligation to Verio not to impose such

restrictions. As ICANN’s brief in the district court indicates, ICANN was well aware of

Register’s deviation from the restrictions imposed by the ICANN Agreement, but ICANN

chose not to take steps to compel Register to adhere to its contract.

Nor are we convinced by Judge Parker’s third argument of Register’s “unclean hands.”

Judge Parker characterizes Register’s failure to honor its contractual obligation to ICANN

as unethical conduct, making Register ineligible for equitable relief. But Register owed no

76.

duty in that regard to anyone but ICANN, and ICANN has expressed no dissatisfaction

with Register’s failure to adhere to that term of the contract. Verio was free to seek

ICANN’s intervention on its behalf, but declined to do so, perhaps because it knew or

suspected that ICANN would decline to compel Register to adhere to the contract term.

Under the circumstances, we see no reason to assume on appeal that Register’s conduct

should be considered unethical, especially where the district court made no such finding.

(b) Verio’s assent to Register’s contract terms

Verio’s next contention assumes that Register was legally authorized to demand that takers

of WHOIS data from its systems refrain from using it for mass solicitation by mail and

telephone, as well as by email. Verio contends that it nonetheless never became

contractually bound to the conditions imposed by Register’s restrictive legend because, in

the case of each query Verio made, the legend did not appear until after Verio had

submitted the query and received the WHOIS data. Accordingly, Verio contends that in no

instance did it receive legally enforceable notice of the conditions Register intended to

impose. Verio therefore argues it should not be deemed to have taken WHOIS data from

Register’s systems subject to Register’s conditions.

Verio’s argument might well be persuasive if its queries addressed to Register’s computers

had been sporadic and infrequent. If Verio had submitted only one query, or even if it had

submitted only a few sporadic queries, that would give considerable force to its contention

that it obtained the WHOIS data without being conscious that Register intended to impose

conditions, and without being deemed to have accepted Register’s conditions. But Verio was

daily submitting numerous queries, each of which resulted in its receiving notice of the

terms Register exacted. Furthermore, Verio admits that it knew perfectly well what terms

Register demanded. Verio’s argument fails.

The situation might be compared to one in which plaintiff P maintains a roadside fruit

stand displaying bins of apples. A visitor, defendant D, takes an apple and bites into it. As

D turns to leave, D sees a sign, visible only as one turns to exit, which says “Apples—50

cents apiece.” D does not pay for the apple. D believes he has no obligation to pay because

he had no notice when he bit into the apple that 50 cents was expected in return. D’s view is

that he never agreed to pay for the apple. Thereafter, each day, several times a day, D

revisits the stand, takes an apple, and eats it. D never leaves money.

P sues D in contract for the price of the apples taken. D defends on the ground that on no

occasion did he see P’s price notice until after he had bitten into the apples. D may well

prevail as to the first apple taken. D had no reason to understand upon taking it that P was

demanding the payment. In our view, however, D cannot continue on a daily basis to take

apples for free, knowing full well that P is offering them only in exchange for 50 cents in

compensation, merely because the sign demanding payment is so placed that on each

occasion D does not see it until he has bitten into the apple.

Verio’s circumstance is effectively the same. Each day Verio repeatedly enters Register’s

computers and takes that day’s new WHOIS data. Each day upon receiving the requested

data, Verio receives Register’s notice of the terms on which it makes the data available—

that the data not be used for mass solicitation via direct mail, email, or telephone. Verio

acknowledges that it continued drawing the data from Register’s computers with full

77.

knowledge that Register offered access subject to these restrictions. Verio is no more free to

take Register’s data without being bound by the terms on which Register offers it, than D

was free, in the example, once he became aware of the terms of P’s offer, to take P’s apples

without obligation to pay the 50 cent price at which P offered them.

Verio seeks support for its position from cases that have dealt with the formation of

contracts on the Internet. An excellent example, although decided subsequent to the

submission of this case, is Specht v. Netscape Communications Corp., 306 F.3d 17 (2d Cir.

2002). The dispute was whether users of Netscape’s software, who downloaded it from

Netscape’s web site, were bound by an agreement to arbitrate disputes with Netscape,

where Netscape had posted the terms of its offer of the software (including the obligation to

arbitrate disputes) on the web site from which they downloaded the software. We ruled

against Netscape and in favor of the users of its software because the users would not have

seen the terms Netscape exacted without scrolling down their computer screens, and there

was no reason for them to do so. The evidence did not demonstrate that one who had

downloaded Netscape’s software had necessarily seen the terms of its offer.

Verio, however, cannot avail itself of the reasoning of Specht. In Specht, the users in whose

favor we decided visited Netscape’s web site one time to download its software. Netscape’s

posting of its terms did not compel the conclusion that its downloaders took the software

subject to those terms because there was no way to determine that any downloader had

seen the terms of the offer. There was no basis for imputing to the downloaders of

Netscape’s software knowledge of the terms on which the software was offered. This case is

crucially different. Verio visited Register’s computers daily to access WHOIS data and each

day saw the terms of Register’s offer; Verio admitted that, in entering Register’s computers

to get the data, it was fully aware of the terms on which Register offered the access.

Verio’s next argument is that it was not bound by Register’s terms because it rejected them.

Even assuming Register is entitled to demand compliance with its terms in exchange for

Verio’s entry into its systems to take WHOIS data, and even acknowledging that Verio was

fully aware of Register’s terms, Verio contends that it still is not bound by Register’s terms

because it did not agree to be bound. In support of its claim, Verio cites a district court case

from the Central District of California, Ticketmaster Corp. v. Tickets.com, Inc., 2000 WL

1887522 (C.D. Cal. Aug. 10, 2000), in which the court rejected Ticketmaster’s application

for a preliminary injunction to enforce posted terms of use of data available on its website

against a regular user. Noting that the user of Ticketmaster’s web site is not required to

check an “I agree” box before proceeding, the court concluded that there was insufficient

proof of agreement to support a preliminary injunction.

We acknowledge that the Ticketmaster decision gives Verio some support, but not enough.

In the first place, the Ticketmaster court was not making a definitive ruling rejecting

Ticketmaster’s contract claim. It was rather exercising a district court’s discretion to deny a

preliminary injunction because of a doubt whether the movant had adequately shown

likelihood of success on the merits.

But more importantly, we are not inclined to agree with the Ticketmaster court’s analysis.

There is a crucial difference between the circumstances of Specht, where we declined to

enforce Netscape’s specified terms against a user of its software because of inadequate

evidence that the user had seen the terms when downloading the software, and those of

78.

Ticketmaster, where the taker of information from Ticketmaster’s site knew full well the

terms on which the information was offered but was not offered an icon marked, “I agree,”

on which to click. Under the circumstances of Ticketmaster, we see no reason why the

enforceability of the offeror’s terms should depend on whether the taker states (or clicks), “I

agree.”

We recognize that contract offers on the Internet often require the offeree to click on an “I

agree” icon. And no doubt, in many circumstances, such a statement of agreement by the

offeree is essential to the formation of a contract. But not in all circumstances. While new

commerce on the Internet has exposed courts to many new situations, it has not

fundamentally changed the principles of contract. It is standard contract doctrine that

when a benefit is offered subject to stated conditions, and the offeree makes a decision to

take the benefit with knowledge of the terms of the offer, the taking constitutes an

acceptance of the terms, which accordingly become binding on the offeree. See, e.g.,

Restatement (Second) of Contracts § 69(1)(a) (1981) (“[S]ilence and inaction operate as an

acceptance ... [w]here an offeree takes the benefit of offered services with reasonable

opportunity to reject them and reason to know that they were offered with the expectation

of compensation.”); 2 Richard A. Lord, Williston on Contracts § 6:9 (4th ed. 1991) (“[T]he

acceptance of the benefit of services may well be held to imply a promise to pay for them if

at the time of acceptance the offeree has a reasonable opportunity to reject the service and

knows or has reason to know that compensation is expected.”); Arthur Linton Corbin,

Corbin on Contracts § 71 (West 1 vol. ed. 1952) (“The acceptance of the benefit of the

services is a promise to pay for them, if at the time of accepting the benefit the offeree has a

reasonable opportunity to reject it and knows that compensation is expected.”); Jones v.

Brisbin, 41 Wash. 2d 167, 172 (1952) (“Where a person, with reasonable opportunity to

reject offered services, takes the benefit of them under circumstances which would indicate,

to a reasonable man, that they were offered with the expectation of compensation, a

contract, complete with mutual assent, results.”); Markstein Bros. Millinery Co. v. J.A.

White & Co., 151 Ark. 1 (1921) (buyer of hats was bound to pay for hats when buyer failed

to return them to seller within five days of inspection as seller requested in clear and

obvious notice statement).

Returning to the apple stand, the visitor, who sees apples offered for 50 cents apiece and

takes an apple, owes 50 cents, regardless whether he did or did not say, “I agree.” The

choice offered in such circumstances is to take the apple on the known terms of the offer or

not to take the apple. As we see it, the defendant in Ticketmaster and Verio in this case had

a similar choice. Each was offered access to information subject to terms of which they were

well aware. Their choice was either to accept the offer of contract, taking the information

subject to the terms of the offer, or, if the terms were not acceptable, to decline to take the

benefits.

We find that the district court was within its discretion in concluding that Register showed

likelihood of success on the merits of its contract claim….

NOTES AND QUESTIONS

Publishing Customer Information. Historically, ICANN has required registrars to publish

the names of their customers and how to reach them (e.g., the registrant’s name, address,

79.

email address, phone number and more) in WHOIS databases. Normally, businesses

consider this kind of customer information highly proprietary because it’s a goldmine for

competitors and other vendors prospecting for new customers. Why does ICANN require

registrars to publish this information? Can you think of other situations where businesses

are required to publish the name and contact information of their customers? ICANN’s

publication requirement appears to conflict with the EU’s GDPR (discussed later), so the

WHOIS era may be waning.

Who’s More Sympathetic? Verio was telemarketing and spamming domain name

registrants, it raided Register.com’s servers for commercially valuable information, and it

misled its potential customers into thinking it had a relationship with Register.com. On the

other hand, Register.com broke its ICANN agreement by expanding the restrictive legend,

and Register.com’s core motivation was to squelch competition in an ancillary business

(web hosting services). Between Register.com and Verio, who do you find more

sympathetic? Did Verio act ethically? Did Register.com?

Seeing how the case turned out, if you represented Verio, what would you do differently?

Even though it won in court, should Register.com have done anything differently?

Post-Transaction Emails. Trilegiant sent emails containing the legal terms after users

enrolled in its subscription services. The Second Circuit said the post-enrollment emails

didn’t create inquiry notice:

the plaintiffs were presented with the arbitration provision in an email

delivered to each of them after they had enrolled in Great Fun. Trilegiant

asserts that the fact that we can assume that the email was received by the

plaintiffs is enough to support the conclusion that they were on inquiry notice

of its terms. But that someone has received an email does not without more

establish that he or she should know that the terms disclosed in the email

relate to a service in which he or she had previously enrolled and that a

failure affirmatively to opt out of the service amounts to assent to those

terms....

the arbitration provision here was both temporally and spatially decoupled

from the plaintiffs’ enrollment in and use of Great Fun; the term was

delivered after initial enrollment and Great Fun members such as the

plaintiffs would not be forced to confront the terms while enrolling in or using

the service or maintaining their memberships....

a reasonable person would not be expected to connect an email that the

recipient may not actually see until long after enrolling in a service (if ever)

with the contractual relationship he or she may have with the service

provider, especially where the enrollment required as little effort as it did for

the plaintiffs here.

Schnabel v. Trilegiant, 697 F.3d 110 (2d Cir. 2012); see also Starke v. SquareTrade, Inc.,

913 F.3d 279 (2d Cir. 2019).

80.

Assume that a service successfully forms its online contract initially. How can the

service amend that contract in the future? Industry-standard practice is to declare

(in the contract terms) that the service may unilaterally amend the contract at any

time without notice to users. Do courts agree with that approach?

Harris v. Blockbuster Inc., 622 F. Supp. 2d 396 (N.D. Tex. 2009).

Background

This case arises out of alleged violations of the Video Privacy Protection Act by Defendant

Blockbuster Inc. (“Blockbuster”). Blockbuster operates a service called Blockbuster Online,

which allows customers to rent movies through the internet. Blockbuster entered into an

agreement with Facebook (“the Blockbuster contract”) which caused Blockbuster’s

customers’ movie rental choices to be disseminated on the customers’ Facebook accounts

through Facebook’s “Beacon” program. In short, when a customer rented a video from

Blockbuster Online, the Beacon program would transmit the customer’s choice to Facebook,

which would then broadcast the choice to the customer’s Facebook friends.

Plaintiff claims that this arrangement violated the Video Privacy Protection Act, 18 U.S.C.

§ 2710, which prohibits a videotape service provider from disclosing personally identifiable

information about a customer unless given informed, written consent at the time the

disclosure is sought. The Act provides for liquidated damages of $2,500 for each violation.

Blockbuster attempted to invoke an arbitration provision in its “Terms and Conditions,”

which includes a paragraph governing “Dispute Resolution” that states, in pertinent part:

“[a]ll claims, disputes or controversies ... will be referred to and determined by binding

arbitration.” It further purportedly waives the right of its users to commence any class

action. As a precondition to joining Blockbuster Online, customers were required to click on

a box certifying that they had read and agreed to the Terms and Conditions.

On August 30, 2008, before the case was transferred to this Court, the Defendant moved to

enforce the arbitration provision. The Plaintiffs argued that the arbitration provision is

unenforceable, principally for two reasons: (1) it is illusory; and (2) it is unconscionable.

Because the Court concludes that the arbitration provision is illusory, the Court does not

reach the unconscionability issue.

Legal Standard

In Texas, a contract must be supported by consideration, and if it is not, it is illusory and

cannot be enforced. In Morrison v. Amway Corp., the Fifth Circuit analyzed a very similar

arbitration provision to that in the subject Terms and Conditions and held it to be illusory.

In Morrison, defendant, a seller of household products marketed through a chain of

distributors, was sued by its distributors for a variety of torts, including racketeering and

defamation. The defendant sought to enforce an arbitration provision in which each

distributor agreed:

[T]o conduct [his or her] business according to the Amway Code of Ethics and

Rules of Conduct, as they are amended and published from time to time in

official Amway literature.... I agree I will give notice in writing of any claim

81.

or dispute arising out of or relating to my Amway distributorship, or the

Amway Sales and Marketing Plan or Rules of Conduct to the other party or

parties.... I agree to submit any remaining claim or dispute arising out of or

relating to any Amway distributorship, the Amway Sales and Marketing

Plan, or the Amway Rules of Conduct... to binding arbitration in accordance

with the Amway Arbitration rules, which are set forth in the Amway

Business Compendium.

The Morrison court held that the provision was illusory because “[t]here is no express

exemption of the arbitration provisions from Amway’s ability to unilaterally modify all

rules, and the only express limitation on that unilateral right is published notice. While it

is inferable that an amendment thus unilaterally made by Amway to the arbitration

provision would not become effective until published, there is nothing to suggest that once

published the amendment would be inapplicable to disputes arising, or arising out of events

occurring, before such publication.”

The Morrison court distinguished In re Halliburton Co., in which the Texas Supreme Court

rejected an argument that an arbitration clause was illusory. The provision in Halliburton

specifically limited the defendant’s ability to apply changes to the agreement as follows:

[N]o amendment shall apply to a Dispute of which the Sponsor [Halliburton]

had actual notice on the date of amendment.... termination [of the arbitration

agreement] shall not be effective until 10 days after reasonable notice of

termination is given to Employees or as to Disputes which arose prior to the

date of termination.

In Morrison, the Fifth Circuit held that the limitation on the ability to unilaterally modify

or terminate the agreement in Halliburton is what caused the Texas Supreme Court to rule

that it was enforceable. Because the Morrison agreement contained no “Halliburton type

savings clauses,” which would “preclude application of such amendments to disputes which

arose (or of which Amway had notice) before the amendment,” the agreement in Morrison

was illusory.

Analysis

The basis for the Plaintiffs’ claim that the arbitration provision is illusory is that

Blockbuster reserves the right to modify the Terms and Conditions, including the section

that contains the arbitration provision, “at its sole discretion” and “at any time,” and such

modifications will be effective immediately upon being posted on the site. Under the

heading “Changes to Terms and Conditions,” the contract states:

Blockbuster may at any time, and at its sole discretion, modify these Terms

and Conditions of Use, including without limitation the Privacy Policy, with

or without notice. Such modifications will be effective immediately upon

posting. You agree to review these Terms and Conditions of Use periodically

and your continued use of this Site following such modifications will indicate

your acceptance of these modified Terms and Conditions of Use. If you do not

82.

agree to any modification of these Terms and Conditions of Use, you must

immediately stop using this Site.

The Court concludes that the Blockbuster arbitration provision is illusory for the same

reasons as that in Morrison. Here, as in Morrison, there is nothing in the Terms and

Conditions that prevents Blockbuster from unilaterally changing any part of the contract

other than providing that such changes will not take effect until posted on the website.

There are likewise no “Halliburton type savings clauses,” as there is “nothing to suggest

that once published the amendment would be inapplicable to disputes arising, or arising

out of events occurring, before such publication.” The Fifth Circuit in Morrison noted the

lack of an “express exemption” of the ability to unilaterally modify all rules, which the

Blockbuster agreement also does not contain. The Blockbuster contract only states that

modifications “will be effective immediately upon posting,” and the natural reading of that

clause does not limit application of the modifications to earlier disputes.

The Court addresses two differences between the Blockbuster contract and that in

Morrison. Under Texas law, where, as here, an arbitration provision is incorporated within

a larger contract, the benefits of the underlying contract can serve as consideration. The

Morrison contract was a stand-alone agreement, and as such required independent

consideration. Second, in Morrison, the defendant was actually attempting to retroactively

apply the arbitration agreement to events that had happened before it was in effect, and

there is no such suggestion here.

Neither distinction affects this Court’s determination that the Blockbuster contract is

illusory. First, the Supreme Court has broadly held that challenges to a contract as a whole,

and not specifically to the arbitration clause, must go to the arbitrator. Defendant argues

that because Plaintiffs challenge a provision that applies to the contract as a whole, the

challenge must be heard by the arbitrator. The Court disagrees. Plaintiffs’ challenge is to

the arbitration provision, and therefore the challenge is properly before the Court.

Second, the rule in Morrison applies to cases where there was no attempt to apply a

contract modification to prior events. In Simmons v. Quixtar, Inc., the court stated that “a

close reading of the Fifth Circuit’s opinion [in Morrison] is not predicated on that sole

ground [of applying modification to earlier actions]. The Court’s reasoning applies to the

Rules of Conduct and Amway’s (Quixtar’s) ability to unilaterally change the rules of the

game.” The court continued: “[t]he language of the Circuit’s [Morrison] opinion ... decided

the issue on the basis that the ability to change the rules at any time made the contract

merely illusory.” The Court agrees with that analysis and finds that the Morrison rule

applies even when no retroactive modification has been attempted.

Conclusion

For these reasons, the Court concludes that the arbitration provision of the Blockbuster

contract is illusory and unenforceable, and accordingly, Defendant’s Motion to Compel

Individual Arbitration is denied.

83.

NOTES AND QUESTIONS

Rodman v. Safeway Inc., 2015 WL 604985 (N.D. Cal. 2015) also involved a clause that

Safeway purportedly could amend the contract unilaterally by posting new terms on its

website:

The Safeway.com agreement did not give Safeway the power to bind its

customers to unknown future contract terms, because consumers cannot

assent to terms that do not yet exist. A user confronting a contract in which

she purports to agree to terms in whatever form they may appear in the

future cannot know to what she is are agreeing. At most, this term in the

Safeway.com agreement could be read to indicate that a customer agrees to

read the terms and conditions every time she makes a purchase on the

website in the future. But the Court also concludes that, even in light of their

agreement to the Special Terms at the time of registration, customers’ assent

to the revised Terms cannot be inferred from their continued use of

Safeway.com when they were never given notice that the Special Terms had

been altered….

[B]eyond the impracticality of expecting consumers to spend time inspecting

a contract they have no reason to believe has been changed, the imposition of

such an onerous requirement on consumers would be particularly lopsided, as

Safeway is aware that it has—or has not—made changes to the Terms and is

the party to the contract that wishes for the new terms to govern. “[T]he onus

must be on website owners to put users on notice of the terms to which they

wish to bind consumers.” Safeway is best positioned to make sure customers

are aware of changes that Safeway has made to its contract with Class

Members. After making a change, Safeway can take any number of actions to

alert users that the Special Terms they agreed to at registration have been

altered. For instance, Safeway could ask customers to click to indicate that

they agree to the new Special Terms or send all existing Safeway.com

customers an email in order to ensure that every consumer is aware of a

change in the Special Terms prior to making a purchase. When Safeway

changed the Special Terms on November 15, 2011, it opted to do neither.

Do unilateral modification clauses fail because consumers lack notice of the changes,

because of a lack of consideration for the changes, or both?

What happens if a purported contract modification/amendment legally fails?

Consideration for Amendments. In Tompkins v. 23andMe, Inc., 2014 WL 2903752 (N.D. Cal.

2014), 23andMe sold genetic testing kits. Buyers could purchase the kits without agreeing

to an arbitration clause. The site had a footer link to “terms of service,” which contained an

arbitration clause. However, the court declared that an unenforceable “browsewrap.”

After consumers got their kits and sent the materials back to 23andMe, they could access

their personalized test results by creating an account. During the account registration

process, 23andMe properly presented a clickthrough agreement containing an arbitration

84.

clause. If any consumers objected to the terms of that clickthrough agreement, they would

not have been entitled to a refund of their money.

The plaintiffs argued that the consumers formed a contract with 23andMe when they

initially bought the kits, so the clickthrough agreement presented at account registration

constituted an amendment without consideration. The court responded:

The Ninth Circuit has held, in the employment context and under California

law, that a “promise to be bound by the arbitration process itself serves as

adequate consideration.” Under this precedent, 23andMe’s agreement to

accept arbitration provided acceptable consideration to its customers. The

TOS also provided certain rights to customers, such as a “limited license” to

use 23andMe’s “Services” as defined in the agreement. Furthermore, in

exchange for clicking “I ACCEPT,” customers received the health and

ancestry results from their DNA samples. Accordingly, Plaintiffs received

sufficient consideration for agreeing to the TOS.

On appeal, the Ninth Circuit affirmed the lower court’s ruling that the contract wasn’t

unconscionable. Tompkins v. 23andMe, Inc., 840 F.3d 1016 (9th Cir. 2016). The Ninth

Circuit opinion did not address the formation/amendment issues.

Read literally, the 23andMe case suggests that amending a contract to add an arbitration

clause always will be supported by mutual consideration.

Could the implied covenant of good faith and fair dealing (which is implied into every

contract) provide the consideration needed to support a unilateral amendment clause? See Loewen v. Lyft, 129 F. Supp. 3d 945 (N.D. Cal. 2015) (maybe, but don’t count on it).

If a buyer purchased a 23andMe kit and gave it (unopened) as a gift to someone else, would

any legal claims by the buyer (as opposed to the gift recipient) be governed by the

arbitration clause?

Steps to Amend. In light of these legal principles, what steps should an online service take

to amend its user agreement? Consider the suggestions from Juliet Moringiello & John

Ottaviani, Online Contracts: We May Modify These Terms at Any Time, Right?, BUSINESS

LAW TODAY, May 2016,

https://www.americanbar.org/groups/business_law/publications/blt/2016/05/07_moringiello/:

 “If you are preparing initial terms and conditions, avoid using ‘we can

modify these terms at any time’ language. You do not know in advance in

which court the plaintiff will attempt to attack the language and whether

that court will uphold the clause or strike the clause or the entire contract

as illusory. Even if you successfully uphold the language in court, you

have needlessly spent time and money in a dispute that could have been

avoided.

 If the initial terms and conditions provide a procedure for modifying the

terms, at a minimum, one should follow those procedures.

85.

 Use language similar to ‘we can modify these terms at any time, after

providing notice to you.’ This is more analogous to the traditional credit

card cases. The problem then becomes how to provide notice. One option

is to send an e-mail to all subscribers at the e-mail address provided with

their registration. However, this does not work for websites with no

registration mechanism. Here, a prominent notice on the website, coupled

with a right to reject the terms (e.g., ‘If you disagree with the terms, do

not continue to use the service/website’) may be successful. Alternatively,

require a click-wrap type of mechanism where the users cannot continue

to use the website unless they affirmatively click on a box or button

assenting to the modified terms.

 Provide a means for the subscriber to reject the modification by quitting

the service or discontinuing use of the website without penalty.”

Serial E-Commerce Transactions. Amazon added an arbitration clause to its

“conditions of use” in 2013. With each customer purchase thereafter, Amazon said

“By placing your order, you agree to Amazon.com’s privacy notice and conditions of

use” (where the documents are linked). You can see the implementation below

(under “Review your order”). Does this implementation bind to arbitration any

customers who signed up to the conditions of use before 2013?

86.

See Nicosia v. Amazon, 834 F.3d 220 (2d Cir. 2016) (casting doubt on the

enforceability of this implementation). Can you change Amazon’s implementation to

increase the odds of enforceability? For a denouement on the Nicosia case, see

Nicosia v. Amazon.com, Inc., 384 F. Supp. 3d 254 (E.D.N.Y. 2019), aff’d on other

grounds 2020 WL 2988855 (2d Cir. 2020).

CHAPTER 3 REVIEW QUESTION #1

Does the following exchange of instant messages between advertiser Smoking Everywhere

and publisher CX constitute a valid contract for additional leads?

[CX] (2:50:08 PM): We can do 2000 orders/day by Friday if I have your

blessing

87.

[CX] (2:52:13 PM): those 2000 leads are going to be generated by our best

affiliate and he’s legit

[Smoking Everywhere]: is available (3:42:42): I am away from my computer

right now

[CX] (4:07:57 PM): And I want the AOR when we make your offer #1 on the

network

[Smoking Everywhere] (4:43:09 PM): NO LIMIT

[CX] (4:43:21 PM): awesome!

CHAPTER 3 REVIEW QUESTION #2

(a) Does this service properly form its user agreement?

88.

(b) Does this service properly form its user agreement and privacy policy?

89.

(c) Does this service properly form its membership terms and conditions?

90.

(d) Does this service properly form its terms of use?

91.

IV. Trespass/Computer Fraud & Abuse Act

Comparison of Trespass to Chattels Legal Doctrines

Chattel Interference Damage

Restatements

(Common law)

intentional use or physical contact • dispossess

• impair condition/quality/value

• lost use for substantial time period

• bodily harm or harm to legally protected interest

18 USC 1030

(a)(5)(A)

knowingly transmit

program/info/code/command

intentionally impair integrity/availability of data, program, system

or information without authorization which causes

• loss of $5k/yr (includes remediation costs and costs/lost revenues from service interruption)

• [medical harm] or physical injury

• threat to public health/safety

• damage to government computer

• damage to 10+ computers/yr

18 USC 1030

(a)(5)(B) & (C)

intentional access without

authorization

impair integrity/availability of data, program, system or

information which causes

• loss of $5k/yr (includes remediation costs and costs/lost revenues from service interruption)

• [medical harm] or physical injury

• threat to public health/safety

• damage to government computer

• damage to 10+ computers/yr

Note: (B) requires reckless impairment; (C) requires “loss”

CA Penal

502(c)

Knowingly without permission

(2) access and take/copy/use data

from computer system/network

(3) use computer services

(7) access computer

system/network

any damage or loss (including verification expenses)

92.

The next case is an Internet Law classic. It is the seminal ruling on the scope of “property”

boundaries for the Internet and the personal property used to transmit data. While the

common law doctrines discussed in the case are rarely litigated nowadays (mostly because

of this ruling’s legal standards), the underlying questions about who can use an Internet-

connected device, and what terms govern such usage, affect a wide range of Internet

activities, such as spam, data scraping, the placement of advertising cookies, Net

Neutrality, and employees downloading company data to flash drives.

Intel Corp. v. Hamidi, 30 Cal. 4th 1342 (Cal. 2003).

Werdegar, Justice.

Intel Corporation (Intel) maintains an electronic mail system, connected to the Internet,

through which messages between employees and those outside the company can be sent

and received, and permits its employees to make reasonable nonbusiness use of this system.

On six occasions over almost two years, Kourosh Kenneth Hamidi, a former Intel employee,

sent e-mails criticizing Intel’s employment practices to numerous current employees on

Intel’s electronic mail system. Hamidi breached no computer security barriers in order to

communicate with Intel employees. He offered to, and did, remove from his mailing list any

recipient who so wished. Hamidi’s communications to individual Intel employees caused

neither physical damage nor functional disruption to the company’s computers, nor did they

at any time deprive Intel of the use of its computers. The contents of the messages,

however, caused discussion among employees and managers.

On these facts, Intel brought suit, claiming that by communicating with its employees over

the company’s e-mail system Hamidi committed the tort of trespass to chattels. The trial

court granted Intel’s motion for summary judgment and enjoined Hamidi from any further

mailings. A divided Court of Appeal affirmed.

After reviewing the decisions analyzing unauthorized electronic contact with computer

systems as potential trespasses to chattels, we conclude that under California law the tort

does not encompass, and should not be extended to encompass, an electronic

communication that neither damages the recipient computer system nor impairs its

functioning. Such an electronic communication does not constitute an actionable trespass to

personal property, i.e., the computer system, because it does not interfere with the

possessor’s use or possession of, or any other legally protected interest in, the personal

property itself. The consequential economic damage Intel claims to have suffered, i.e., loss

of productivity caused by employees reading and reacting to Hamidi’s messages and

company efforts to block the messages, is not an injury to the company’s interest in its

computers—which worked as intended and were unharmed by the communications—any

more than the personal distress caused by reading an unpleasant letter would be an injury

to the recipient’s mailbox, or the loss of privacy caused by an intrusive telephone call would

be an injury to the recipient’s telephone equipment.

Our conclusion does not rest on any special immunity for communications by electronic

mail; we do not hold that messages transmitted through the Internet are exempt from the

ordinary rules of tort liability. To the contrary, e-mail, like other forms of communication,

may in some circumstances cause legally cognizable injury to the recipient or to third

parties and may be actionable under various common law or statutory theories. Indeed, on

facts somewhat similar to those here, a company or its employees might be able to plead

93.

causes of action for interference with prospective economic relations, interference with

contract or intentional infliction of emotional distress. And, of course, as with any other

means of publication, third party subjects of e-mail communications may under appropriate

facts make claims for defamation, publication of private facts, or other speech-based torts.

Intel’s claim fails not because e-mail transmitted through the Internet enjoys unique

immunity, but because the trespass to chattels tort—unlike the causes of action just

mentioned—may not, in California, be proved without evidence of an injury to the plaintiff’s

personal property or legal interest therein.

Nor does our holding affect the legal remedies of Internet service providers (ISP’s) against

senders of unsolicited commercial bulk e-mail (UCE), also known as “spam.” A series of

federal district court decisions, beginning with CompuServe, Inc. v. Cyber Promotions, Inc.

(S.D. Ohio 1997) 962 F. Supp. 1015, has approved the use of trespass to chattels as a theory

of spammers’ liability to ISP’s, based upon evidence that the vast quantities of mail sent by

spammers both overburdened the ISP’s own computers and made the entire computer

system harder to use for recipients, the ISP’s customers. In those cases, discussed in

greater detail below, the underlying complaint was that the extraordinary quantity of UCE

impaired the computer system’s functioning. In the present case, the claimed injury is

located in the disruption or distraction caused to recipients by the contents of the e-mail

messages, an injury entirely separate from, and not directly affecting, the possession or

value of personal property.

FACTUAL AND PROCEDURAL BACKGROUND…

Hamidi, a former Intel engineer, together with others, formed an organization named

Former and Current Employees of Intel (FACE-Intel) to disseminate information and views

critical of Intel’s employment and personnel policies and practices. FACE-Intel maintained

a Web site (which identified Hamidi as Webmaster and as the organization’s spokesperson)

containing such material. In addition, over a 21-month period Hamidi, on behalf of FACE-

Intel, sent six mass e-mails to employee addresses on Intel’s electronic mail system. The

messages criticized Intel’s employment practices, warned employees of the dangers those

practices posed to their careers, suggested employees consider moving to other companies,

solicited employees’ participation in FACE-Intel, and urged employees to inform themselves

further by visiting FACE-Intel’s Web site. The messages stated that recipients could, by

notifying the sender of their wishes, be removed from FACE-Intel’s mailing list; Hamidi did

not subsequently send messages to anyone who requested removal.

Each message was sent to thousands of addresses (as many as 35,000 according to FACE-

Intel’s Web site), though some messages were blocked by Intel before reaching employees.

Intel’s attempt to block internal transmission of the messages succeeded only in part;

Hamidi later admitted he evaded blocking efforts by using different sending computers.

When Intel, in March 1998, demanded in writing that Hamidi and FACE-Intel stop sending

e-mails to Intel’s computer system, Hamidi asserted the organization had a right to

communicate with willing Intel employees; he sent a new mass mailing in September 1998.

The summary judgment record contains no evidence Hamidi breached Intel’s computer

security in order to obtain the recipient addresses for his messages; indeed, internal Intel

94.

memoranda show the company’s management concluded no security breach had occurred.1

Hamidi stated he created the recipient address list using an Intel directory on a floppy disk

anonymously sent to him. Nor is there any evidence that the receipt or internal distribution

of Hamidi’s electronic messages damaged Intel’s computer system or slowed or impaired its

functioning. Intel did present uncontradicted evidence, however, that many employee

recipients asked a company official to stop the messages and that staff time was consumed

in attempts to block further messages from FACE-Intel. According to the FACE-Intel Web

site, moreover, the messages had prompted discussions between “[e]xcited and nervous

managers” and the company’s human resources department.

[Editor’s note: here is a screenshot of the FACE-Intel website from 1999, after Hamidi had

already been sued by Intel]

Intel sued Hamidi and FACE-Intel, pleading causes of action for trespass to chattels and

nuisance, and seeking both actual damages and an injunction against further e-mail

1 To the extent, therefore, that Justice Mosk suggests Hamidi breached the security of Intel’s internal computer

network by “circumvent[ing]” Intel’s “security measures” and entering the company’s “intranet”, the evidence

does not support such an implication. An “intranet” is “a network based on TCP/IP protocols (an internet)

belonging to an organization, usually a corporation, accessible only by the organization’s members, employees,

or others with authorization.” Hamidi used only a part of Intel’s computer network accessible to outsiders.

95.

messages. Intel later voluntarily dismissed its nuisance claim and waived its demand for

damages. The trial court entered default against FACE-Intel upon that organization’s

failure to answer. The court then granted Intel’s motion for summary judgment,

permanently enjoining Hamidi, FACE-Intel, and their agents “from sending unsolicited e-

mail to addresses on Intel’s computer systems.” Hamidi appealed; FACE-Intel did not.

The Court of Appeal, with one justice dissenting, affirmed the grant of injunctive relief. The

majority took the view that the use of or intermeddling with another’s personal property is

actionable as a trespass to chattels without proof of any actual injury to the personal

property; even if Intel could not show any damages resulting from Hamidi’s sending of

messages, “it showed he was disrupting its business by using its property and therefore is

entitled to injunctive relief based on a theory of trespass to chattels.” The dissenting justice

warned that the majority’s application of the trespass to chattels tort to “unsolicited

electronic mail that causes no harm to the private computer system that receives it” would

“expand the tort of trespass to chattel in untold ways and to unanticipated

circumstances.”…

DISCUSSION

I. Current California Tort Law

Dubbed by Prosser the “little brother of conversion,” the tort of trespass to chattels allows

recovery for interferences with possession of personal property “not sufficiently important

to be classed as conversion, and so to compel the defendant to pay the full value of the thing

with which he has interfered.”

Though not amounting to conversion, the defendant’s interference must, to be actionable,

have caused some injury to the chattel or to the plaintiff’s rights in it. Under California law,

trespass to chattels “lies where an intentional interference with the possession of personal

property has proximately caused injury.” (Thrifty-Tel, Inc. v. Bezenek (1996) 46 Cal. App.

4th 1559, 1566, italics added.) In cases of interference with possession of personal property

not amounting to conversion, “the owner has a cause of action for trespass or case, and may

recover only the actual damages suffered by reason of the impairment of the property or the

loss of its use.” In modern American law generally, “[t]respass remains as an occasional

remedy for minor interferences, resulting in some damage, but not sufficiently serious or

sufficiently important to amount to the greater tort” of conversion. (Prosser & Keeton,

Torts, supra, § 15, p. 90, italics added.)

The Restatement, too, makes clear that some actual injury must have occurred in order for

a trespass to chattels to be actionable. Under section 218 of the Restatement Second of

Torts, dispossession alone, without further damages, is actionable, but other forms of

interference require some additional harm to the personal property or the possessor’s

interests in it. “The interest of a possessor of a chattel in its inviolability, unlike the similar

interest of a possessor of land, is not given legal protection by an action for nominal

damages for harmless intermeddlings with the chattel. In order that an actor who

interferes with another’s chattel may be liable, his conduct must affect some other and

more important interest of the possessor. Therefore, one who intentionally intermeddles

with another’s chattel is subject to liability only if his intermeddling is harmful to the

possessor’s materially valuable interest in the physical condition, quality, or value of the

96.

chattel, or if the possessor is deprived of the use of the chattel for a substantial time, or some

other legally protected interest of the possessor is affected as stated in Clause (c). Sufficient

legal protection of the possessor’s interest in the mere inviolability of his chattel is afforded

by his privilege to use reasonable force to protect his possession against even harmless

interference.”

The Court of Appeal (quoting 7 Speiser et al., American Law of Torts (1990) Trespass, §

23:23, p. 667) referred to “‘a number of very early cases [showing that] any unlawful

interference, however slight, with the enjoyment by another of his personal property, is a

trespass.’” But while a harmless use or touching of personal property may be a technical

trespass, an interference (not amounting to dispossession) is not actionable, under modern

California and broader American law, without a showing of harm. As already discussed,

this is the rule embodied in the Restatement (Rest.2d Torts, § 218) and adopted by

California law (Zaslow v. Kroenert, supra, 29 Cal.2d at p. 551; Thrifty-Tel, Inc. v. Bezenek,

supra, 46 Cal. App. 4th at p. 1566).

In this respect, as Prosser explains, modern day trespass to chattels differs both from the

original English writ and from the action for trespass to land: “Another departure from the

original rule of the old writ of trespass concerns the necessity of some actual damage to the

chattel before the action can be maintained. Where the defendant merely interferes without

doing any harm—as where, for example, he merely lays hands upon the plaintiff’s horse, or

sits in his car—there has been a division of opinion among the writers, and a surprising

dearth of authority. By analogy to trespass to land there might be a technical tort in such a

case.... Such scanty authority as there is, however, has considered that the dignitary interest

in the inviolability of chattels, unlike that as to land, is not sufficiently important to require

any greater defense than the privilege of using reasonable force when necessary to protect

them. Accordingly it has been held that nominal damages will not be awarded, and that in

the absence of any actual damage the action will not lie.”

Intel suggests that the requirement of actual harm does not apply here because it sought

only injunctive relief, as protection from future injuries. But as Justice Kolkey, dissenting

below, observed, “[t]he fact the relief sought is injunctive does not excuse a showing of

injury, whether actual or threatened.” Indeed, in order to obtain injunctive relief the

plaintiff must ordinarily show that the defendant’s wrongful acts threaten to cause

irreparable injuries, ones that cannot be adequately compensated in damages. Even in an

action for trespass to real property, in which damage to the property is not an element of

the cause of action, “the extraordinary remedy of injunction” cannot be invoked without

showing the likelihood of irreparable harm. A fortiori, to issue an injunction without a

showing of likely irreparable injury in an action for trespass to chattels, in which injury to

the personal property or the possessor’s interest in it is an element of the action, would

make little legal sense.

The dispositive issue in this case, therefore, is whether the undisputed facts demonstrate

Hamidi’s actions caused or threatened to cause damage to Intel’s computer system, or

injury to its rights in that personal property, such as to entitle Intel to judgment as a

matter of law. To review, the undisputed evidence revealed no actual or threatened damage

to Intel’s computer hardware or software and no interference with its ordinary and

intended operation. Intel was not dispossessed of its computers, nor did Hamidi’s messages

prevent Intel from using its computers for any measurable length of time. Intel presented

97.

no evidence its system was slowed or otherwise impaired by the burden of delivering

Hamidi’s electronic messages. Nor was there any evidence transmission of the messages

imposed any marginal cost on the operation of Intel’s computers. In sum, no evidence

suggested that in sending messages through Intel’s Internet connections and internal

computer system Hamidi used the system in any manner in which it was not intended to

function or impaired the system in any way. Nor does the evidence show the request of any

employee to be removed from FACE-Intel’s mailing list was not honored. The evidence did

show, however, that some employees who found the messages unwelcome asked

management to stop them and that Intel technical staff spent time and effort attempting to

block the messages. A statement on the FACE-Intel Web site, moreover, could be taken as

an admission that the messages had caused “[e]xcited and nervous managers” to discuss

the matter with Intel’s human resources department.

Relying on a line of decisions, most from federal district courts, applying the tort of trespass

to chattels to various types of unwanted electronic contact between computers, Intel

contends that, while its computers were not damaged by receiving Hamidi’s messages, its

interest in the “physical condition, quality or value” of the computers was harmed. We

disagree. The cited line of decisions does not persuade us that the mere sending of

electronic communications that assertedly cause injury only because of their contents

constitutes an actionable trespass to a computer system through which the messages are

transmitted. Rather, the decisions finding electronic contact to be a trespass to computer

systems have generally involved some actual or threatened interference with the

computers’ functioning.

In Thrifty-Tel, Inc. v. Bezenek, supra, 46 Cal. App. 4th at pages 1566-1567 (Thrifty-Tel), the

California Court of Appeal held that evidence of automated searching of a telephone

carrier’s system for authorization codes supported a cause of action for trespass to chattels.

The defendant’s automated dialing program “overburdened the [plaintiff’s] system, denying

some subscribers access to phone lines”, showing the requisite injury.

Following Thrifty-Tel, a series of federal district court decisions held that sending UCE

through an ISP’s equipment may constitute trespass to the ISP’s computer system. The

lead case, CompuServe, Inc. v. Cyber Promotions, Inc., supra, 962 F. Supp. 1015, 1021-1023

(CompuServe), was followed by Hotmail Corp. v. Van$ Money Pie, Inc. (N.D. Cal., Apr. 16,

1998) 1998 WL 388389, page *7, America Online, Inc. v. IMS (E.D. Va. 1998) 24 F. Supp. 2d

548, 550-551, and America Online, Inc. v. LCGM, Inc. (E.D. Va. 1998) 46 F. Supp. 2d 444,

451-452.

In each of these spamming cases, the plaintiff showed, or was prepared to show, some

interference with the efficient functioning of its computer system. In CompuServe, the

plaintiff ISP’s mail equipment monitor stated that mass UCE mailings, especially from

nonexistent addresses such as those used by the defendant, placed “a tremendous burden”

on the ISP’s equipment, using “disk space and drain[ing] the processing power,” making

those resources unavailable to serve subscribers. Similarly, in Hotmail Corp. v. Van$

Money Pie, Inc., the court found the evidence supported a finding that the defendant’s

mailings “fill[ed] up Hotmail’s computer storage space and threaten[ed] to damage

Hotmail’s ability to service its legitimate customers.” America Online, Inc. v. IMS, decided

on summary judgment, was deemed factually indistinguishable from CompuServe; the

court observed that in both cases the plaintiffs “alleged that processing the bulk e-mail cost

98.

them time and money and burdened their equipment.” The same court, in America Online,

Inc. v. LCGM, Inc., simply followed CompuServe and its earlier America Online decision,

quoting the former’s explanation that UCE burdened the computer’s processing power and

memory.

Building on the spamming cases, in particular CompuServe, three even more recent district

court decisions addressed whether unauthorized robotic data collection4 from a company’s

publicly accessible Web site is a trespass on the company’s computer system. (eBay, Inc. v.

Bidder’s Edge, Inc., supra, 100 F. Supp. 2d at pp. 1069-1072 (eBay); Register.com, Inc. v.

Verio, Inc. (S.D.N.Y. 2000) 126 F. Supp. 2d 238, 248-251; Ticketmaster Corp. v.

Tickets.com, Inc., supra, 2000 WL 1887522 at p. *4.) The two district courts that found such

automated data collection to constitute a trespass relied, in part, on the deleterious impact

this activity could have, especially if replicated by other searchers, on the functioning of a

Web site’s computer equipment.

In the leading case, eBay, the defendant Bidder’s Edge (BE), operating an auction

aggregation site, accessed the eBay Web site about 100,000 times per day, accounting for

between 1 and 2 percent of the information requests received by eBay and a slightly smaller

percentage of the data transferred by eBay. The district court rejected eBay’s claim that it

was entitled to injunctive relief because of the defendant’s unauthorized presence alone, or

because of the incremental cost the defendant had imposed on operation of the eBay site,

but found sufficient proof of threatened harm in the potential for others to imitate the

defendant’s activity: “If BE’s activity is allowed to continue unchecked, it would encourage

other auction aggregators to engage in similar recursive searching of the eBay system such

that eBay would suffer irreparable harm from reduced system performance, system

unavailability, or data losses.” Again, in addressing the likelihood of eBay’s success on its

trespass to chattels cause of action, the court held the evidence of injury to eBay’s computer

system sufficient to support a preliminary injunction: “If the court were to hold otherwise, it

would likely encourage other auction aggregators to crawl the eBay site, potentially to the

point of denying effective access to eBay’s customers. If preliminary injunctive relief were

denied, and other aggregators began to crawl the eBay site, there appears to be little doubt

that the load on eBay’s computer system would qualify as a substantial impairment of

condition or value.”

Another district court followed eBay on similar facts—a domain name registrar’s claim

against a Web hosting and development site that robotically searched the registrar’s

database of newly registered domain names in search of business leads—in Register.com,

Inc. v. Verio, Inc. Although the plaintiff was unable to measure the burden the defendant’s

searching had placed on its system, the district court, quoting the declaration of one of the

plaintiff’s officers, found sufficient evidence of threatened harm to the system in the

possibility the defendant’s activities would be copied by others: “‘I believe that if Verio’s

searching of Register.com’s WHOIS database were determined to be lawful, then every

purveyor of Internet-based services would engage in similar conduct.’” Like eBay, the court

observed, Register.com had a legitimate fear “that its servers will be flooded by search

robots.”

4 Data search and collection robots, also known as “Web bots” or “spiders,” are programs designed to rapidly

search numerous Web pages or sites, collecting, retrieving, and indexing information from these pages. Their

uses include creation of searchable databases, Web catalogues and comparison shopping services.

99.

In the third decision discussing robotic data collection as a trespass, Ticketmaster Corp. v.

Tickets.com, Inc. (Ticketmaster), the court, distinguishing eBay, found insufficient evidence

of harm to the chattel to constitute an actionable trespass: “A basic element of trespass to

chattels must be physical harm to the chattel (not present here) or some obstruction of its

basic function (in the court’s opinion not sufficiently shown here).... The comparative use

[by the defendant of the plaintiff’s computer system] appears very small and there is no

showing that the use interferes to any extent with the regular business of [the plaintiff]....

Nor here is the specter of dozens or more parasites joining the fray, the cumulative total of

which could affect the operation of [the plaintiff’s] business.”

In the decisions so far reviewed, the defendant’s use of the plaintiff’s computer system was

held sufficient to support an action for trespass when it actually did, or threatened to,

interfere with the intended functioning of the system, as by significantly reducing its

available memory and processing power. In Ticketmaster, the one case where no such effect,

actual or threatened, had been demonstrated, the court found insufficient evidence of harm

to support a trespass action. These decisions do not persuade us to Intel’s position here, for

Intel has demonstrated neither any appreciable effect on the operation of its computer

system from Hamidi’s messages, nor any likelihood that Hamidi’s actions will be replicated

by others if found not to constitute a trespass.

That Intel does not claim the type of functional impact that spammers and robots have been

alleged to cause is not surprising in light of the differences between Hamidi’s activities and

those of a commercial enterprise that uses sheer quantity of messages as its

communications strategy. Though Hamidi sent thousands of copies of the same message on

six occasions over 21 months, that number is minuscule compared to the amounts of mail

sent by commercial operations. The individual advertisers sued in America Online, Inc. v.

IMS, and America Online, Inc. v. LCGM, Inc., were alleged to have sent more than 60

million messages over 10 months and more than 92 million messages over seven months,

respectively. Collectively, UCE has reportedly come to constitute about 45 percent of all e-

mail. The functional burden on Intel’s computers, or the cost in time to individual

recipients, of receiving Hamidi’s occasional advocacy messages cannot be compared to the

burdens and costs caused ISP’s and their customers by the ever-rising deluge of commercial

e-mail.

Intel relies on language in the eBay decision suggesting that unauthorized use of another’s

chattel is actionable even without any showing of injury: “Even if, as [defendant] BE

argues, its searches use only a small amount of eBay’s computer system capacity, BE has

nonetheless deprived eBay of the ability to use that portion of its personal property for its

own purposes. The law recognizes no such right to use another’s personal property.” But as

the eBay court went on immediately to find that the defendant’s conduct, if widely

replicated, would likely impair the functioning of the plaintiff’s system, we do not read the

quoted remarks as expressing the court’s complete view of the issue. In isolation, moreover,

they would not be a correct statement of California or general American law on this point.

While one may have no right temporarily to use another’s personal property, such use is

actionable as a trespass only if it “has proximately caused injury.” (Thrifty-Tel, supra, 46

Cal. App. 4th at p. 1566.) “[I]n the absence of any actual damage the action will not lie.”

(Prosser & Keeton, Torts, supra, § 14, p. 87.) Short of dispossession, personal injury, or

physical damage (not present here), intermeddling is actionable only if “the chattel is

100.

impaired as to its condition, quality, or value, or [¶] ... the possessor is deprived of the use of

the chattel for a substantial time.” (Rest.2d Torts, § 218, pars. (b), (c).) In particular, an

actionable deprivation of use “must be for a time so substantial that it is possible to

estimate the loss caused thereby. A mere momentary or theoretical deprivation of use is not

sufficient unless there is a dispossession....” That Hamidi’s messages temporarily used some

portion of the Intel computers’ processors or storage is, therefore, not enough; Intel must,

but does not, demonstrate some measurable loss from the use of its computer system.5

In addition to impairment of system functionality, CompuServe and its progeny also refer to

the ISP’s loss of business reputation and customer goodwill, resulting from the

inconvenience and cost that spam causes to its members, as harm to the ISP’s legally

protected interests in its personal property. Intel argues that its own interest in employee

productivity, assertedly disrupted by Hamidi’s messages, is a comparable protected interest

in its computer system. We disagree.

Whether the economic injuries identified in CompuServe were properly considered injuries

to the ISP’s possessory interest in its personal property, the type of property interest the

tort is primarily intended to protect, has been questioned.6 “[T]he court broke the chain

between the trespass and the harm, allowing indirect harms to CompuServe’s business

interests—reputation, customer goodwill, and employee time—to count as harms to the

chattel (the server).” (Quilter, The Continuing Expansion of Cyberspace Trespass to

Chattels, 17 Berkeley Tech. L.J. at pp. 429-430.) “[T]his move cuts trespass to chattels free

from its moorings of dispossession or the equivalent, allowing the court free reign [sic] to

hunt for ‘impairment.’” (Burk, The Trouble with Trespass (2000) 4 J. Small & Emerging

Bus. L. 27, 35.) But even if the loss of goodwill identified in CompuServe were the type of

injury that would give rise to a trespass to chattels claim under California law, Intel’s

position would not follow, for Intel’s claimed injury has even less connection to its personal

property than did CompuServe’s.

CompuServe’s customers were annoyed because the system was inundated with unsolicited

commercial messages, making its use for personal communication more difficult and costly.

Their complaint, which allegedly led some to cancel their CompuServe service, was about

the functioning of CompuServe’s electronic mail service. Intel’s workers, in contrast, were

5 In the most recent decision relied upon by Intel, Oyster Software, Inc. v. Forms Processing, Inc. (N.D. Cal.,

Dec. 6, 2001) 2001 WL 1736382, pages *12-*13, a federal magistrate judge incorrectly read eBay as establishing,

under California law, that mere unauthorized use of another’s computer system constitutes an actionable

trespass. The plaintiff accused the defendant, a business competitor, of copying the metatags (code describing

the contents of a Web site to a search engine) from the plaintiff’s Web site, resulting in diversion of potential

customers for the plaintiff’s services. With regard to the plaintiff’s trespass claim (the plaintiff also pleaded

causes of action for, inter alia, misappropriation, copyright and trademark infringement), the magistrate judge

concluded that eBay imposed no requirement of actual damage and that the defendant’s conduct was sufficient

to establish a trespass “simply because [it] amounted to ‘use’ of Plaintiff’s computer.” But as just explained, we

do not read eBay as holding that the actual injury requirement may be dispensed with, and such a suggestion

would, in any event, be erroneous as a statement of California law. 6 In support of its reasoning, the CompuServe court cited paragraph (d) of section 218 of the Restatement Second

of Torts, which refers to harm “to some person or thing in which the possessor has a legally protected interest.”

As the comment to this paragraph explains, however, it is intended to cover personal injury to the possessor or

another person in whom the possessor has a legal interest, or injury to “other chattel or land” in which the

possessor of the chattel subject to the trespass has a legal interest. No personal injury was claimed either in

CompuServe or in the case at bar, and neither the lost goodwill in CompuServe nor the loss of employee

efficiency claimed in the present case is chattel or land.

101.

allegedly distracted from their work not because of the frequency or quantity of Hamidi’s

messages, but because of assertions and opinions the messages conveyed. Intel’s complaint

is thus about the contents of the messages rather than the functioning of the company’s e-

mail system. Even accepting CompuServe’s economic injury rationale, therefore, Intel’s

position represents a further extension of the trespass to chattels tort, fictionally

recharacterizing the allegedly injurious effect of a communication’s contents on recipients

as an impairment to the device which transmitted the message.

This theory of “impairment by content” (Burk, The Trouble with Trespass, 4 J. Small &

Emerging Bus. L. at p. 37) threatens to stretch trespass law to cover injuries far afield from

the harms to possession the tort evolved to protect. Intel’s theory would expand the tort of

trespass to chattels to cover virtually any unconsented-to communication that, solely

because of its content, is unwelcome to the recipient or intermediate transmitter. As the

dissenting justice below explained, “‘Damage’ of this nature—the distraction of reading or

listening to an unsolicited communication—is not within the scope of the injury against

which the trespass-to-chattel tort protects, and indeed trivializes it. After all, ‘[t]he property

interest protected by the old action of trespass was that of possession; and this has

continued to affect the character of the action.’ Reading an e-mail transmitted to equipment

designed to receive it, in and of itself, does not affect the possessory interest in the

equipment. [¶] Indeed, if a chattel’s receipt of an electronic communication constitutes a

trespass to that chattel, then not only are unsolicited telephone calls and faxes trespasses

to chattel, but unwelcome radio waves and television signals also constitute a trespass to

chattel every time the viewer inadvertently sees or hears the unwanted program.” We

agree. While unwelcome communications, electronic or otherwise, can cause a variety of

injuries to economic relations, reputation and emotions, those interests are protected by

other branches of tort law; in order to address them, we need not create a fiction of injury to

the communication system.

Nor may Intel appropriately assert a property interest in its employees’ time. “The

Restatement test clearly speaks in the first instance to the impairment of the chattel.... But

employees are not chattels (at least not in the legal sense of the term).” (Burk, The Trouble

with Trespass, 4 J. Small & Emerging Bus. L. at p. 36.) Whatever interest Intel may have

in preventing its employees from receiving disruptive communications, it is not an interest

in personal property, and trespass to chattels is therefore not an action that will lie to

protect it. Nor, finally, can the fact Intel staff spent time attempting to block Hamidi’s

messages be bootstrapped into an injury to Intel’s possessory interest in its computers. To

quote, again, from the dissenting opinion in the Court of Appeal: “[I]t is circular to premise

the damage element of a tort solely upon the steps taken to prevent the damage. Injury can

only be established by the completed tort’s consequences, not by the cost of the steps taken

to avoid the injury and prevent the tort; otherwise, we can create injury for every supposed

tort.”

Intel connected its e-mail system to the Internet and permitted its employees to make use

of this connection both for business and, to a reasonable extent, for their own purposes. In

doing so, the company necessarily contemplated the employees’ receipt of unsolicited as

well as solicited communications from other companies and individuals. That some

communications would, because of their contents, be unwelcome to Intel management was

virtually inevitable. Hamidi did nothing but use the e-mail system for its intended

purpose—to communicate with employees. The system worked as designed, delivering the

102.

messages without any physical or functional harm or disruption. These occasional

transmissions cannot reasonably be viewed as impairing the quality or value of Intel’s

computer system. We conclude, therefore, that Intel has not presented undisputed facts

demonstrating an injury to its personal property, or to its legal interest in that property,

that support, under California tort law, an action for trespass to chattels.

II. Proposed Extension of California Tort Law

We next consider whether California common law should be extended to cover, as a

trespass to chattels, an otherwise harmless electronic communication whose contents are

objectionable. We decline to so expand California law. Intel, of course, was not the recipient

of Hamidi’s messages, but rather the owner and possessor of computer servers used to relay

the messages, and it bases this tort action on that ownership and possession. The property

rule proposed is a rigid one, under which the sender of an electronic message would be

strictly liable to the owner of equipment through which the communication passes—here,

Intel—for any consequential injury flowing from the contents of the communication….

…Creating an absolute property right to exclude undesired communications from one’s e-

mail and Web servers might help force spammers to internalize the costs they impose on

ISP’s and their customers. But such a property rule might also create substantial new costs,

to e-mail and e-commerce users and to society generally, in lost ease and openness of

communication and in lost network benefits. In light of the unresolved controversy, we

would be acting rashly to adopt a rule treating computer servers as real property for

purposes of trespass law.

The Legislature has already adopted detailed regulations governing UCE. (Bus. & Prof.

Code, §§ 17538.4, 17538.45) It may see fit in the future also to regulate noncommercial e-

mail, such as that sent by Hamidi, or other kinds of unwanted contact between computers

on the Internet, such as that alleged in eBay. But we are not persuaded that these

perceived problems call at present for judicial creation of a rigid property rule of computer

server inviolability. We therefore decline to create an exception, covering Hamidi’s

unwanted electronic messages to Intel employees, to the general rule that a trespass to

chattels is not actionable if it does not involve actual or threatened injury to the personal

property or to the possessor’s legally protected interest in the personal property. No such

injury having been shown on the undisputed facts, Intel was not entitled to summary

judgment in its favor.

III. Constitutional Considerations

Because we conclude no trespass to chattels was shown on the summary judgment record,

making the injunction improper on common law grounds, we need not address at length the

dissenters’ constitutional arguments. A few clarifications are nonetheless in order.

Justice Mosk asserts that this case involves only “a private entity seeking to enforce private

trespass rights.” But the injunction here was issued by a state court. While a private

refusal to transmit another’s electronic speech generally does not implicate the First

Amendment, because no governmental action is involved (see Cyber Promotions, Inc. v.

American Online, Inc. (E.D. Penn. 1996) 948 F. Supp. 436, 441-445 [spammer could not

force private ISP to carry its messages]), the use of government power, whether in

103.

enforcement of a statute or ordinance or by an award of damages or an injunction in a

private lawsuit, is state action that must comply with First Amendment limits. Nor does

the nonexistence of a “constitutional right to trespass” make an injunction in this case per

se valid. Unlike, for example, the trespasser-to-land defendant in Church of Christ in

Hollywood v. Superior Court (2002) 99 Cal. App. 4th 1244, Hamidi himself had no tangible

presence on Intel property, instead speaking from his own home through his computer. He

no more invaded Intel’s property than does a protester holding a sign or shouting through a

bullhorn outside corporate headquarters, posting a letter through the mail, or telephoning

to complain of a corporate practice.

Justice Brown relies upon a constitutional “right not to listen,” rooted in the listener’s

“personal autonomy”, as compelling a remedy against Hamidi’s messages, which she asserts

were sent to “unwilling” listeners. Even assuming a corporate entity could under some

circumstances claim such a personal right, here the intended and actual recipients of

Hamidi’s messages were individual Intel employees, rather than Intel itself. The record

contains no evidence Hamidi sent messages to any employee who notified him such

messages were unwelcome. In any event, such evidence would, under the dissent’s rationale

of a right not to listen, support only a narrow injunction aimed at protecting individual

recipients who gave notice of their rejection. (See Bolger v. Youngs Drug Products Corp.

(1983) 463 U.S. 60, 72 [government may not act on behalf of all addressees by generally

prohibiting mailing of materials related to contraception, where those recipients who may

be offended can simply ignore and discard the materials]; Martin v. City of Struthers (1943)

319 U.S. 141, 144 [anti-canvassing ordinance improperly “substitutes the judgment of the

community for the judgment of the individual householder”]; cf. Rowan v. U.S. Post Office

Dept. (1970) 397 U.S. 728, 736 [“householder” may exercise “individual autonomy” by

refusing delivery of offensive mail].) The principle of a right not to listen, founded in

personal autonomy, cannot justify the sweeping injunction issued here against all

communication to Intel addresses, for such a right, logically, can be exercised only by, or at

the behest of, the recipient himself or herself.

DISPOSITION

The judgment of the Court of Appeal is reversed.

WE CONCUR: KENNARD, MORENO and PERREN*, JJ.

[Concurring opinion by Justice Kennard and dissenting opinion by Justice Brown are

omitted.]

Dissenting Opinion by MOSK, J.**

The majority hold that the California tort of trespass to chattels does not encompass the

use of expressly unwanted electronic mail that causes no physical damage or impairment to

the recipient’s computer system. They also conclude that because a computer system is not

* Associate Justice of the Court of Appeal, Second Appellate District, Division Six, assigned by the Chief Justice

pursuant to article VI, section 6 of the California Constitution. ** Associate Justice, Court of Appeal, Second Appellate District, Division Five, assigned by the Chief Justice

pursuant to article VI, section 6 of the California Constitution.

104.

like real property, the rules of trespass to real property are also inapplicable to the

circumstances in this case. Finally, they suggest that an injunction to preclude mass,

noncommercial, unwelcome e-mails may offend the interests of free communication.

I respectfully disagree and would affirm the trial court’s decision. In my view, the repeated

transmission of bulk e-mails by appellant Kourosh Kenneth Hamidi (Hamidi) to the

employees of Intel Corporation (Intel) on its proprietary confidential e-mail lists, despite

Intel’s demand that he cease such activities, constituted an actionable trespass to chattels.

The majority fail to distinguish open communication in the public “commons” of the

Internet from unauthorized intermeddling on a private, proprietary intranet. Hamidi is not

communicating in the equivalent of a town square or of an unsolicited “junk” mailing

through the United States Postal Service. His action, in crossing from the public Internet

into a private intranet, is more like intruding into a private office mailroom,

commandeering the mail cart, and dropping off unwanted broadsides on 30,000 desks.

Because Intel’s security measures have been circumvented by Hamidi, the majority leave

Intel, which has exercised all reasonable self-help efforts, with no recourse unless he causes

a malfunction or systems “crash.” Hamidi’s repeated intrusions did more than merely

“prompt[] discussions between ‘[e]xcited and nervous managers’ and the company’s human

resource department”; they also constituted a misappropriation of Intel’s private computer

system contrary to its intended use and against Intel’s wishes.

The law of trespass to chattels has not universally been limited to physical damage. I

believe it is entirely consistent to apply that legal theory to these circumstances—that is,

when a proprietary computer system is being used contrary to its owner’s purposes and

expressed desires, and self-help has been ineffective. Intel correctly expects protection from

an intruder who misuses its proprietary system, its nonpublic directories, and its

supposedly controlled connection to the Internet to achieve his bulk mailing objectives—

incidentally, without even having to pay postage.

I

Intel maintains an intranet—a proprietary computer network—as a tool for transacting

and managing its business, both internally and for external business communications.1 The

network and its servers constitute a tangible entity that has value in terms of the costs of

its components and its function in enabling and enhancing the productivity and efficiency of

Intel’s business operations. Intel has established costly security measures to protect the

integrity of its system, including policies about use, proprietary internal e-mail addresses

that it does not release to the public for use outside of company business, and a gateway for

blocking unwanted electronic mail—a so-called firewall.

1 The Oxford English Dictionary defines an intranet as “A local or restricted computer network; spec. a private

or corporate network that uses Internet protocols. An intranet may (but need not) be connected to the Internet

and be accessible externally to authorized users.” (OED Online, new ed., draft entry, Mar. 2003,

<http://dictionary.oed.com/> [as of June 30, 2003]; see also Kokka, Property Rights on an Intranet, 3 Spring 1998

J. Tech.L. & Policy 3, WL 3 UFLJTLP 3 at *3, *6 [defining an intranet as “an internal network of computers,

servers, routers and browser software designed to organize, secure, distribute and collect information within an

organization,” which in large organizations generally includes a wide range of services, including e-mail].)

Contrary to the majority’s assertion, there is nothing incorrect about characterizing Hamidi’s unauthorized bulk

e-mails as intrusions onto Intel’s intranet.

105.

The Intel computer usage guidelines, which are promulgated for its employees, state that

the computer system is to be “used as a resource in conducting business. Reasonable

personal use is permitted, but employees are reminded that these resources are the

property of Intel and all information on these resources is also the property of Intel.”

Examples of personal use that would not be considered reasonable expressly include “use

that adversely affects productivity.” Employee e-mail communications are neither private

nor confidential.

Hamidi, a former Intel employee who had sued Intel and created an organization to

disseminate negative information about its employment practices, sent bulk electronic mail

on six occasions to as many as 35,000 Intel employees on its proprietary computer system,

using Intel’s confidential employee e-mail lists and adopting a series of different origination

addresses and encoding strategies to elude Intel’s blocking efforts. He refused to stop when

requested by Intel to do so, asserting that he would ignore its demands: “I don’t care. I have

grown deaf.” Intel sought injunctive relief, alleging that the disruptive effect of the bulk

electronic mail, including expenses from administrative and management personnel,

damaged its interest in the proprietary nature of its network.

The trial court, in its order granting summary judgment and a permanent injunction, made

the following pertinent findings regarding Hamidi’s transmission of bulk electronic mail:

“Intel has requested that Hamidi stop sending the messages, but Hamidi has refused, and

has employed surreptitious means to circumvent Intel’s efforts to block entry of his

messages into Intel’s system.... [¶] ... The e-mail system is dedicated for use in conducting

business, including communications between Intel employees and its customers and

vendors. Employee e-mail addresses are not published for use outside company business....

[¶] The intrusion by Hamidi into the Intel e-mail system has resulted in the expenditure of

company resources to seek to block his mailings and to address employee concerns about

the mailings. Given Hamidi’s evasive techniques to avoid blocking, the self help remedy

available to Intel is ineffective.” The trial court concluded that “the evidence establishes

(without dispute) that Intel has been injured by diminished employee productivity and in

devoting company resources to blocking efforts and to addressing employees about Hamidi’s

e-mails.” The trial court further found that the “massive” intrusions “impaired the value to

Intel of its e-mail system.”

The majority agree that an impairment of Intel’s system would result in an action for

trespass to chattels, but find that Intel suffered no injury. As did the trial court, I conclude

that the undisputed evidence establishes that Intel was substantially harmed by the costs

of efforts to block the messages and diminished employee productivity. Additionally, the

injunction did not affect Hamidi’s ability to communicate with Intel employees by other

means; he apparently continues to maintain a Web site to publicize his messages

concerning the company. Furthermore, I believe that the trial court and the Court of Appeal

correctly determined that the tort of trespass to chattels applies in these circumstances.

The Restatement Second of Torts explains that a trespass to a chattel occurs if “the chattel

is impaired as to its condition, quality, or value” or if “harm is caused to some ... thing in

which the possessor has a legally protected interest.” (Rest.2d Torts, § 218, subds. (b) & (d),

p. 420, italics added.) As to this tort, a current prominent treatise on the law of torts

explains that “[t]he defendant may interfere with the chattel by interfering with the

plaintiff’s access or use” and observes that the tort has been applied so as “to protect

106.

computer systems from electronic invasions by way of unsolicited email or the like.” (1

Dobbs, The Law of Torts (2001) § 60, pp. 122-123.) Moreover, “[t]he harm necessary to

trigger liability for trespass to chattels can be ... harm to something other than the chattel

itself.” (Id., pp. 124-125; see also 1 Harper et al., The Law of Torts (3d ed. 1996 & 2003

supp.) § 2.3, pp. 2:14-2:18.) The Restatement points out that, unlike a possessor of land, a

possessor of a chattel is not given legal protection from harmless invasion, but “the actor”

may be liable if the conduct affects “some other and more important interest of the

possessor.” (Rest.2d Torts, § 218, com. (e), p. 421, italics added.)

The Restatement explains that the rationale for requiring harm for trespass to a chattel but

not for trespass to land is the availability and effectiveness of self-help in the case of

trespass to a chattel. “Sufficient legal protection of the possessor’s interest in the mere

inviolability of his chattel is afforded by his privilege to use reasonable force to protect his

possession against even harmless interference.” (Rest.2d Torts, § 218, com. (e), p. 422.)

Obviously, “force” is not available to prevent electronic trespasses. As shown by Intel’s

inability to prevent Hamidi’s intrusions, self-help is not an adequate alternative to

injunctive relief.

The common law tort of trespass to chattels does not require physical disruption to the

chattel. It also may apply when there is impairment to the “quality” or “value” of the

chattel. (Rest.2d Torts, § 218, subd. (b), p. 420; see also id., com. (e), pp. 421-422 [liability if

“intermeddling is harmful to the possessor’s materially valuable interest in the physical

condition, quality, or value of the chattel”].) Moreover, as we held in Zaslow v. Kroenert

(1946) 29 Cal.2d 541, 551, it also applies “[w]here the conduct complained of does not

amount to a substantial interference with possession or the right thereto, but consists of

intermeddling with or use of or damages to the personal property.”2

Here, Hamidi’s deliberate and continued intermeddling, and threatened intermeddling,

with Intel’s proprietary computer system for his own purposes that were hostile to Intel,

certainly impaired the quality and value of the system as an internal business device for

Intel and forced Intel to incur costs to try to maintain the security and integrity of its

server—efforts that proved ineffective. These included costs incurred to mitigate injuries

that had already occurred. It is not a matter of “bootstrapp[ing]” to consider those costs a

damage to Intel. Indeed, part of the value of the proprietary computer system is the ability

to exclude intermeddlers from entering it for significant uses that are disruptive to its

owner’s business operations.

If Intel, a large business with thousands of former employees, is unable to prevent Hamidi

from continued intermeddling, it is not unlikely that other outsiders who obtain access to

its proprietary electronic mail addresses would engage in similar conduct, further reducing

the value of, and perhaps debilitating, the computer system as a business productivity

mechanism. Employees understand that a firewall is in place and expect that the messages

they receive are from senders permitted by the corporation. Violation of this expectation

increases the internal disruption caused by messages that circumvent the company’s

2 In Zaslow, we observed that when the trespass involves “intermeddling with or use of” another’s property, the

owner “may recover only the actual damages suffered by reason of the impairment of the property or the loss of

its use.” We did not state that such damages were a requirement for a cause of action; nor did we address the

availability of injunctive relief.

107.

attempt to exclude them. The time that each employee must spend to evaluate, delete or

respond to the message, when added up, constitutes an amount of compensated time that

translates to quantifiable financial damage.3

All of these costs to protect the integrity of the computer system and to deal with the

disruptive effects of the transmissions and the expenditures attributable to employee time,

constitute damages sufficient to establish the existence of a trespass to chattels, even if the

computer system was not overburdened to the point of a “crash” by the bulk electronic mail.

The several courts that have applied the tort of trespass to chattels to deliberate

intermeddling with proprietary computer systems have, for the most part, used a similar

analysis. Thus, the court in CompuServe Inc. v. Cyber Promotions, Inc. (S.D. Ohio 1997)

962 F. Supp. 1015, 1022, applied the Restatement to conclude that mass mailings and

evasion of the server’s filters diminished the value of the mail processing computer

equipment to CompuServe “even though it is not physically damaged by defendant’s

conduct.” The inconvenience to users of the system as a result of the mass messages

“decrease[d] the utility of CompuServe’s e-mail service” and was actionable as a trespass to

chattels. (Id. at p. 1023.)

The court in America Online, Inc. v. IMS (E.D. Va. 1998) 24 F. Supp. 2d 548, on facts

similar to those in the present case, also applied the Restatement in a trespass to chattels

claim. There, defendant sent unauthorized e-mails to America Online’s computer system,

persisting after receiving notice to desist and causing the company “to spend technical

resources and staff time to ‘defend’ its computer system and its membership” against the

unwanted messages. The company was not required to show that its computer system was

overwhelmed or suffered a diminution in performance; mere use of the system by the

defendant was sufficient to allow the plaintiff to prevail on the trespass to chattels claim.

Similarly, the court in eBay, Inc. v. Bidder’s Edge, Inc. (N.D. Cal. 2000) 100 F. Supp. 2d

1058 determined that there was a trespass to chattels when the quality or value of a

computer system was diminished by unauthorized “web crawlers,”4 despite the fact that

eBay had not alleged any “particular service disruption” or “specific incremental damages”

to the computer system. Intermeddling with eBay’s private property was sufficient to

establish a cause of action: “A trespasser is liable when the trespass diminishes the

3 As the recent spate of articles on “spam”—unsolicited bulk e-mail—suggests, the effects on business of such

unwanted intrusions are not trivial. “Spam is not just a nuisance. It absorbs bandwidth and overwhelms

Internet service providers. Corporate tech staffs labor to deploy filtering technology to protect their networks.

The cost is now widely estimated (though all such estimates are largely guesswork) at billions of dollars a year.

The social costs are immeasurable.... [¶] ‘Spam has become the organized crime of the Internet.’ ... ‘[M]ore and

more it’s becoming a systems and engineering and networking problem.’” (Gleick, Tangled Up in Spam, N.Y.

Times (Feb. 9, 2003) magazine p. 1 [as of June 30, 2003]; see also Cooper & Shogren, U.S., States Turn Focus to

Curbing Spam, L.A. Times (May 1, 2003) p. A21, col. 2 [“Businesses are losing money with every moment that

employees spend deleting”]; Turley, Congress Must Send Spammers a Message, L.A. Times (Apr. 21, 2003) p.

B13, col. 5 [“Spam now costs American businesses about $9 billion a year in lost productivity and screening”];

Taylor, Spam’s Big Bang! (June 16, 2003) Time, p. 51 [“The time we spend deleting or defeating spam costs an

estimated $8.9 billion a year in lost productivity”].) But the occasional spam addressed to particular employees

does not pose nearly the same threat of impaired value as the concerted bulk mailings into one e-mail system at

issue here, which mailings were sent to thousands of employees with the express purpose of disrupting business

as usual. 4 A “web crawler” is a computer program that operates across the Internet to obtain information from the

websites of others.

108.

condition, quality or value of personal property”; “[e]ven if [defendant’s intrusions] use only

a small amount of eBay’s computer ... capacity, [defendant] has nonetheless deprived eBay

of the ability to use that portion of its personal property for its own purposes. The law

recognizes no such right to use another’s personal property.” ([S]ee also, e.g., Oyster

Software, Inc. v. Forms Processing, Inc. (N.D. Cal., Dec. 6, 2001) 2001 WL 1736382 at *12-

*13 [trespass to chattels claim did not require company to demonstrate physical damage];

accord, Register.com, Inc. v. Verio, Inc. (S.D.N.Y. 2000) 126 F. Supp. 2d 238, 250; cf.

Thrifty-Tel, Inc. v. Bezenek (1996) 46 Cal. App. 4th 1559, 1566-1567 [unconsented

electronic access to a computer system constituted a trespass to chattels].)

These cases stand for the simple proposition that owners of computer systems, like owners

of other private property, have a right to prevent others from using their property against

their interests. That principle applies equally in this case. By his repeated intermeddling,

Hamidi converted Intel’s private employee e-mail system into a tool for harming

productivity and disrupting Intel’s workplace. Intel attempted to put a stop to Hamidi’s

intrusions by increasing its electronic screening measures and by requesting that he desist.

Only when self-help proved futile, devolving into a potentially endless joust between

attempted prevention and circumvention, did Intel request and obtain equitable relief in

the form of an injunction to prevent further threatened injury.

The majority suggest that Intel is not entitled to injunctive relief because it chose to allow

its employees access to e-mail through the Internet and because Hamidi has apparently

told employees that he will remove them from his mailing list if they so request. They

overlook the proprietary nature of Intel’s intranet system; Intel’s system is not merely a

conduit for messages to its employees. As the owner of the computer system, it is Intel’s

request that Hamidi stop that must be respected. The fact that, like most large businesses,

Intel’s intranet includes external e-mail access for essential business purposes does not

logically mean, as the majority suggest, that Intel has forfeited the right to determine who

has access to its system. Its intranet is not the equivalent of a common carrier or public

communications licensee that would be subject to requirements to provide service and

access. Just as Intel can, and does, regulate the use of its computer system by its

employees, it should be entitled to control its use by outsiders and to seek injunctive relief

when self-help fails.

The majority also propose that Intel has sufficient avenues for legal relief outside of

trespass to chattels, such as interference with prospective economic relations, interference

with contract, intentional infliction of emotional distress, and defamation; Hamidi urges

that an action for nuisance is more appropriate. Although other causes of action may under

certain circumstances also apply to Hamidi’s conduct, the remedy based on trespass to

chattels is the most efficient and appropriate. It simply requires Hamidi to stop the

unauthorized use of property without regard to the content of the transmissions. Unlike

trespass to chattels, the other potential causes of action suggested by the majority and

Hamidi would require an evaluation of the transmissions’ content and, in the case of a

nuisance action, for example, would involve questions of degree and value judgments based

on competing interests.

II

109.

As discussed above, I believe that existing legal principles are adequate to support Intel’s

request for injunctive relief. But even if the injunction in this case amounts to an extension

of the traditional tort of trespass to chattels, this is one of those cases in which, as Justice

Cardozo suggested, “[t]he creative element in the judicial process finds its opportunity and

power” in the development of the law.

The law has evolved to meet economic, social, and scientific changes in society. The

industrial revolution, mass production, and new transportation and communication

systems all required the adaptation and evolution of legal doctrines.

The age of computer technology and cyberspace poses new challenges to legal principles. As

this court has said, “the so-called Internet revolution has spawned a host of new legal

issues as courts have struggled to apply traditional legal frameworks to this new

communication medium.” The court must now grapple with proprietary interests, privacy,

and expression arising out of computer-related disputes. Thus, in this case the court is

faced with “that balancing of judgment, that testing and sorting of considerations of

analogy and logic and utility and fairness” that Justice Cardozo said he had “been trying to

describe.” Additionally, this is a case in which equitable relief is sought. As Bernard Witkin

has written, “equitable relief is flexible and expanding, and the theory that ‘for every wrong

there is a remedy’ [Civ. Code, § 3523] may be invoked by equity courts to justify the

invention of new methods of relief for new types of wrongs.” That the Legislature has dealt

with some aspects of commercial unsolicited bulk e-mail (Bus. & Prof. Code, §§ 17538.4,

17538.45) should not inhibit the application of common law tort principles to deal with e-

mail transgressions not covered by the legislation.

Before the computer, a person could not easily cause significant disruption to another’s

business or personal affairs through methods of communication without significant cost.

With the computer, by a mass mailing, one person can at no cost disrupt, damage, and

interfere with another’s property, business, and personal interests. Here, the law should

allow Intel to protect its computer-related property from the unauthorized, harmful, free

use by intruders.

III

As the Court of Appeal observed, connecting one’s driveway to the general system of roads

does not invite demonstrators to use the property as a public forum. Not mindful of this

precept, the majority blur the distinction between public and private computer networks in

the interest of “ease and openness of communication.” By upholding Intel’s right to exercise

self-help to restrict Hamidi’s bulk e-mails, they concede that he did not have a right to send

them through Intel’s proprietary system. Yet they conclude that injunctive relief is

unavailable to Intel because it connected its e-mail system to the Internet and thus,

“necessarily contemplated” unsolicited communications to its employees. Their exposition

promotes unpredictability in a manner that could be as harmful to open communication as

it is to property rights. It permits Intel to block Hamidi’s e-mails entirely, but offers no

recourse if he succeeds in breaking through its security barriers, unless he physically or

functionally degrades the system.

By making more concrete damages a requirement for a remedy, the majority has rendered

speech interests dependent on the impact of the e-mails. The sender will never know when

110.

or if the mass e-mails sent by him (and perhaps others) will use up too much space or cause

a crash in the recipient system, so as to fulfill the majority’s requirement of damages. Thus,

the sender is exposed to the risk of liability because of the possibility of damages. If, as the

majority suggest, such a risk will deter “ease and openness of communication”, the

majority’s formulation does not eliminate such deterrence. Under the majority’s position,

the lost freedom of communication still exists. In addition, a business could never reliably

invest in a private network that can only be kept private by constant vigilance and

inventiveness, or by simply shutting off the Internet, thus limiting rather than expanding

the flow of information.6 Moreover, Intel would have less incentive to allow employees

reasonable use of its equipment to send and receive personal e-mails if such allowance is

justification for preventing restrictions on unwanted intrusions into its computer system. I

believe the best approach is to clearly delineate private from public networks and identify

as a trespass to chattels the kind of intermeddling involved here.

The views of the amici curiae group of intellectual property professors that a ruling in favor

of Intel will interfere with communication are similarly misplaced because here, Intel,

contrary to most users, expressly informed Hamidi that it did not want him sending

messages through its system. Moreover, as noted above, all of the problems referred to will

exist under the apparently accepted law that there is a cause of action if there is some

actionable damage.

Hamidi and other amici curiae raise, for the first time on appeal, certain labor law issues,

including the matter of protected labor-related communications. Even assuming that these

issues are properly before this court, to the extent the laws allow what would otherwise be

trespasses for some labor-related communications, my position does not exclude that here

too. But there has been no showing that the communications are labor-law protected.7

Finally, with regard to alleged constitutional free speech concerns raised by Hamidi and

others, this case involves a private entity seeking to enforce private rights against trespass.

Unlike the majority, I have concluded that Hamidi did invade Intel’s property. His actions

constituted a trespass—in this case a trespass to chattels. There is no federal or state

constitutional right to trespass. (Adderley v. Florida (1966) 385 U.S. 39, 47 [“Nothing in the

Constitution of the United States prevents Florida from even-handed enforcement of its

general trespass statute....”]; Church of Christ in Hollywood v. Superior Court (2002) 99

Cal. App. 4th 1244, 1253-1254 [affirming a restraining order preventing former church

member from entering church property: “[the United States Supreme Court] has never held

that a trespasser or an uninvited guest may exercise general rights of free speech on

property privately owned”]; see also CompuServe Inc. v. Cyber Promotions, Inc., 962 F.

Supp. at p. 1026 [“the mere judicial enforcement of neutral trespass laws by the private

owner of property does not alone render it a state actor”]; Cyber Promotions, Inc. v.

American Online, Inc. (E.D. Pa. 1996) 948 F. Supp. 436, 456 [“a private company such as

Cyber simply does not have the unfettered right under the First Amendment to invade

AOL’s private property....”].) Accordingly, the cases cited by the majority regarding

6 Thus, the majority’s approach creates the perverse incentive for companies to invest less in computer capacity

in order to protect its property. In the view of the majority, Hamidi’s massive e-mails would be actionable only if

Intel had insufficient server or storage capacity to manage them. 7 The bulk e-mail messages from Hamidi, a nonemployee, did not purport to spur employees into any collective

action; he has conceded that “[t]his is not a drive to unionize.” Nor was his disruptive conduct part of any bona

fide labor dispute.

111.

restrictions on speech, not trespass, are not applicable. Nor does the connection of Intel’s e-

mail system to the Internet transform it into a public forum any more than any connection

between private and public properties. Moreover, as noted above, Hamidi had adequate

alternative means for communicating with Intel employees so that an injunction would not,

under any theory, constitute a free speech violation.

IV

The trial court granted an injunction to prevent threatened injury to Intel. That is the

purpose of an injunction. Intel should not be helpless in the face of repeated and threatened

abuse and contamination of its private computer system. The undisputed facts, in my view,

rendered Hamidi’s conduct legally actionable. Thus, the trial court’s decision to grant a

permanent injunction was not “a clear abuse of discretion” that may be “disturbed on

appeal.”

The injunction issued by the trial court simply required Hamidi to refrain from further

trespassory conduct, drawing no distinction based on the content of his e-mails. Hamidi

remains free to communicate with Intel employees and others outside the walls—both

physical and electronic—of the company.

For these reasons, I respectfully dissent.

I CONCUR: GEORGE, C.J.

NOTES AND QUESTIONS

Are you more sympathetic towards Hamidi or Intel?

The dissent said “[t]he trial court further found that the ‘massive’ intrusions ‘impaired the

value to Intel of its e-mail system.’” Why didn’t that finding of fact satisfy the majority’s

legal standard?

Intel brought, and subsequently dropped, a nuisance claim against Hamidi. How was

Hamidi’s activity like a “nuisance”?

If Hamidi sends another batch of unwanted emails to Intel employees after this ruling,

what, if anything, can Intel do about it?

The dissent says “the majority’s approach creates the perverse incentive for companies to

invest less in computer capacity in order to protect its property.” How has that prediction

fared over time?

What do you think of the dissent’s analogy that Hamidi’s email campaign is “like intruding

into a private office mailroom, commandeering the mail cart, and dropping off unwanted

broadsides on 30,000 desks”?

112.

Register.com, Inc. v. Verio, Inc., 356 F.3d 393 (2d Cir. 2004).

Leval, Circuit Judge.

…Verio also attacks the grant of the preliminary injunction against its accessing Register’s

computers by automated software programs performing multiple successive queries. This

prong of the injunction was premised on Register’s claim of trespass to chattels. Verio

contends the ruling was in error because Register failed to establish that Verio’s conduct

resulted in harm to Register’s servers and because Verio’s robot access to the WHOIS

database through Register was “not unauthorized.” We believe the district court’s findings

were within the range of its permissible discretion.

“A trespass to a chattel may be committed by intentionally ... using or intermeddling with a

chattel in the possession of another,” Restatement (Second) of Torts § 217(b) (1965), where

“the chattel is impaired as to its condition, quality, or value.”

The district court found that Verio’s use of search robots, consisting of software programs

performing multiple automated successive queries, consumed a significant portion of the

capacity of Register’s computer systems. While Verio’s robots alone would not incapacitate

Register’s systems, the court found that if Verio were permitted to continue to access

Register’s computers through such robots, it was “highly probable” that other Internet

service providers would devise similar programs to access Register’s data, and that the

system would be overtaxed and would crash. We cannot say these findings were

unreasonable.

Nor is there merit to Verio’s contention that it cannot be engaged in trespass when Register

had never instructed it not to use its robot programs. As the district court noted, Register’s

complaint sufficiently advised Verio that its use of robots was not authorized and, according

to Register’s contentions, would cause harm to Register’s systems….

NOTES AND QUESTIONS

Are the Hamidi and Register.com rulings consistent with each other?

Civil plaintiffs routinely assert common law trespass to chattels, CFAA, and state computer

crimes violations in the same complaint. Defendants must successfully navigate all three

claims to win the case.

Because the CFAA and state computer crimes laws have both civil and criminal provisions,

defendants (and their lawyers) need to consider the risks of criminal prosecution, not just

civil exposure.

CFAA in the Employment Context. Departing employees routinely take company files with

them electronically. They may email the files to their personal email accounts, upload the

files to cloud storage, or download the files to a flash drive. Often, such activities constitute

trade secret misappropriation, but put that aside for a moment. Assume the employee did

not hack the system to obtain files that the employee wasn’t meant to access. Does the

emailing/downloading of company files for non-company purposes constitute a misuse of the

company’s equipment such that it becomes a CFAA violation?

113.

This issue has vexed the courts. Several appellate courts, including United States v. Nosal,

676 F.3d 854 (9th Cir. 2012) (en banc) (“Nosal I”) and WEC Carolina Energy Solutions LLC

v. Miller, 687 F.3d 199 (4th Cir. 2012), held that an employee who initially had

authorization to access the company’s computers did not “exceed authorized access” by

downloading files for improper purposes. Courts do not uniformly follow this view, however.

The Nosal case shows the courts’ struggles with applying the CFAA in employment

contexts. The Ninth Circuit explained:

Nosal worked at the executive search firm Korn/Ferry International when he

decided to launch a competitor along with a group of co-workers. Before

leaving Korn/Ferry, Nosal’s colleagues began downloading confidential

information from a Korn/Ferry database to use at their new enterprise.

Although they were authorized to access the database as current Korn/Ferry

employees, their downloads on behalf of Nosal violated Korn/Ferry’s

confidentiality and computer use policies....When Nosal left Korn/Ferry, the

company revoked his computer access credentials, even though he remained

for a time as a contractor. The company took the same precaution upon the

departure of his accomplices, Becky Christian and Mark Jacobson.

Nonetheless, they continued to access the database using the credentials of

Nosal’s former executive assistant, Jacqueline Froehlich-L’Heureaux (“FH”),

who remained at Korn/Ferry at Nosal’s request.

In 2012, the court held that that § 1030(a)(4)’s “exceeds authorized access” language “does

not extend to violations of [a company’s] use restrictions.” United States v. Nosal, 676 F.3d

854 (9th Cir. 2012) (en banc).

Nosal’s win was short-lived. Prosecutors pursued Nosal on other CFAA grounds, and the

case went back to the Ninth Circuit. In Nosal II, the court said “we are asked to decide

whether the ‘without authorization’ prohibition of the CFAA extends to a former employee

whose computer access credentials have been rescinded but who, disregarding the

revocation, accesses the computer by other means.” United States v. Nosal, 844 F.3d 1024

(9th Cir. 2016) (“Nosal II,” as amended December 2016). The court held that, by instructing

Jacqueline to act as his proxy, Nosal disregarded the former employer’s revocation of his

access rights—even though Jacqueline (as a current employee) still had authorized access

to the system.

Perhaps Nosal II is sufficiently fact-specific that it doesn’t undermine the broader

principles articulated in Nosal I. Arguably, the case turned on Jacqueline’s provision of her

passwords to departed employees whose system access had been expressly revoked. Still,

the courts’ statutory construction remains highly confused and confusing. We may get more

clarity from a pending U.S. Supreme Court case, Van Buren v. United States, raising this

exact issue.

In addition to the CFAA conviction, Nosal was convicted of criminal trade secret

misappropriation. If trade secret law already protected Nosal’s former employer, why did

the government spend so much time prosecuting the mostly-duplicative CFAA crime?

114.

Cease-and-Desist Letters Revoking Authorization. Power Ventures operated a service

designed to aggregate a user’s social networking content from multiple social networking

sites, including Facebook. At users’ request, and using login credentials supplied by users,

Power Ventures used automated scripts to log into the users’ Facebook accounts and

download/upload their content. Facebook allowed third party services to perform such

functions using a tool called “Facebook Connect,”* but Power Ventures did not use that tool.

As a result, Facebook sent cease-and-desist letters to Power Ventures and blocked Power

Ventures’ IP addresses. Neither effort stopped Power Ventures. Facebook’s lawsuit led to a

Ninth Circuit opinion, Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058 (9th Cir.

2016).

The Ninth Circuit recaps the general principles:

First, a defendant can run afoul of the CFAA when he or she has no

permission to access a computer or when such permission has been revoked

explicitly. Once permission has been revoked, technological gamesmanship or

the enlisting of a third party to aid in access will not excuse liability. Second,

a violation of the terms of use of a website—without more—cannot establish

liability under the CFAA.

The court said that Power Ventures might have had implied authorization to access

Facebook’s service, especially given the users’ requests for it to do so. However, “Facebook

expressly rescinded that permission when Facebook issued its written cease and desist

letter to Power on December 1, 2008....The consent that Power had received from Facebook

users was not sufficient to grant continuing authorization to access Facebook's computers

after Facebook's express revocation of permission.” The Ninth Circuit also confirmed that

Power Ventures violated the applicable state computer crime law, Cal. Penal Code § 502.

Cease-and-desist letters often demand remedies that no court would actually grant. In

other words, they are often the sender’s wish list, maybe only loosely tethered to the

sender’s actual legal rights. If so, does it make sense for the Ninth Circuit to treat cease-

and-desist letters as dispositive on the CFAA “authorization” question? Recall that CFAA

violations can be criminal, so the Ninth Circuit seems to be saying that a company’s private

cease-and-desist letter can define what constitutes criminal behavior.

Interestingly, the court says (in a footnote) that cease-and-desist letters are more

consequential than a service’s technological self-help via IP address blocks:

Simply bypassing an IP address, without more, would not constitute

unauthorized use. Because a blocked user does not receive notice that he has

been blocked, he may never realize that the block was imposed and that

authorization was revoked. Or, even if he does discover the block, he could

conclude that it was triggered by misconduct by someone else who shares the

same IP address, such as the user's roommate or co-worker.

* [Editor’s note: Facebook Connect was an API that let third-party services automatically access and download

large quantities of information about Facebook users. It gained notoriety as the mechanism that enabled the

well-publicized Cambridge Analytica data leakage.]

115.

What do you think of this distinction between IP address blocks and cease-and-desist

letters?

On remand, the district court awarded about $80,000 of damages ($5k of remediation

efforts after the C&D letter plus $75k of legal costs negotiating with Power Ventures) and

issued a permanent injunction. Facebook, Inc. v. Power Ventures, Inc., 252 F. Supp. 3d 765

(N.D. Cal. 2017).

The hiQ Ruling. Are you confused yet? If not, hiQ Labs, Inc. v. LinkedIn Corp., 938 F.3d

985 (9th Cir. 2019), will get you there.

hiQ builds databases about employees and then sells data to employers about ways to

retain their employees or fill gaps in the company’s overall workforce skills. It scraped

LinkedIn to gather the treasure trove of employee information on the site. Although

LinkedIn apparently initially acquiesced to hiQ’s scraping, LinkedIn eventually took a

number of steps to prevent hiQ’s scraping, including technical efforts to block its scrapers

and a cease-and-desist letter. Based on prior precedent, LinkedIn adequately notified hiQ

that it didn’t want its scrapers on the LinkedIn site.

In response, hiQ sued LinkedIn for a declaratory judgment that hiQ had a legally protected

right to gather data from LinkedIn. This might be analogous to Hamidi suing Intel to

prevent it from blocking his email as spam; or Verio suing Register.com to ensure that

Verio had the legally protected right to grab Register.com’s Whois data.

Perhaps surprisingly, hiQ’s legal tactic has worked, at least so far. “The district court

granted hiQ’s motion. It ordered LinkedIn to withdraw its cease-and-desist letter, to

remove any existing technical barriers to hiQ’s access to public profiles, and to refrain from

putting in place any legal or technical measures with the effect of blocking hiQ’s access to

public profiles.” The Ninth Circuit affirmed the preliminary injunction against LinkedIn.

The court, citing Nosal I, says the CFAA was “enacted to prevent intentional intrusion onto

someone else’s computer—specifically, computer hacking.... We therefore look to whether the conduct at issue is analogous to ‘breaking and entering.’” This supports the “idea that

authorization is only required for password-protected sites or sites that otherwise prevent

the general public from viewing the information.”

This sets up a theoretical distinction between Facebook (and the Power Ventures case) and

LinkedIn: in theory, Facebook users do not permit the general public to see their

information while LinkedIn users do. This actually doesn’t fit the facts; Facebook users can,

and sometimes do, make their information freely available to the public, and LinkedIn

users can, and sometimes do, restrict some or all of their profile from public view.

Nevertheless, the court thinks it threads this needle: “While Power Ventures was gathering

user data that was protected by Facebook’s username and password authentication system,

the data hiQ was scraping was available to anyone with a web browser.”

The court summarized:

it appears that the CFAA’s prohibition on accessing a computer “without

authorization” is violated when a person circumvents a computer’s generally

116.

applicable rules regarding access permissions, such as username and

password requirements, to gain access to a computer. It is likely that when a

computer network generally permits public access to its data, a user’s

accessing that publicly available data will not constitute access without

authorization under the CFAA. The data hiQ seeks to access is not owned by

LinkedIn and has not been demarcated by LinkedIn as private using such an

authorization system.

There are many reasons why hiQ may not ultimately succeed. In particular, the Ninth

Circuit principally addressed the CFAA issues. LinkedIn has a variety of other legal bases

to thwart scraping that it can pursue when the case returns to the district court. As the

Ninth Circuit noted, “the companies have invoked additional claims and defenses in the

district court, and we express no opinion as to whether any of those claims or defenses

might ultimately prove meritorious.... even if the CFAA does not apply: state law trespass to chattels claims may still be available. And other causes of action, such as copyright

infringement, misappropriation, unjust enrichment, conversion, breach of contract, or

breach of privacy, may also lie.” As a result, it remains possible that LinkedIn had every

legal right to shut down hiQ’s scraping, in which case the intermediate rulings only offer

false hope to hiQ and other scrapers.

In the interim, other courts have interpreted the hiQ ruling as a free pass for third parties

to access publicly available websites regardless of the website operator’s efforts. See, e.g.,

Sandvig v. Barr, 2020 WL 1494065 (D.D.C. 2020) (CFAA cannot stop researchers from

accessing websites for research purposes, even if the TOS contains provisions restricting

such activity); Miller v. 4Internet LLC, 2:18-cv-02097-JAD-VCF (D. Nev. July 10, 2020)

(search engine can’t stop copyright owner’s robots looking for infringing activity).

117.

Online Trespass to Chattels: a Failed Experiment

By Eric Goldman

Posted March 28, 2013 to http://www.forbes.com/sites/ericgoldman/2013/03/28/the-

computer-fraud-and-abuse-act-is-a-failed-experiment/.

...Initially, the CFAA banned hacking, but over the years, it has morphed into a general

restriction against online trespass to chattels. I’ll explain why–and how–the concept of

online trespass to chattels should be eliminated from the CFAA and analogous state law

doctrines.

The Current Law of Online Trespass to Chattels

Trespass to Chattels Offline. “Chattel” means tangible personal property, as opposed to real

property like real estate or intangible assets like intellectual property. Colloquially, we

often refer to chattel as our “stuff.”

In the offline world, a chattel owner has the exclusive right to possess the chattel. If

someone permanently takes someone else’s chattel, we call this “theft” or “conversion,” and

we punish it both civilly and criminally.

Chattel interferences less significant than theft/conversion, such as temporarily depriving

the chattel owner of possession (e.g., taking someone else’s car for a “joyride”), may be

actionable as “trespass to chattel.” Trespass to chattels is a venerable doctrine, but it does

not apply to all interactions with someone else’s offline chattel. The owner must show some

damage from the interference. Petting someone’s dog or touching someone’s car with your

finger may technically interfere with the chattel, but typically it’s not actionable as a

trespass because the chattel owner hasn’t suffered any harm. The requirement that the

chattel owner show some harm differs from trespass to real property, which in contrast can

occur merely by a person’s unauthorized presence even if the owner has experienced no

other damage.

Trespass to Chattels Online. The Internet operates by passing bits of data over computer

equipment, such as servers, routers and cables. All of that equipment is owned by someone.

In other words, Internet data moves over a network of privately owned chattel.

Over the years, legislatures and the courts progressively have treated the unauthorized

movement of data bits over someone else’s chattel into a “trespass” of that chattel–an

activity I’ll call “online trespass to chattels.” For example, many states have enacted

computer crime laws that restrict unauthorized use of Internet and telecommunications

equipment. In 1997, CompuServe v. Cyber Promotions, a federal district court held that

sending spam to an third party’s email router constituted trespass to chattels under the

common law (common law is judge-made law, not enacted by a legislature). Many

subsequent courts have embraced that precedent. And over the years, Congress has

progressively expanded the Computer Fraud & Abuse Act so that it has become, in effect, a

federal prohibition on trespassing someone else’s Internet equipment by sending data to it

or taking data from it. With respect to the CFAA and some state computer crime laws, we

punish violations both civilly and criminally.

118.

All of these legal doctrines (the CFAA, state computer crimes, common law trespass to

chattels) require that the online chattel owner show that the defendant’s activity was

unauthorized and that the owner suffered some damage from the defendant’s use of the

chattel, but the legal standards differ somewhat between the doctrines. In practice, the

required damages showing is often trivial. For example, both the CFAA and California’s

computer crime law count the chattel owner’s efforts to prevent the defendant’s usage as

actionable damage–and in California’s case, no further showing of harm to the chattel

owner is required. Effectively, simply making unauthorized use of a third party’s Internet-

connected chattel violates the state computer crime law. Some parts of the CFAA requires a

higher quantitative showing of damages, but many cases easily clear that threshold.

Rethinking Online Trespass to Chattels

Stretching the ancient doctrine of trespass to chattels to apply to Internet activities has

been an experiment in law-making. Unfortunately, I think the experiment has failed

completely. The CFAA and state computer crime laws initially were designed to restrict

hackers from breaching computer security—a sensible objective that, as I discuss below,

should be preserved. The expansion of these laws to cover all sending or receiving of data

from an Internet-connected server hasn’t worked for at least three reasons.

Connecting to the Internet. When a chattel owner affirmatively connects its chattel to the

Internet, we might presume that the owner wants to exchange data via the Internet. Of

course, not all Internet data exchanges will be welcome; the chattel owner may have

security restrictions on who can access some or all of the chattel, and no website wants to

be overwhelmed with bogus exchange requests (i.e., denial-of-service attacks).

Acknowledging those caveats, we ought to legally presume that Internet-connected chattel

is intended to exchange data with other Internet users. If we start with this presumption,

the chattel owner can “bargain” with other Internet users to restrict their usage through a

contract specifying permitted and unpermitted uses. Current online trespass to chattels

doctrines contemplate this bargaining process, but the laws often let websites communicate

their usage restrictions on obscure web pages that most people won’t see.

Chattel owners also can use technological controls, such as security measures, to restrict

unwanted chattel usage. For example, websites often use “rate limits” to throttle the

amount of data that can be gathered from the website during a specified time period and

“IP address blocks” to restrict website access by specified computers.

Given that chattel owners can easily restrict how their Internet-connected chattel is used,

they should bear the onus to take the contractual or technological steps to do so. Otherwise,

society incurs significant transaction costs for individual users trying to determine their

rights to interact with Internet-connected chattel, and overly protective legal doctrines

create border cases where users engaged in socially beneficially conduct nevertheless

unintentionally commit legal violations.

(Side note for economics buffs: the Coase Theorem says it doesn’t matter where we set the

property entitlement so long as there are no transaction costs. I favor giving the

entitlement to Internet users because (a) the chattel owner chose to connect to the Internet,

and (b) it’s cheaper for the chattel owner to bargain back for the rights).

119.

Unintended Consequences. Online trespass to chattels now reaches scenarios far beyond the

hacking scenarios, sometimes in farcical ways. Three examples of troubling applications of

online trespass to chattels:

 because virtually every employee uses computers at work and some employees

download company data onto their personal devices, employers now routinely assert

CFAA violations against ex-employees. This illustrates the CFAA’s scope creep; the

CFAA wasn’t designed to apply to ordinary employee activities, but sloppy and

expansive drafting enables that possibility. Fortunately, courts have balked at this

trend (see, e.g., Nosal and WEC). I still favor punishing rogue employees, but online

trespass to chattels is not the way to do it.

 websites may assert online trespass to chattels when a third party’s automated

script gather information from their website (a process sometimes called “scraping”

or “spidering”). Technically, search engine spiders commit online trespass to chattels

when they access a website without permission, although we don’t often see cases

asserting that. Instead, more typically we see anti-competition lawsuits, including

efforts to thwart price competition or shut down third party developers who enhance

a website’s functionality.

 Lori Drew’s CFAA prosecution over Megan Maier’s suicide due to Drew’s use of a

fake MySpace profile. To establish the CFAA violation, the government

(unsuccessfully) argued that MySpace was the victim of Drew’s ruse because she lied

to them when she created her online account. The government’s theory threatened to

make virtually every Internet user a criminal because Internet users routinely fib

during online account registration processes.

Doctrinal Overlap. In many situations currently covered by online trespass to chattels, at

least one–and often numerous–other legal doctrines already apply. For example, trade

secret law already applies to employees who walk out the door with a company’s

confidential information, whether the confidential information is analog or digital.

Copyright law already applies to search engines republishing copyrighted material they

scrape. MySpace could have brought a breach of contract claim against Drew for violating

its user agreement (if it cared).

Indeed, because legal doctrines already overlap so extensively, we almost never see an

online trespass to chattels claim asserted on a standalone basis. Instead, an online trespass

to chattels claim is usually just one of numerous legal violations asserted against the

defendant. These doctrinal overlaps mean we usually don’t need online trespass to chattels

either to supplement the more squarely applicable claims or to act as a “gap-filler” to plug

the rare and narrow holes left by the other legal doctrines.

Reforming Online Trespass to Chattels

Lawmakers aren’t very good at acknowledging when their legal experiments fail. But if

lawmakers honestly judge the results of their online trespass to chattels experiment, they

should:

120.

1) Repeal most provisions of the CFAA (that don’t relate to government-run computers) and

preempt all analogous state laws, including state computer crime laws and common law

trespass to chattels as applied online. Note: reforming the CFAA, without dealing with

analogous state laws, is an incomplete solution.

2) Retain only the (A) restrictions on criminal hacking, which I would define as the defeat of

electronic security measures for the goal of fraud or data destruction (and some of these

efforts are already covered by other laws like the Electronic Communications Privacy Act),

and (B) restrictions on denial-of-service attacks, which I would define as the sending of data

or requests to a server with the intent of overloading its capacity.

3) Eliminate all civil claims for this conduct, so that only the federal government can

enforce violations.

4) Specify that any textual attempts to restrict server usage fail unless the terms are

presented in a properly formed contract (usually, a mandatory click-through agreement).

Obviously, these proposals are dramatic, but they are in keeping with my goal of

eliminating the legal concept of online trespass to chattels. Even if we do that, chattel

owners are hardly defenseless. They can still take advantage of a panoply of other legal

doctrines, they can still use (properly formed) contracts to bargain back the rights from

users, and they can still use technological controls. As a result, these proposed changes will

end the adverse consequences from the online trespass to chattels experiment while letting

chattel owners prevent socially disadvantageous online usage of their chattels.

CHAPTER 4 REVIEW QUESTION #1

Shamazon is an online retailer. Its terms of use (not presented as a clickthrough

agreement) contains the following clause: “You may not use our site to gather pricing

information.” Bet, a retailing rival of Shamazon, retains independent contractors to visit

the Shamazon site and gather its prices for the items in Bet’s store so that Bet can confirm

that it is matching or beating Shamazon’s prices. Does Shamazon have a common law

trespass to chattels, CFAA or California Penal Code § 502 claim against Bet or its

independent contractors?

CHAPTER 4 REVIEW QUESTION #2

Karen creates an online bank account for herself and agrees to the bank’s Terms of Service,

which include a provision saying that customers may not provide their online login

credentials to the bank account to anyone. Despite this, Karen shares her credentials with

her live-in boyfriend, Joe. Scenario (a): Joe logs into the bank account to engage in ordinary

banking activities at Karen’s request. Scenario (b): Joe logs into the bank account and loots

it, sending all of the money to his personal bank account. Does the bank have a CFAA claim

against either Joe or Karen?

121.

V. Copyright

Copyright Basics, Copyright Office Circular 1 (from

https://www.copyright.gov/circs/circ01.pdf) (revised Sept. 2017)

Copyright is a form of protection provided by the laws of the United States to the authors of

“original works of authorship” that are fixed in a tangible form of expression. An original

work of authorship is a work that is independently created by a human author and

possesses at least some minimal degree of creativity. A work is “fixed” when it is captured

(either by or under the authority of an author) in a sufficiently permanent medium such

that the work can be perceived, reproduced, or communicated for more than a short time.

Copyright protection in the United States exists automatically from the moment the

original work of authorship is fixed.

What Works Are Protected?

Examples of copyrightable works include

• Literary works

• Musical works, including any accompanying words

• Dramatic works, including any accompanying music

• Pantomimes and choreographic works

• Pictorial, graphic, and sculptural works

• Motion pictures and other audiovisual works

• Sound recordings, which are works that result from the fixation of a series of musical,

spoken, or other sounds

• Architectural works

These categories should be viewed broadly for the purpose of registering your work. For

example, computer programs and certain “compilations” can be registered as “literary

works”; maps and technical drawings can be registered as “pictorial, graphic, and

sculptural works.”

Note: Before 1978, federal copyright was generally secured by publishing a work with an

appropriate copyright notice. U.S. works that were in the public domain on January 1,

1978, when the 1976 Copyright Act took effect, remain in the public domain under the 1976

Act.

What Are the Rights of a Copyright Owner?

Copyright provides the owner of copyright with the exclusive right to

• Reproduce the work in copies or phonorecords

• Prepare derivative works based upon the work

• Distribute copies or phonorecords of the work to the public by sale or other transfer of

ownership or by rental, lease, or lending

• Perform the work publicly if it is a literary, musical, dramatic, or choreographic work; a

pantomime; or a motion picture or other audiovisual work

• Display the work publicly if it is a literary, musical, dramatic, or choreographic work; a

pantomime; or a pictorial, graphic, or sculptural work. This right also applies to the

individual images of a motion picture or other audiovisual work.

122.

• Perform the work publicly by means of a digital audio transmission if the work is a sound

recording

Copyright also provides the owner of copyright the right to authorize others to exercise

these exclusive rights, subject to certain statutory limitations.

What Is Not Protected by Copyright?

Copyright does not protect

• Ideas, procedures, methods, systems, processes, concepts, principles, or discoveries

• Works that are not fixed in a tangible form (such as a choreographic work that has not

been notated or recorded or an improvisational speech that has not been written down)

• Titles, names, short phrases, and slogans

• Familiar symbols or designs

• Mere variations of typographic ornamentation, lettering, or coloring

• Mere listings of ingredients or contents…

Who Can Claim Copyright?

The copyright in a work initially belongs to the author(s) who created that work. When two

or more authors create a single work with the intent of merging their contributions into

inseparable or interdependent parts of a unitary whole, the authors are considered joint

authors and have an indivisible interest in the work as a whole. By contrast, if multiple

authors contribute to a collective work, each author’s individual contribution is separate

and distinct from the copyright ownership in the collective work as a whole.

“Works made for hire” are an important exception to the general rule for claiming

copyright. When a work is made for hire, the author is not the individual who actually

created the work. Instead, the party that hired the individual is considered the author and

the copyright owner of the work. Whether a work is made for hire is determined by the facts

that exist at the time the work is created. There are two situations in which a work may be

made for hire:

1. When the work is created by an employee as part of the employee’s regular duties, or

2. When an individual and the hiring party enter into an express written agreement that

the work is to be considered a “work made for hire” and the work is specially ordered or

commissioned for use as:

• A compilation

• A contribution to a collective work

• A part of a motion picture or other audiovisual work

• A translation

• A supplementary work

• An instructional text

• A test

• Answer material for a test

• An atlas

123.

The concept of work made for hire can be complicated and has serious consequences for

both the individual who creates the work and the hiring party who is considered to be the

author and copyright owner of the work.…

Note: Mere ownership of a copy or phonorecord that embodies a work does not give the

owner of that copy or phonorecord the ownership of the copyright in the work.

Transfer of Copyright Ownership

Any or all of the copyright owner’s exclusive rights, or parts of those rights, can be

transferred. The transfer, however, generally must be made in writing and signed by the

owner of the rights conveyed or the owner’s authorized agent. Transferring a right on a

nonexclusive basis does not require a written agreement….

How Long Does Copyright Last?

In general, for works created on or after January 1, 1978, the term of copyright is the life of

the author plus seventy years after the author’s death. If the work is a joint work with

multiple authors, the term lasts for seventy years after the last surviving author’s death.

For works made for hire and anonymous or pseudonymous works, the duration of copyright

is 95 years from publication or 120 years from creation, whichever is shorter….

How Can I Protect My Work?

Copyright exists automatically in an original work of authorship once it is fixed in a

tangible medium, but a copyright owner can take steps to enhance the protections of

copyright, the most important of which is registering the work. Although registering a work

is not mandatory, for works of U.S. origin, registration (or refusal) is necessary to enforce

the exclusive rights of copyright through litigation….

Using a copyright notice is optional for unpublished works, foreign works, and works

published on or after March 1, 1989….Notice was required for works published in the

United States before March 1, 1989. Works published without notice before that date may

have entered the public domain in this country….

How Can I Use a Copyrighted Work?

When deciding to use a work protected by copyright, the general rule is to seek permission

from the copyright owner. Under the copyright law, a copyright owner may authorize

activities that fall under the exclusive rights of copyright…

Sections 107 to 122 of the copyright law contain provisions that establish limitations on the

exclusive rights of the copyright owner. The provisions make certain uses of copyrighted

works permissible without first obtaining permission of the copyright owner. One of the

most discussed of these statutory provisions is known as fair use, a legal doctrine that

promotes freedom of expression by permitting the unlicensed use of copyright-protected

works in certain circumstances….

124.

How Do I Protect My Work in Other Countries?

There is no such thing as an “international copyright” that automatically protects an

author’s works throughout the entire world. Protection against unauthorized use in a

particular country depends on the national laws of that country. Most countries offer

protection to foreign works under certain conditions, and these conditions have been greatly

simplified by international copyright treaties and conventions. Generally, a U.S. work may

be protected in a foreign country if that country has entered into an international

agreement with the United States….

NOTES AND QUESTIONS

“Access” to Online Materials. If a copyrighted work is freely available online, can we infer

that every potential defendant had “access” to the work for purposes of the copying-in-fact

inquiry? (i.e., whether the resulting work was the product of copying or independent

creation). See Design Basics, LLC v. Lexington Homes, Inc., 858 F.3d 1093 (7th Cir. 2017):

the existence of the plaintiff’s copyrighted materials on the Internet, even on

a public and “user‐friendly” site, cannot by itself justify an inference that the defendant accessed those materials. It follows that a plaintiff who cannot

show striking similarity and whose evidence of access reduces to the mere

existence of a website cannot survive summary judgment on a copyright

infringement claim.

See also Gray v. Perry, 2018 WL 3954008 (C.D. Cal. 2018):

the mere existence of copyrighted materials on YouTube and Myspace would not

justify an inference of access….But the Court is persuaded that plaintiffs have

shown more than just mere posting of ‘Joyful Noise’ on the internet. Due to the

millions of views and plays of ‘Joyful Noise’ on YouTube and Myspace, both readily

accessible websites, and the success and popularity of “Joyful Noise” in the Christian

hip-hop/rap industry, a reasonable jury could conclude that there is more than a

‘bare possibility’ that defendants—who are experienced professional songwriters—

had the opportunity to hear ‘Joyful Noise.’

Statute of Limitations. Copyright has a 3 year statute of limitations. However, the time

period does not start on initial publication to the web; instead, it apparently resets with

every view/download. Thus, works posted to the Internet decades ago may be the basis of

copyright infringement claims if the works are still online. See APL Microscopic, LLC v.

U.S., 144 Fed. Cl. 489 (Ct. Fed. Claims 2019).

CHAPTER 5 REVIEW QUESTION #1

Which of the following could qualify for copyright protection?

a) an email

b) a tweet

c) a text message

125.

d) a banner ad

e) a keyword ad at Google

f) a star rating at Yelp

g) an individual emoji

h) a selfie photo

126.

Note About Fair Use

Fair use is a statutory limitation on copyright owners’ exclusive rights. 17 U.S.C. § 107

says:

Notwithstanding the provisions of sections 106 and 106A, the fair use of a

copyrighted work, including such use by reproduction in copies or

phonorecords or by any other means specified by that section, for purposes

such as criticism, comment, news reporting, teaching (including multiple

copies for classroom use), scholarship, or research, is not an infringement of

copyright. In determining whether the use made of a work in any particular

case is a fair use the factors to be considered shall include—

(1) the purpose and character of the use, including whether such use is of a

commercial nature or is for nonprofit educational purposes;

(2) the nature of the copyrighted work;

(3) the amount and substantiality of the portion used in relation to the

copyrighted work as a whole; and

(4) the effect of the use upon the potential market for or value of the

copyrighted work.

The fact that a work is unpublished shall not itself bar a finding of fair use if

such finding is made upon consideration of all the above factors.

Fair use is a multi-factor equitable test. As a result, (1) every fact matters to a fair use

analysis, and (2) the results can change based on different judges’ norms or minor

variations in the facts. The following “color commentary” might help you apply the factors.

First Factor (Nature of Use)

The statute contemplates a spectrum of uses from commercial to non-profit educational,

where commercial uses are less likely to be fair and non-profit educational uses are more

likely to be fair. Courts sometimes treat commercial uses as presumptively unfair, but the

Supreme Court in Campbell rejected this presumption.

Note that courts struggle with defining what constitutes a “commercial” use (a common

problem with all doctrines that purport to distinguish commercial from non-commercial

activity). Publishers (even non-profit) routinely make money from advertising or content

sales (subscriptions, single items, etc.). Should this first factor categorically weigh against

them?

In this first factor, courts will also consider if the secondary use is transformative or just

redistributive. Transformative uses “add something new, with a further purpose or

different character, altering the first with new expression, meaning or message”

(Campbell). Occasionally, courts will not require the secondary use to add anything new if

the use serves a different purpose (e.g., Authors Guild v. Google). If a use is

“transformative,” that should weigh heavily towards a fair use finding (Campbell).

127.

Second Factor (Nature of Work).

The statute contemplates a spectrum from fact to fiction, where taking factual works is

more likely to be fair and taking fiction is less likely to be fair.

Some courts deem taking unpublished works presumptively unfair (Harper & Row), but

§107 was amended to negate any presumption.

Some courts treat fact/fiction and published/unpublished as two separate sub-factors.

Third Factor (Amount/Substantiality of Portion Taken).

Some courts say that taking the entire work is presumptively unfair. Taking the “heart of

the work,” even if it’s a small amount, usually isn’t fair.

Fourth Factor (Market Effect).

The fourth factor is routinely characterized as the most important factor (Harper & Row).

The factor evaluates (1) whether unrestricted and widespread conduct like the defendant’s

would substantively and adversely impact the market, and (2) the harm to the market for

derivative works when these derivative markets are “traditional, reasonable, or likely to be

developed markets” (Texaco), but some courts give the copyright owner the option not to

pursue a market (Castle Rock). Increasing demand for the underlying work doesn’t mitigate

any harm the usage causes to a derivative market (Harper & Row; Napster).

* * *

There are dozens of cases interpreting fair use on the Internet, and it would be impossible

to pick a single case to represent the entire genre. With that caveat, the Second Circuit’s

Google Books ruling (The Authors Guild v. Google, Inc., 804 F.3d 202 (2d Cir. 2015, written

by Judge Leval) deserves a closer look.

The case involved the Google Books database. Working with libraries, Google scanned tens

of millions of books, some of which had entered the public domain and others that were still

protected by copyright. Google indexed the scans in a database that enabled users to do full-

text keyword searches. Users can see previews of books that appeared in search results; the

previews allow users to see significant chunks of content but, in total, only a small fraction

of any complete book.

On behalf of the books’ copyright owners, The Authors Guild sued Google for copyright

infringement. After nearly a decade of litigation (protracted in part due to an attempted

settlement that the Second Circuit rejected), the Second Circuit ruled that Google Books

was protected by fair use:

Nature of the Use. The court says Google’s search indexing is transformative:

the purpose of Google’s copying of the original copyrighted books is to make

available significant information about those books, permitting a searcher to

128.

identify those that contain a word or term of interest, as well as those that do

not include reference to it

The display of book snippets is also transformative:

Snippet view adds important value to the basic transformative search

function, which tells only whether and how often the searched term appears

in the book. Merely knowing that a term of interest appears in a book does

not necessarily tell the searcher whether she needs to obtain the book,

because it does not reveal whether the term is discussed in a manner or

context falling within the scope of the searcher’s interest.

Google didn’t derive any revenues directly from Google Books, but it is still a profit-seeking

company. In the face of its transformative activities, the court says that’s immaterial. As

the court notes:

Many of the most universally accepted forms of fair use, such as news

reporting and commentary, quotation in historical or analytic books, reviews

of books, and performances, as well as parody, are all normally done

commercially for profit.

Nature of the Work. The court says this factor is not helpful in this case.

Amount/Substantiality of Portion Taken. With respect to the complete scans of books, the

court says:

not only is the copying of the totality of the original reasonably appropriate to

Google’s transformative purpose, it is literally necessary to achieve that

purpose. If Google copied less than the totality of the originals, its search

function could not advise searchers reliably whether their searched term

appears in a book (or how many times)

The court also blesses the display of snippets because of

the small size of the snippets (normally one eighth of a page), the blacklisting

of one snippet per page and of one page in every ten, the fact that no more

than three snippets are shown—and no more than one per page—for each

term searched, and the fact that the same snippets are shown for a searched

term no matter how many times, or from how many different computers, the

term is searched. In addition, Google does not provide snippet view for types

of books, such as dictionaries and cookbooks, for which viewing a small

segment is likely to satisfy the searcher’s need.

Even though repeated searches could expose multiple parts of a book, it appeared difficult

for a determined searcher to see more than 16% of any book, and even then those snippets

collectively may not be easily assembled into an organized sequence.

Market Effect. The court says the snippets might reduce book sales, but the snippets are not

effective competitive substitutes for the books; and lost sales might be due to the snippets

129.

answering the searchers’ factual questions, and copyright doesn’t protect that factual

information.

The court summarizes its fair use analysis:

Google’s unauthorized digitizing of copyright-protected works, creation of a

search functionality, and display of snippets from those works are non-

infringing fair uses. The purpose of the copying is highly transformative, the

public display of text is limited, and the revelations do not provide a

significant market substitute for the protected aspects of the originals.

Google’s commercial nature and profit motivation do not justify denial of fair

use.

Derivative Markets. The court explains:

Plaintiffs’ contention that Google has usurped their opportunity to access

paid and unpaid licensing markets for substantially the same functions that

Google provides fails, in part because the licensing markets in fact involve

very different functions than those that Google provides, and in part because

an author’s derivative rights do not include an exclusive right to supply

information (of the sort provided by Google) about her works.

Notice how closely Google’s lawyers worked with its engineers to develop a set of product

specifications that balanced users’ needs with the fair use factors—an impressive task

given that fair use isn’t readily quantifiable. If you were on the project team, how would you

have converted an equitable doctrine like fair use into concrete product specifications? Or

would you have been tempted to say “it’s not possible to quantify fair use, so we should kill

the project”?

Cautionary Note #1: every fair use case turns on its specific facts and the normative

instincts of what the deciding judge considers equitable, so don’t assume other cases will

follow the Google Books ruling.

Indeed, despite the obvious parallels to its own Google Books ruling from three years

earlier, the Second Circuit mostly rejected fair use for TVEyes’ database of video clips from

local TV news programs that let brand owners track discussions about their brands across

the country. Fox News Network LLC v. TVEyes, Inc., 883 F.3d 169 (2d Cir. 2018). Much of

the court’s decision turned on TVEyes’ configuration choices about letting its customers

watch and share video clips, which the court viewed as too generous.

Cautionary Note #2: Google’s fair use win was a Pyrrhic victory for Google Books. Over the

decade of litigation, Google progressively lost enthusiasm for the Google Books project and

stopped investing it in, effectively orphaning the entire project. See, e.g., James Somers,

Torching the Modern-Day Library of Alexandria, THE ATLANTIC, April 20, 2017,

https://www.theatlantic.com/technology/archive/2017/04/the-tragedy-of-google-

books/523320/; Scott Rosenberg, How Google Book Search Got Lost, WIRED, April 11, 2017,

https://www.wired.com/2017/04/how-google-book-search-got-lost/.

130.

The next case isn’t an Internet case (it involves the cable TV network), but it addresses an

essential question to online copyright law: assuming a copy is made online, who made it?

The answer to this question seems like it should be obvious. It isn’t.

The identity of who made “the copy” can affect many key aspects of an online copyright

lawsuit, including:

 The prima facie case. Direct liability is strict liability, while secondary infringement

claims have more stringent elements to prove. As a result, plaintiffs much prefer to

bring direct infringement claims.

 Defenses. The availability of Section 512’s safe harbor is available only if someone

else made the offending copy. Also, some fair use factors vary with the defendant’s

identity.

 A lawsuit’s viability. Potential defendants may be overseas, judgment-proof, or

simply too numerous to pursue cost-effectively, in which case plaintiffs want to find

more viable defendants.

Cartoon Network LP, LLLP v. CSC Holdings, Inc., 536 F.3d 121 (2d Cir. 2008)

Defendant-Appellant Cablevision Systems Corporation (“Cablevision”) wants to market a

new “Remote Storage” Digital Video Recorder system (“RS-DVR”), using a technology akin

to both traditional, set-top digital video recorders, like TiVo (“DVRs”), and the video-on-

demand (“VOD”) services provided by many cable companies. Plaintiffs-Appellees produce

copyrighted movies and television programs that they provide to Cablevision pursuant to

numerous licensing agreements. They contend that Cablevision, through the operation of

its RS-DVR system as proposed, would directly infringe their copyrights both by making

unauthorized reproductions, and by engaging in public performances, of their copyrighted

works. The material facts are not in dispute. Because we conclude that Cablevision would

not directly infringe plaintiffs’ rights under the Copyright Act by offering its RS-DVR

system to consumers, we reverse the district court’s award of summary judgment to

plaintiffs, and we vacate its injunction against Cablevision.

BACKGROUND

Today’s television viewers increasingly use digital video recorders (“DVRs”) instead of video

cassette recorders (“VCRs”) to record television programs and play them back later at their

convenience. DVRs generally store recorded programming on an internal hard drive rather

than a cassette. But, as this case demonstrates, the generic term “DVR” actually refers to a

growing number of different devices and systems. Companies like TiVo sell a stand-alone

DVR device that is typically connected to a user’s cable box and television much like a VCR.

Many cable companies also lease to their subscribers “set-top storage DVRs,” which

combine many of the functions of a standard cable box and a stand-alone DVR in a single

device.

In March 2006, Cablevision, an operator of cable television systems, announced the advent

of its new “Remote Storage DVR System.” As designed, the RS-DVR allows Cablevision

customers who do not have a stand-alone DVR to record cable programming on central hard

drives housed and maintained by Cablevision at a “remote” location. RS-DVR customers

131.

may then receive playback of those programs through their home television sets, using only

a remote control and a standard cable box equipped with the RS-DVR software. Cablevision

notified its content providers, including plaintiffs, of its plans to offer RS-DVR, but it did

not seek any license from them to operate or sell the RS-DVR.

Plaintiffs, which hold the copyrights to numerous movies and television programs, sued

Cablevision for declaratory and injunctive relief. They alleged that Cablevision’s proposed

operation of the RS-DVR would directly infringe their exclusive rights to both reproduce

and publicly perform their copyrighted works. Critically for our analysis here, plaintiffs

alleged theories only of direct infringement, not contributory infringement, and defendants

waived any defense based on fair use.

Ultimately, the United States District Court for the Southern District of New York (Denny

Chin, Judge), awarded summary judgment to the plaintiffs and enjoined Cablevision from

operating the RS-DVR system without licenses from its content providers. At the outset, we

think it helpful to an understanding of our decision to describe, in greater detail, both the

RS-DVR and the district court’s opinion.

I. Operation of the RS-DVR System

Cable companies like Cablevision aggregate television programming from a wide variety of

“content providers”—the various broadcast and cable channels that produce or provide

individual programs—and transmit those programs into the homes of their subscribers via

coaxial cable. At the outset of the transmission process, Cablevision gathers the content of

the various television channels into a single stream of data. Generally, this stream is

processed and transmitted to Cablevision’s customers in real time. Thus, if a Cartoon

Network program is scheduled to air Monday night at 8pm, Cartoon Network transmits

that program’s data to Cablevision and other cable companies nationwide at that time, and

the cable companies immediately re-transmit the data to customers who subscribe to that

channel.

Under the new RS-DVR, this single stream of data is split into two streams. The first is

routed immediately to customers as before. The second stream flows into a device called the

Broadband Media Router (“BMR”), which buffers the data stream, reformats it, and sends it

to the “Arroyo Server,” which consists, in relevant part, of two data buffers and a number of

high-capacity hard disks. The entire stream of data moves to the first buffer (the “primary

ingest buffer”), at which point the server automatically inquires as to whether any

customers want to record any of that programming. If a customer has requested a

particular program, the data for that program move from the primary buffer into a

secondary buffer, and then onto a portion of one of the hard disks allocated to that

customer. As new data flow into the primary buffer, they overwrite a corresponding

quantity of data already on the buffer. The primary ingest buffer holds no more than 0.1

seconds of each channel’s programming at any moment. Thus, every tenth of a second, the

data residing on this buffer are automatically erased and replaced. The data buffer in the

BMR holds no more than 1.2 seconds of programming at any time. While buffering occurs at

other points in the operation of the RS-DVR, only the BMR buffer and the primary ingest

buffer are utilized absent any request from an individual subscriber.

132.

As the district court observed, “the RS-DVR is not a single piece of equipment,” but rather

“a complex system requiring numerous computers, processes, networks of cables, and

facilities staffed by personnel twenty-four hours a day and seven days a week.” To the

customer, however, the processes of recording and playback on the RS-DVR are similar to

that of a standard set-top DVR. Using a remote control, the customer can record

programming by selecting a program in advance from an on-screen guide, or by pressing

the record button while viewing a given program. A customer cannot, however, record the

earlier portion of a program once it has begun. To begin playback, the customer selects the

show from an on-screen list of previously recorded programs. The principal difference in

operation is that, instead of sending signals from the remote to an on-set box, the viewer

sends signals from the remote, through the cable, to the Arroyo Server at Cablevision’s

central facility. In this respect, RS-DVR more closely resembles a VOD service, whereby a

cable subscriber uses his remote and cable box to request transmission of content, such as a

movie, stored on computers at the cable company’s facility. But unlike a VOD service, RS-

DVR users can only play content that they previously requested to be recorded.

Cablevision has some control over the content available for recording: a customer can only

record programs on the channels offered by Cablevision (assuming he subscribes to them).

Cablevision can also modify the system to limit the number of channels available and

considered doing so during development of the RS-DVR….

[Editor’s note: the following diagram may help you visualize Cablevision’s network]

Content Broadcaster

Cablevision

Viewer

Broadband Media Router

Arroyo Personal Storage

Personal Storage

Personal Storage

1.2 sec storage 0.1 sec storage

Content Broadcaster

Cablevision

Viewer

Content Broadcaster

Cablevision

Viewer

Broadband Media Router

Arroyo Personal Storage

Personal Storage

Personal Storage

1.2 sec storage 0.1 sec storage

Broadband Media Router

Arroyo Personal Storage

Personal Storage

Personal Storage

1.2 sec storage 0.1 sec storage

133.

DISCUSSION…

“Section 106 of the Copyright Act grants copyright holders a bundle of exclusive rights....”

This case implicates two of those rights: the right “to reproduce the copyrighted work in

copies,” and the right “to perform the copyrighted work publicly.” 17 U.S.C. § 106(1), (4). As

discussed above, the district court found that Cablevision infringed the first right by 1)

buffering the data from its programming stream and 2) copying content onto the Arroyo

Server hard disks to enable playback of a program requested by an RS-DVR customer. In

addition, the district court found that Cablevision would infringe the public performance

right by transmitting a program to an RS-DVR customer in response to that customer’s

playback request. We address each of these three allegedly infringing acts in turn.

I. The Buffer Data

It is undisputed that Cablevision, not any customer or other entity, takes the content from

one stream of programming, after the split, and stores it, one small piece at a time, in the

BMR buffer and the primary ingest buffer. As a result, the information is buffered before

any customer requests a recording, and would be buffered even if no such request were

made. The question is whether, by buffering the data that make up a given work,

Cablevision “reproduce[s]” that work “in copies,” 17 U.S.C. § 106(1), and thereby infringes

the copyright holder’s reproduction right.

“Copies,” as defined in the Copyright Act, “are material objects ... in which a work is fixed

by any method ... and from which the work can be ... reproduced.” The Act also provides

that a work is “‘fixed’ in a tangible medium of expression when its embodiment ... is

sufficiently permanent or stable to permit it to be ... reproduced ... for a period of more than

transitory duration.” We believe that this language plainly imposes two distinct but related

requirements: the work must be embodied in a medium, i.e., placed in a medium such that

it can be perceived, reproduced, etc., from that medium (the “embodiment requirement”),

and it must remain thus embodied “for a period of more than transitory duration” (the

“duration requirement”). Unless both requirements are met, the work is not “fixed” in the

buffer, and, as a result, the buffer data is not a “copy” of the original work whose data is

buffered.

The district court mistakenly limited its analysis primarily to the embodiment requirement.

As a result of this error, once it determined that the buffer data was “[c]learly ... capable of

being reproduced,” i.e., that the work was embodied in the buffer, the district court

concluded that the work was therefore “fixed” in the buffer, and that a copy had thus been

made. In doing so, it relied on a line of cases beginning with MAI Systems Corp. v. Peak

Computer Inc., 991 F.2d 511 (9th Cir. 1993). It also relied on the United States Copyright

Office’s 2001 report on the Digital Millennium Copyright Act, which states, in essence, that

an embodiment is fixed “[u]nless a reproduction manifests itself so fleetingly that it cannot

be copied.” (emphasis added).

The district court’s reliance on cases like MAI Systems is misplaced. In general, those cases

conclude that an alleged copy is fixed without addressing the duration requirement; it does

not follow, however, that those cases assume, much less establish, that such a requirement

134.

does not exist. Indeed, the duration requirement, by itself, was not at issue in MAI Systems

and its progeny. As a result, they do not speak to the issues squarely before us here: If a

work is only “embodied” in a medium for a period of transitory duration, can it be “fixed” in

that medium, and thus a copy? And what constitutes a period “of more than transitory

duration”?

In MAI Systems, defendant Peak Computer, Inc., performed maintenance and repairs on

computers made and sold by MAI Systems. In order to service a customer’s computer, a

Peak employee had to operate the computer and run the computer’s copyrighted operating

system software. The issue in MAI Systems was whether, by loading the software into the

computer’s RAM,1 the repairman created a “copy” as defined in § 101. The resolution of this

issue turned on whether the software’s embodiment in the computer’s RAM was “fixed,”

within the meaning of the same section. The Ninth Circuit concluded that

by showing that Peak loads the software into the RAM and is then able to

view the system error log and diagnose the problem with the computer, MAI

has adequately shown that the representation created in the RAM is

“sufficiently permanent or stable to permit it to be perceived, reproduced, or

otherwise communicated for a period of more than transitory duration.”

The MAI Systems court referenced the “transitory duration” language but did not discuss or

analyze it. The opinion notes that the defendants “vigorously” argued that the program’s

embodiment in the RAM was not a copy, but it does not specify the arguments defendants

made. This omission suggests that the parties did not litigate the significance of the

“transitory duration” language, and the court therefore had no occasion to address it. This

is unsurprising, because it seems fair to assume that in these cases the program was

embodied in the RAM for at least several minutes.

Accordingly, we construe MAI Systems and its progeny as holding that loading a program

into a computer’s RAM can result in copying that program. We do not read MAI Systems as

holding that, as a matter of law, loading a program into a form of RAM always results in

copying. Such a holding would read the “transitory duration” language out of the definition,

and we do not believe our sister circuit would dismiss this statutory language without even

discussing it. It appears the parties in MAI Systems simply did not dispute that the

duration requirement was satisfied; this line of cases simply concludes that when a

program is loaded into RAM, the embodiment requirement is satisfied—an important

holding in itself, and one we see no reason to quibble with here.

At least one court, relying on MAI Systems in a highly similar factual setting, has made this

point explicitly. In Advanced Computer Services of Michigan, Inc. v. MAI Systems Corp.,

the district court expressly noted that the unlicensed user in that case ran copyrighted

diagnostic software “for minutes or longer,” but that the program’s embodiment in the

computer’s RAM might be too ephemeral to be fixed if the computer had been shut down

“within seconds or fractions of a second” after loading the copyrighted program. We have no

quarrel with this reasoning; it merely makes explicit the reasoning that is implicit in the

1 To run a computer program, the data representing that program must be transferred from a data storage

medium (such as a floppy disk or a hard drive) to a form of Random Access Memory (“RAM”) where the data can

be processed. The data buffers at issue here are also a form of RAM.

135.

other MAI Systems cases. Accordingly, those cases provide no support for the conclusion

that the definition of “fixed” does not include a duration requirement.

Nor does the Copyright Office’s 2001 DMCA Report, also relied on by the district court in

this case, explicitly suggest that the definition of “fixed” does not contain a duration

requirement. However, as noted above, it does suggest that an embodiment is fixed

“[u]nless a reproduction manifests itself so fleetingly that it cannot be copied, perceived or

communicated.” As we have stated, to determine whether a work is “fixed” in a given

medium, the statutory language directs us to ask not only 1) whether a work is “embodied”

in that medium, but also 2) whether it is embodied in the medium “for a period of more

than transitory duration.” According to the Copyright Office, if the work is capable of being

copied from that medium for any amount of time, the answer to both questions is “yes.” The

problem with this interpretation is that it reads the “transitory duration” language out of

the statute.

We assume, as the parties do, that the Copyright Office’s pronouncement deserves only

Skidmore deference, deference based on its “power to persuade.” And because the Office’s

interpretation does not explain why Congress would include language in a definition if it

intended courts to ignore that language, we are not persuaded.

In sum, no case law or other authority dissuades us from concluding that the definition of

“fixed” imposes both an embodiment requirement and a duration requirement. Accord

CoStar Group Inc. v. LoopNet, Inc., 373 F.3d 544, 551 (4th Cir. 2004) (while temporary

reproductions “may be made in this transmission process, they would appear not to be

‘fixed’ in the sense that they are ‘of more than transitory duration’”). We now turn to

whether, in this case, those requirements are met by the buffer data.

Cablevision does not seriously dispute that copyrighted works are “embodied” in the buffer.

Data in the BMR buffer can be reformatted and transmitted to the other components of the

RS-DVR system. Data in the primary ingest buffer can be copied onto the Arroyo hard disks

if a user has requested a recording of that data. Thus, a work’s “embodiment” in either

buffer “is sufficiently permanent or stable to permit it to be perceived, reproduced,” (as in

the case of the ingest buffer) “or otherwise communicated” (as in the BMR buffer). The

result might be different if only a single second of a much longer work was placed in the

buffer in isolation. In such a situation, it might be reasonable to conclude that only a

minuscule portion of a work, rather than “a work” was embodied in the buffer. Here,

however, where every second of an entire work is placed, one second at a time, in the buffer,

we conclude that the work is embodied in the buffer.

Does any such embodiment last “for a period of more than transitory duration”? No bit of

data remains in any buffer for more than a fleeting 1.2 seconds. And unlike the data in

cases like MAI Systems, which remained embodied in the computer’s RAM memory until

the user turned the computer off, each bit of data here is rapidly and automatically

overwritten as soon as it is processed. While our inquiry is necessarily fact-specific, and

other factors not present here may alter the duration analysis significantly, these facts

strongly suggest that the works in this case are embodied in the buffer for only a

“transitory” period, thus failing the duration requirement.

136.

Against this evidence, plaintiffs argue only that the duration is not transitory because the

data persist “long enough for Cablevision to make reproductions from them.” As we have

explained above, however, this reasoning impermissibly reads the duration language out of

the statute, and we reject it. Given that the data reside in no buffer for more than 1.2

seconds before being automatically overwritten, and in the absence of compelling

arguments to the contrary, we believe that the copyrighted works here are not “embodied”

in the buffers for a period of more than transitory duration, and are therefore not “fixed” in

the buffers. Accordingly, the acts of buffering in the operation of the RS-DVR do not create

copies, as the Copyright Act defines that term. Our resolution of this issue renders it

unnecessary for us to determine whether any copies produced by buffering data would be de

minimis, and we express no opinion on that question.

II. Direct Liability for Creating the Playback Copies

In most copyright disputes, the allegedly infringing act and the identity of the infringer are

never in doubt. These cases turn on whether the conduct in question does, in fact, infringe

the plaintiff’s copyright. In this case, however, the core of the dispute is over the authorship

of the infringing conduct. After an RS-DVR subscriber selects a program to record, and that

program airs, a copy of the program—a copyrighted work—resides on the hard disks of

Cablevision’s Arroyo Server, its creation unauthorized by the copyright holder. The

question is who made this copy. If it is Cablevision, plaintiffs’ theory of direct infringement

succeeds; if it is the customer, plaintiffs’ theory fails because Cablevision would then face,

at most, secondary liability, a theory of liability expressly disavowed by plaintiffs.

Few cases examine the line between direct and contributory liability. Both parties cite a

line of cases beginning with Religious Technology Center v. Netcom On-Line

Communication Services, 907 F. Supp. 1361 (N.D. Cal. 1995). In Netcom, a third-party

customer of the defendant Internet service provider (“ISP”) posted a copyrighted work that

was automatically reproduced by the defendant’s computer. The district court refused to

impose direct liability on the ISP, reasoning that “[a]lthough copyright is a strict liability

statute, there should still be some element of volition or causation which is lacking where a

defendant’s system is merely used to create a copy by a third party.” Recently, the Fourth

Circuit endorsed the Netcom decision, noting that

to establish direct liability under ... the Act, something more must be shown

than mere ownership of a machine used by others to make illegal copies.

There must be actual infringing conduct with a nexus sufficiently close and

causal to the illegal copying that one could conclude that the machine owner

himself trespassed on the exclusive domain of the copyright owner.”

CoStar Group, Inc. v. LoopNet, Inc., 373 F.3d 544, 550 (4th Cir. 2004).

Here, the district court pigeon-holed the conclusions reached in Netcom and its progeny as

“premised on the unique attributes of the Internet.” While the Netcom court was plainly

concerned with a theory of direct liability that would effectively “hold the entire Internet

liable” for the conduct of a single user, its reasoning and conclusions, consistent with

precedents of this court and the Supreme Court, and with the text of the Copyright Act,

transcend the Internet. Like the Fourth Circuit, we reject the contention that “the Netcom

decision was driven by expedience and that its holding is inconsistent with the established

137.

law of copyright,” and we find it “a particularly rational interpretation of § 106,” rather

than a special-purpose rule applicable only to ISPs.

When there is a dispute as to the author of an allegedly infringing instance of reproduction,

Netcom and its progeny direct our attention to the volitional conduct that causes the copy to

be made. There are only two instances of volitional conduct in this case: Cablevision’s

conduct in designing, housing, and maintaining a system that exists only to produce a copy,

and a customer’s conduct in ordering that system to produce a copy of a specific program. In

the case of a VCR, it seems clear—and we know of no case holding otherwise—that the

operator of the VCR, the person who actually presses the button to make the recording,

supplies the necessary element of volition, not the person who manufactures, maintains, or,

if distinct from the operator, owns the machine. We do not believe that an RS-DVR

customer is sufficiently distinguishable from a VCR user to impose liability as a direct

infringer on a different party for copies that are made automatically upon that customer’s

command.

The district court emphasized the fact that copying is “instrumental” rather than

“incidental” to the function of the RS-DVR system. While that may distinguish the RS-DVR

from the ISPs in Netcom and CoStar, it does not distinguish the RS-DVR from a VCR, a

photocopier, or even a typical copy shop. And the parties do not seem to contest that a

company that merely makes photocopiers available to the public on its premises, without

more, is not subject to liability for direct infringement for reproductions made by customers

using those copiers. They only dispute whether Cablevision is similarly situated to such a

proprietor.

The district court found Cablevision analogous to a copy shop that makes course packs for

college professors. In the leading case involving such a shop, for example, “[t]he professor

[gave] the copyshop the materials of which the coursepack [was] to be made up, and the

copyshop [did] the rest.” Princeton Univ. Press v. Mich. Document Servs., 99 F.3d 1381,

1384 (6th Cir. 1996) (en banc). There did not appear to be any serious dispute in that case

that the shop itself was directly liable for reproducing copyrighted works. The district court

here found that Cablevision, like this copy shop, would be “doing” the copying, albeit “at the

customer’s behest.”

But because volitional conduct is an important element of direct liability, the district court’s

analogy is flawed. In determining who actually “makes” a copy, a significant difference

exists between making a request to a human employee, who then volitionally operates the

copying system to make the copy, and issuing a command directly to a system, which

automatically obeys commands and engages in no volitional conduct. In cases like Princeton

University Press, the defendants operated a copying device and sold the product they made

using that device. See 99 F.3d at 1383 (“The corporate defendant ... is a commercial

copyshop that reproduced substantial segments of copyrighted works of scholarship, bound

the copies into ‘coursepacks,’ and sold the coursepacks to students....”). Here, by selling

access to a system that automatically produces copies on command, Cablevision more

closely resembles a store proprietor who charges customers to use a photocopier on his

premises, and it seems incorrect to say, without more, that such a proprietor “makes” any

copies when his machines are actually operated by his customers. Some courts have held to

the contrary, but they do not explicitly explain why, and we find them unpersuasive. See,

e.g., Elektra Records Co. v. Gem Elec. Distribs., Inc., 360 F. Supp. 821, 823 (E.D.N.Y. 1973)

138.

(concluding that, “regardless” of whether customers or defendants’ employees operated the

tape-copying machines at defendants’ stores, defendant had actively infringed copyrights).

The district court also emphasized Cablevision’s “unfettered discretion in selecting the

programming that it would make available for recording.” This conduct is indeed more

proximate to the creation of illegal copying than, say, operating an ISP or opening a copy

shop, where all copied content was supplied by the customers themselves or other third

parties. Nonetheless, we do not think it sufficiently proximate to the copying to displace the

customer as the person who “makes” the copies when determining liability under the

Copyright Act. Cablevision, we note, also has subscribers who use home VCRs or DVRs

(like TiVo), and has significant control over the content recorded by these customers. But

this control is limited to the channels of programming available to a customer and not to

the programs themselves. Cablevision has no control over what programs are made

available on individual channels or when those programs will air, if at all. In this respect,

Cablevision possesses far less control over recordable content than it does in the VOD

context, where it actively selects and makes available beforehand the individual programs

available for viewing. For these reasons, we are not inclined to say that Cablevision, rather

than the user, “does” the copying produced by the RS-DVR system. As a result, we find that

the district court erred in concluding that Cablevision, rather than its RS-DVR customers,

makes the copies carried out by the RS-DVR system.

Our refusal to find Cablevision directly liable on these facts is buttressed by the existence

and contours of the Supreme Court’s doctrine of contributory liability in the copyright

context. After all, the purpose of any causation-based liability doctrine is to identify the

actor (or actors) whose “conduct has been so significant and important a cause that [he or

she] should be legally responsible.” But here, to the extent that we may construe the

boundaries of direct liability more narrowly, the doctrine of contributory liability stands

ready to provide adequate protection to copyrighted works.

Most of the facts found dispositive by the district court—e.g., Cablevision’s “continuing

relationship” with its RS-DVR customers, its control over recordable content, and the

“instrumental[ity]” of copying to the RS-DVR system—seem to us more relevant to the

question of contributory liability. In Sony Corp. of America v. Universal City Studios, Inc.,

the lack of an “ongoing relationship” between Sony and its VCR customers supported the

Court’s conclusion that it should not impose contributory liability on Sony for any infringing

copying done by Sony VCR owners. The Sony Court did deem it “just” to impose liability on

a party in a “position to control” the infringing uses of another, but as a contributory, not

direct, infringer. And asking whether copying copyrighted material is only “incidental” to a

given technology is akin to asking whether that technology has “commercially significant

noninfringing uses,” another inquiry the Sony Court found relevant to whether imposing

contributory liability was just.

The Supreme Court’s desire to maintain a meaningful distinction between direct and

contributory copyright infringement is consistent with congressional intent. The Patent

Act, unlike the Copyright Act, expressly provides that someone who “actively induces

infringement of a patent” is “liable as an infringer,” just like someone who commits the

underlying infringing act by “us[ing]” a patented invention without authorization. In

contrast, someone who merely “sells ... a material or apparatus for use in practicing a

patented process” faces only liability as a “contributory infringer.” If Congress had meant to

139.

assign direct liability to both the person who actually commits a copyright-infringing act

and any person who actively induces that infringement, the Patent Act tells us that it knew

how to draft a statute that would have this effect. Because Congress did not do so, the Sony

Court concluded that “[t]he Copyright Act does not expressly render anyone liable for

infringement committed by another.” Furthermore, in cases like Sony, the Supreme Court

has strongly signaled its intent to use the doctrine of contributory infringement, not direct

infringement, to “identify[] the circumstances in which it is just to hold one individual

accountable for the actions of another.” Thus, although Sony warns us that “the lines

between direct infringement, contributory infringement, and vicarious liability are not

clearly drawn,” that decision does not absolve us of our duty to discern where that line falls

in cases, like this one, that require us to decide the question.

The district court apparently concluded that Cablevision’s operation of the RS-DVR system

would contribute in such a major way to the copying done by another that it made sense to

say that Cablevision was a direct infringer, and thus, in effect, was “doing” the relevant

copying. There are certainly other cases, not binding on us, that follow this approach. See,

e.g., Playboy Enters. v. Russ Hardenburgh, Inc., 982 F. Supp. 503, 513 (N.D. Ohio 1997)

(noting that defendant ISP’s encouragement of its users to copy protected files was “crucial”

to finding that it was a direct infringer). We need not decide today whether one’s

contribution to the creation of an infringing copy may be so great that it warrants holding

that party directly liable for the infringement, even though another party has actually

made the copy. We conclude only that on the facts of this case, copies produced by the RS-

DVR system are “made” by the RS-DVR customer, and Cablevision’s contribution to this

reproduction by providing the system does not warrant the imposition of direct liability.

Therefore, Cablevision is entitled to summary judgment on this point, and the district court

erred in awarding summary judgment to plaintiffs….

[In the third section, the Second Circuit held that Cablevision’s playback of the recording

did not constitute an infringing public performance:

Because each RS-DVR playback transmission is made to a single subscriber

using a single unique copy produced by that subscriber, we conclude that

such transmissions are not performances “to the public,” and therefore do not

infringe any exclusive right of public performance.]

NOTES AND QUESTIONS

Application to Web Browsing. Is web browsing an infringement of the browsed web

page/file? If so, who is the infringer—the browser, the website operator, a third party

licensee who provided content to the website operator, some combination of the three, or all

three? Does your answer depend on whether the browsed file is uploaded with or without

the copyright owner’s permission?

Application to Retweeting. Assume for a moment that a tweet is copyrightable. If a user

“retweets” another user’s tweet, did the retweeting user “make” a copy? Did Twitter? What

about when a Tumblr user “reblogs” another user’s post? Twitter and Tumblr may obtain

express or implied licenses on behalf of other users to authorize retweeting/reblogging, but

that won’t help if the original tweet/post infringed. See Bell v. Chicago Cubs Baseball Club

LLC, 2020 WL 550605 (N.D. Ill. 2020) (retweeting may be direct infringement); Goldman v.

140.

Breitbart News Network, LLC, 302 F. Supp. 3d 585 (S.D.N.Y. 2018) (embedding a tweet on

a web page constitutes copyright infringement).

Every Copy Counts. Like the Google Books case, the Cablevision court analyzed each and

every copy made via the defendant’s system. If any one of those copies had been infringing,

the copyright owner would have won even if the defendant had a good excuse for the other

copies. When doing your legal analysis, account for each and every copy.

What Cablevision Didn’t Address. The litigants struck a deal: the plaintiffs agreed not to

assert secondary copyright infringement if Cablevision agreed not to assert a fair use

defense. Thus, the case didn’t resolve either issue. From the plaintiff’s perspective, did it

make a good deal with a bad outcome? In light of the Google Books ruling, how strong

would Cablevision’s fair use defense have been?

Supreme Court Ruling in ABC v. Aereo. Aereo provided a subscription service for local

broadcast television that subscribers could watch via the Internet (as opposed to via cable

or a local antenna), either nearly live or on a delayed basis using an Aereo-operated DVR

set-up similar to Cablevision’s. It directly competed with cable subscription services. Aereo

had a large farm of tiny dime-sized antennae to receive broadcast signals, and it assigned

an individual antenna to each subscriber when providing services. Thus, Aereo claimed its

subscribers simply received broadcast signals via their own personal antenna, even though

that antenna was physically located in Aereo’s offices, not on the subscriber’s premises.

In a 6-3 ruling, the Supreme Court held that Aereo’s system infringed the broadcasters’

public performance right. American Broadcasting Cos. v. Aereo, Inc., 573 U.S. 431 (2014).

Specifically, the court held that Aereo performed the broadcasts (the users also might have

performed). Thus, the court emphatically rejected Aereo’s basic contentions that it was a

passive technology provider and that users made the legally significant choices by

configuring Aereo’s technology for their personal use.

The Aereo majority responded poorly to Aereo’s argument that assigning a small antenna to

each subscriber meant that it could avoid the legal regulations applicable to cable services:

141.

Viewed in terms of Congress’ regulatory objectives, why should any of these

technological differences matter? They concern the behind-the-scenes way in

which Aereo delivers television programming to its viewers’ screens. They do

not render Aereo’s commercial objective any different from that of cable

companies. Nor do they significantly alter the viewing experience of Aereo’s

subscribers. Why would a subscriber who wishes to watch a television show

care much whether images and sounds are delivered to his screen via a large

multisubscriber antenna or one small dedicated antenna, whether they arrive

instantaneously or after a few seconds’ delay, or whether they are

transmitted directly or after a personal copy is made?

Although the Aereo majority opinion was drafted narrowly to specifically resolve Aereo’s

practices, the ruling raised more questions than it answers, including:

 If a new marketplace entrant uses different technology to replicate the incumbent’s

functions, will courts ignore the technical differences in determining the legal

consequences? Focusing on functional similarity, rather than the specific

technological implications, would chill new entrepreneurs who rely on technological

innovation to fit into different legal categories than incumbents.

 The ruling says that Aereo was too cable-like, so Congress must have meant to

regulate it like cable services. If Congress left a gap in the Copyright Act’s wording,

was it appropriate for the court to fill in this gap, or should Congress have the sole

responsibility to fill any regulatory gaps it created?

 How did the Aereo ruling impact the Cablevision ruling? Aereo tries to limit its

holding to near-real-time delivery of the broadcast signals, so the opinion didn’t

directly opine on DVR-as-a-service. But does the opinion overturn the basic premise

that Cablevision was a passive technology provider and only its users took the

legally significant actions? Also, the Supreme Court specifically held that Aereo

performed “to the public,” possibly abrogating one of the grounds for Cablevision’s

win.

The Supreme Court’s ruling was fatal to Aereo. See Sara Randazzo, TiVo, Others Buy

Scraps of Aereo at Bankruptcy Auction, WALL ST. J., Feb. 26, 2015,

https://www.wsj.com/articles/tivo-others-buy-scraps-of-aereo-at-bankruptcy-auction-

1424992904. Is Aereo’s demise something to celebrate or lament? What message does it

send to other entrepreneurs in analogous or similar fields?

What Does “Volition” Mean? The Cablevision opinion references a lack of “volitional”

activity, but what does that mean? In Perfect 10, Inc. v. Giganews, Inc., 847 F.3d 657 (9th

Cir. 2017), the Ninth Circuit equated “volition” with “proximate causation.” It was lacking

in that case because “Perfect 10 provides no evidence showing Giganews exercised control

(other than by general operation of a Usenet service); selected any material for upload,

download, transmission, or storage; or instigated any copying, storage, or distribution.”

Quoting a Fourth Circuit opinion (CoStar v. LoopNet), the court added that “automatic

copying, storage, and transmission of copyrighted materials, when instigated by others,

does not render an [Internet service provider] strictly liable for copyright infringement[.]”

Accord VHT, Inc. v. Zillow Group, 918 F.3d 723 (9th Cir. 2019); BWP Media USA, Inc. v. T

& S Software Associates, Inc., 852 F.3d 436 (5th Cir. 2017) (“T&S hosts the forum on which

142.

infringing content was posted, but its connection to the infringement ends there. The users

posted the infringing content.”); but see BWP Media USA Inc. v. Polyvore, Inc., 922 F.3d 42

(2d Cir. 2019) (where three Second Circuit judges could not agree on the definition of

“volition,” including one judge who emphatically insisted that it did not equal “proximate

causation”). Note that “lack of volition” is a defense only to direct copyright infringement; it

does not negate potential contributory or vicarious infringement claims.

Where Does Infringement Occur? A Polish service operating foreign servers streamed US-

copyrighted videos to US viewers. Citing Aereo, the District of Columbia Circuit said “a

broadcaster and a viewer can both be liable for the same performance” and held that “where

a foreign broadcaster uploads copyrighted content to its website and directs that content

onto a computer screen in the United States at a user’s request, the broadcaster commits an

actionable domestic violation of the Copyright Act.” Spanski Enterprises, Inc. v. Telewizja

Polska, S.A., 883 F.3d 904 (D.C. Cir. 2018).

143.

The following case was the Supreme Court’s first online copyright case. It involves peer-to-

peer file sharing of music, which has been eclipsed by online music streaming options like

Spotify and YouTube. In addition to the court’s legal holding, consider the jurisprudential

challenges posed by new and evolving technology that courts don’t fully understand.

Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913 (2005).

Souter, Justice.

The question is under what circumstances the distributor of a product capable of both

lawful and unlawful use is liable for acts of copyright infringement by third parties using

the product. We hold that one who distributes a device with the object of promoting its use

to infringe copyright, as shown by clear expression or other affirmative steps taken to foster

infringement, is liable for the resulting acts of infringement by third parties.

I

A

Respondents, Grokster, Ltd., and StreamCast Networks, Inc., defendants in the trial court,

distribute free software products that allow computer users to share electronic files through

peer-to-peer networks, so called because users’ computers communicate directly with each

other, not through central servers. The advantage of peer-to-peer networks over

information networks of other types shows up in their substantial and growing popularity.

Because they need no central computer server to mediate the exchange of information or

files among users, the high-bandwidth communications capacity for a server may be

dispensed with, and the need for costly server storage space is eliminated. Since copies of a

file (particularly a popular one) are available on many users’ computers, file requests and

retrievals may be faster than on other types of networks, and since file exchanges do not

travel through a server, communications can take place between any computers that

remain connected to the network without risk that a glitch in the server will disable the

network in its entirety. Given these benefits in security, cost, and efficiency, peer-to-peer

networks are employed to store and distribute electronic files by universities, government

agencies, corporations, and libraries, among others.1

Other users of peer-to-peer networks include individual recipients of Grokster’s and

StreamCast’s software, and although the networks that they enjoy through using the

software can be used to share any type of digital file, they have prominently employed those

networks in sharing copyrighted music and video files without authorization. A group of

copyright holders (MGM for short, but including motion picture studios, recording

companies, songwriters, and music publishers) sued Grokster and StreamCast for their

users’ copyright infringements, alleging that they knowingly and intentionally distributed

their software to enable users to reproduce and distribute the copyrighted works in

violation of the Copyright Act, 17 U.S.C. § 101 et seq. MGM sought damages and an

injunction.

1 Peer-to-peer networks have disadvantages as well. Searches on peer-to-peer networks may not reach and

uncover all available files because search requests may not be transmitted to every computer on the network.

There may be redundant copies of popular files. The creator of the software has no incentive to minimize storage

or bandwidth consumption, the costs of which are borne by every user of the network. Most relevant here, it is

more difficult to control the content of files available for retrieval and the behavior of users.

144.

Discovery during the litigation revealed the way the software worked, the business aims of

each defendant company, and the predilections of the users. Grokster’s eponymous software

employs what is known as FastTrack technology, a protocol developed by others and

licensed to Grokster. StreamCast distributes a very similar product except that its

software, called Morpheus, relies on what is known as Gnutella technology. A user who

downloads and installs either software possesses the protocol to send requests for files

directly to the computers of others using software compatible with FastTrack or Gnutella.

On the FastTrack network opened by the Grokster software, the user’s request goes to a

computer given an indexing capacity by the software and designated a supernode, or to

some other computer with comparable power and capacity to collect temporary indexes of

the files available on the computers of users connected to it. The supernode (or indexing

computer) searches its own index and may communicate the search request to other

supernodes. If the file is found, the supernode discloses its location to the computer

requesting it, and the requesting user can download the file directly from the computer

located. The copied file is placed in a designated sharing folder on the requesting user’s

computer, where it is available for other users to download in turn, along with any other

file in that folder.

In the Gnutella network made available by Morpheus, the process is mostly the same,

except that in some versions of the Gnutella protocol there are no supernodes. In these

versions, peer computers using the protocol communicate directly with each other. When a

user enters a search request into the Morpheus software, it sends the request to computers

connected with it, which in turn pass the request along to other connected peers. The

search results are communicated to the requesting computer, and the user can download

desired files directly from peers’ computers. As this description indicates, Grokster and

StreamCast use no servers to intercept the content of the search requests or to mediate the

file transfers conducted by users of the software, there being no central point through which

the substance of the communications passes in either direction.4

Although Grokster and StreamCast do not therefore know when particular files are copied,

a few searches using their software would show what is available on the networks the

software reaches. MGM commissioned a statistician to conduct a systematic search, and his

study showed that nearly 90% of the files available for download on the FastTrack system

were copyrighted works.5 Grokster and StreamCast dispute this figure, raising

methodological problems and arguing that free copying even of copyrighted works may be

authorized by the rightholders. They also argue that potential noninfringing uses of their

software are significant in kind, even if infrequent in practice. Some musical performers,

for example, have gained new audiences by distributing their copyrighted works for free

across peer-to-peer networks, and some distributors of unprotected content have used peer-

to-peer networks to disseminate files, Shakespeare being an example. Indeed, StreamCast

has given Morpheus users the opportunity to download the briefs in this very case, though

their popularity has not been quantified.

4 There is some evidence that both Grokster and StreamCast previously operated supernodes, which compiled

indexes of files available on all of the nodes connected to them. This evidence, pertaining to previous versions of

the defendants’ software, is not before us and would not affect our conclusions in any event. 5 By comparison, evidence introduced by the plaintiffs in A&M Records, Inc. v. Napster, Inc., 239 F.3d 1004

(C.A.9 2001), showed that 87% of files available on the Napster file-sharing network were copyrighted.

145.

As for quantification, the parties’ anecdotal and statistical evidence entered thus far to

show the content available on the FastTrack and Gnutella networks does not say much

about which files are actually downloaded by users, and no one can say how often the

software is used to obtain copies of unprotected material. But MGM’s evidence gives reason

to think that the vast majority of users’ downloads are acts of infringement, and because

well over 100 million copies of the software in question are known to have been

downloaded, and billions of files are shared across the FastTrack and Gnutella networks

each month, the probable scope of copyright infringement is staggering.

Grokster and StreamCast concede the infringement in most downloads, and it is

uncontested that they are aware that users employ their software primarily to download

copyrighted files, even if the decentralized FastTrack and Gnutella networks fail to reveal

which files are being copied, and when. From time to time, moreover, the companies have

learned about their users’ infringement directly, as from users who have sent e-mail to each

company with questions about playing copyrighted movies they had downloaded, to whom

the companies have responded with guidance. And MGM notified the companies of 8 million

copyrighted files that could be obtained using their software.

Grokster and StreamCast are not, however, merely passive recipients of information about

infringing use. The record is replete with evidence that from the moment Grokster and

StreamCast began to distribute their free software, each one clearly voiced the objective

that recipients use it to download copyrighted works, and each took active steps to

encourage infringement.

After the notorious file-sharing service, Napster, was sued by copyright holders for

facilitation of copyright infringement, A&M Records, Inc. v. Napster, Inc., 114 F. Supp. 2d

896 (N.D. Cal. 2000), aff’d in part, rev’d in part, 239 F.3d 1004 (C.A.9 2001), StreamCast

gave away a software program of a kind known as OpenNap, designed as compatible with

the Napster program and open to Napster users for downloading files from other Napster

and OpenNap users’ computers. Evidence indicates that “[i]t was always [StreamCast’s]

intent to use [its OpenNap network] to be able to capture email addresses of [its] initial

target market so that [it] could promote [its] StreamCast Morpheus interface to them”;

indeed, the OpenNap program was engineered “‘to leverage Napster’s 50 million user base.’”

StreamCast monitored both the number of users downloading its OpenNap program and

the number of music files they downloaded. It also used the resulting OpenNap network to

distribute copies of the Morpheus software and to encourage users to adopt it. Internal

company documents indicate that StreamCast hoped to attract large numbers of former

Napster users if that company was shut down by court order or otherwise, and that

StreamCast planned to be the next Napster. A kit developed by StreamCast to be delivered

to advertisers, for example, contained press articles about StreamCast’s potential to

capture former Napster users, and it introduced itself to some potential advertisers as a

company “which is similar to what Napster was.” It broadcast banner advertisements to

users of other Napster-compatible software, urging them to adopt its OpenNap. An internal

e-mail from a company executive stated: “‘We have put this network in place so that when

Napster pulls the plug on their free service ... or if the Court orders them shut down prior to

that ... we will be positioned to capture the flood of their 32 million users that will be

actively looking for an alternative.’”

146.

Thus, StreamCast developed promotional materials to market its service as the best

Napster alternative. One proposed advertisement read: “Napster Inc. has announced that it

will soon begin charging you a fee. That’s if the courts don’t order it shut down first. What

will you do to get around it?” Another proposed ad touted StreamCast’s software as the “# 1

alternative to Napster” and asked “[w]hen the lights went off at Napster ... where did the

users go?” (ellipsis in original).7 StreamCast even planned to flaunt the illegal uses of its

software; when it launched the OpenNap network, the chief technology officer of the

company averred that “[t]he goal is to get in trouble with the law and get sued. It’s the best

way to get in the new[s].”

The evidence that Grokster sought to capture the market of former Napster users is sparser

but revealing, for Grokster launched its own OpenNap system called Swaptor and inserted

digital codes into its Web site so that computer users using Web search engines to look for

“Napster” or “[f]ree file sharing” would be directed to the Grokster Web site, where they

could download the Grokster software. And Grokster’s name is an apparent derivative of

Napster.

StreamCast’s executives monitored the number of songs by certain commercial artists

available on their networks, and an internal communication indicates they aimed to have a

larger number of copyrighted songs available on their networks than other file-sharing

networks. The point, of course, would be to attract users of a mind to infringe, just as it

would be with their promotional materials developed showing copyrighted songs as

examples of the kinds of files available through Morpheus. Morpheus in fact allowed users

to search specifically for “Top 40” songs, which were inevitably copyrighted. Similarly,

Grokster sent users a newsletter promoting its ability to provide particular, popular

copyrighted materials.

In addition to this evidence of express promotion, marketing, and intent to promote further,

the business models employed by Grokster and StreamCast confirm that their principal

object was use of their software to download copyrighted works. Grokster and StreamCast

receive no revenue from users, who obtain the software itself for nothing. Instead, both

companies generate income by selling advertising space, and they stream the advertising to

Grokster and Morpheus users while they are employing the programs. As the number of

users of each program increases, advertising opportunities become worth more. While there

is doubtless some demand for free Shakespeare, the evidence shows that substantive

volume is a function of free access to copyrighted work. Users seeking Top 40 songs, for

example, or the latest release by Modest Mouse, are certain to be far more numerous than

those seeking a free Decameron, and Grokster and StreamCast translated that demand into

dollars.

Finally, there is no evidence that either company made an effort to filter copyrighted

material from users’ downloads or otherwise impede the sharing of copyrighted files.

Although Grokster appears to have sent e-mails warning users about infringing content

when it received threatening notice from the copyright holders, it never blocked anyone

7 The record makes clear that StreamCast developed these promotional materials but not whether it released

them to the public. Even if these advertisements were not released to the public and do not show

encouragement to infringe, they illuminate StreamCast’s purposes.

147.

from continuing to use its software to share copyrighted files. StreamCast not only rejected

another company’s offer of help to monitor infringement, but blocked the Internet Protocol

addresses of entities it believed were trying to engage in such monitoring on its networks….

II

A

MGM and many of the amici fault the Court of Appeals’s holding for upsetting a sound

balance between the respective values of supporting creative pursuits through copyright

protection and promoting innovation in new communication technologies by limiting the

incidence of liability for copyright infringement. The more artistic protection is favored, the

more technological innovation may be discouraged; the administration of copyright law is

an exercise in managing the tradeoff. See Sony Corp. v. Universal City Studios, supra, at

442.

The tension between the two values is the subject of this case, with its claim that digital

distribution of copyrighted material threatens copyright holders as never before, because

every copy is identical to the original, copying is easy, and many people (especially the

young) use file-sharing software to download copyrighted works. This very breadth of the

software’s use may well draw the public directly into the debate over copyright policy, and

the indications are that the ease of copying songs or movies using software like Grokster’s

and Napster’s is fostering disdain for copyright protection. As the case has been presented

to us, these fears are said to be offset by the different concern that imposing liability, not

only on infringers but on distributors of software based on its potential for unlawful use,

could limit further development of beneficial technologies.8

The argument for imposing indirect liability in this case is, however, a powerful one, given

the number of infringing downloads that occur every day using StreamCast’s and

Grokster’s software. When a widely shared service or product is used to commit

infringement, it may be impossible to enforce rights in the protected work effectively

against all direct infringers, the only practical alternative being to go against the

distributor of the copying device for secondary liability on a theory of contributory or

vicarious infringement.

One infringes contributorily by intentionally inducing or encouraging direct infringement,

see Gershwin Pub. Corp. v. Columbia Artists Management, Inc., 443 F.2d 1159, 1162 (C.A.2

1971), and infringes vicariously by profiting from direct infringement while declining to

exercise a right to stop or limit it, Shapiro, Bernstein & Co. v. H.L. Green Co., 316 F.2d 304,

307 (C.A.2 1963).9 Although “[t]he Copyright Act does not expressly render anyone liable for

8 The mutual exclusivity of these values should not be overstated, however. On the one hand technological

innovators, including those writing file-sharing computer programs, may wish for effective copyright protections

for their work. On the other hand the widespread distribution of creative works through improved technologies

may enable the synthesis of new works or generate audiences for emerging artists. 9 We stated in Sony Corp. of America v. Universal City Studios, Inc., 464 U.S. 417 (1984), that “‘the lines

between direct infringement, contributory infringement and vicarious liability are not clearly drawn’

....[R]easoned analysis of [the Sony plaintiffs’ contributory infringement claim] necessarily entails consideration

of arguments and case law which may also be forwarded under the other labels, and indeed the parties ... rely

upon such arguments and authority in support of their respective positions on the issue of contributory

infringement.” In the present case MGM has argued a vicarious liability theory, which allows imposition of

148.

infringement committed by another,” Sony Corp. v. Universal City Studios, 464 U.S., at

434, these doctrines of secondary liability emerged from common law principles and are

well established in the law.

B

Despite the currency of these principles of secondary liability, this Court has dealt with

secondary copyright infringement in only one recent case, and because MGM has tailored

its principal claim to our opinion there, a look at our earlier holding is in order. In Sony

Corp. v. Universal City Studios, this Court addressed a claim that secondary liability for

infringement can arise from the very distribution of a commercial product. There, the

product, novel at the time, was what we know today as the videocassette recorder or VCR.

Copyright holders sued Sony as the manufacturer, claiming it was contributorily liable for

infringement that occurred when VCR owners taped copyrighted programs because it

supplied the means used to infringe, and it had constructive knowledge that infringement

would occur. At the trial on the merits, the evidence showed that the principal use of the

VCR was for “‘time-shifting,’” or taping a program for later viewing at a more convenient

time, which the Court found to be a fair, not an infringing, use. There was no evidence that

Sony had expressed an object of bringing about taping in violation of copyright or had taken

active steps to increase its profits from unlawful taping. Although Sony’s advertisements

urged consumers to buy the VCR to “‘record favorite shows’” or “‘build a library’” of recorded

programs, neither of these uses was necessarily infringing.

On those facts, with no evidence of stated or indicated intent to promote infringing uses, the

only conceivable basis for imposing liability was on a theory of contributory infringement

arising from its sale of VCRs to consumers with knowledge that some would use them to

infringe. But because the VCR was “capable of commercially significant noninfringing

uses,” we held the manufacturer could not be faulted solely on the basis of its distribution.

This analysis reflected patent law’s traditional staple article of commerce doctrine, now

codified, that distribution of a component of a patented device will not violate the patent if

it is suitable for use in other ways. 35 U.S.C. § 271(c). The doctrine was devised to identify

instances in which it may be presumed from distribution of an article in commerce that the

distributor intended the article to be used to infringe another’s patent, and so may justly be

held liable for that infringement. “One who makes and sells articles which are only adapted

to be used in a patented combination will be presumed to intend the natural consequences

of his acts; he will be presumed to intend that they shall be used in the combination of the

patent.”

In sum, where an article is “good for nothing else” but infringement, there is no legitimate

public interest in its unlicensed availability, and there is no injustice in presuming or

imputing an intent to infringe. Conversely, the doctrine absolves the equivocal conduct of

selling an item with substantial lawful as well as unlawful uses, and limits liability to

instances of more acute fault than the mere understanding that some of one’s products will

be misused. It leaves breathing room for innovation and a vigorous commerce.

liability when the defendant profits directly from the infringement and has a right and ability to supervise the

direct infringer, even if the defendant initially lacks knowledge of the infringement. Because we resolve the case

based on an inducement theory, there is no need to analyze separately MGM’s vicarious liability theory.

149.

The parties and many of the amici in this case think the key to resolving it is the Sony rule

and, in particular, what it means for a product to be “capable of commercially significant

noninfringing uses.” MGM advances the argument that granting summary judgment to

Grokster and StreamCast as to their current activities gave too much weight to the value of

innovative technology, and too little to the copyrights infringed by users of their software,

given that 90% of works available on one of the networks was shown to be copyrighted.

Assuming the remaining 10% to be its noninfringing use, MGM says this should not qualify

as “substantial,” and the Court should quantify Sony to the extent of holding that a product

used “principally” for infringement does not qualify. As mentioned before, Grokster and

StreamCast reply by citing evidence that their software can be used to reproduce public

domain works, and they point to copyright holders who actually encourage copying. Even if

infringement is the principal practice with their software today, they argue, the

noninfringing uses are significant and will grow.

We agree with MGM that the Court of Appeals misapplied Sony, which it read as limiting

secondary liability quite beyond the circumstances to which the case applied. Sony barred

secondary liability based on presuming or imputing intent to cause infringement solely

from the design or distribution of a product capable of substantial lawful use, which the

distributor knows is in fact used for infringement. The Ninth Circuit has read Sony’s

limitation to mean that whenever a product is capable of substantial lawful use, the

producer can never be held contributorily liable for third parties’ infringing use of it; it read

the rule as being this broad, even when an actual purpose to cause infringing use is shown

by evidence independent of design and distribution of the product, unless the distributors

had “specific knowledge of infringement at a time at which they contributed to the

infringement, and failed to act upon that information.” Because the Circuit found the

StreamCast and Grokster software capable of substantial lawful use, it concluded on the

basis of its reading of Sony that neither company could be held liable, since there was no

showing that their software, being without any central server, afforded them knowledge of

specific unlawful uses.

This view of Sony, however, was error, converting the case from one about liability resting

on imputed intent to one about liability on any theory. Because Sony did not displace other

theories of secondary liability, and because we find below that it was error to grant

summary judgment to the companies on MGM’s inducement claim, we do not revisit Sony

further, as MGM requests, to add a more quantified description of the point of balance

between protection and commerce when liability rests solely on distribution with knowledge

that unlawful use will occur. It is enough to note that the Ninth Circuit’s judgment rested

on an erroneous understanding of Sony and to leave further consideration of the Sony rule

for a day when that may be required.

C

Sony’s rule limits imputing culpable intent as a matter of law from the characteristics or

uses of a distributed product. But nothing in Sony requires courts to ignore evidence of

intent if there is such evidence, and the case was never meant to foreclose rules of fault-

150.

based liability derived from the common law.10 Sony Corp. v. Universal City Studios, supra,

at 439 (“If vicarious liability is to be imposed on Sony in this case, it must rest on the fact

that it has sold equipment with constructive knowledge” of the potential for infringement).

Thus, where evidence goes beyond a product’s characteristics or the knowledge that it may

be put to infringing uses, and shows statements or actions directed to promoting

infringement, Sony’s staple-article rule will not preclude liability.

The classic case of direct evidence of unlawful purpose occurs when one induces commission

of infringement by another, or “entic[es] or persuad[es] another” to infringe, as by

advertising. Thus at common law a copyright or patent defendant who “not only expected

but invoked [infringing use] by advertisement” was liable for infringement “on principles

recognized in every part of the law.”

The rule on inducement of infringement as developed in the early cases is no different

today. Evidence of “active steps ... taken to encourage direct infringement,” such as

advertising an infringing use or instructing how to engage in an infringing use, show an

affirmative intent that the product be used to infringe, and a showing that infringement

was encouraged overcomes the law’s reluctance to find liability when a defendant merely

sells a commercial product suitable for some lawful use.

For the same reasons that Sony took the staple-article doctrine of patent law as a model for

its copyright safe-harbor rule, the inducement rule, too, is a sensible one for copyright. We

adopt it here, holding that one who distributes a device with the object of promoting its use

to infringe copyright, as shown by clear expression or other affirmative steps taken to foster

infringement, is liable for the resulting acts of infringement by third parties. We are, of

course, mindful of the need to keep from trenching on regular commerce or discouraging the

development of technologies with lawful and unlawful potential. Accordingly, just as Sony

did not find intentional inducement despite the knowledge of the VCR manufacturer that

its device could be used to infringe, mere knowledge of infringing potential or of actual

infringing uses would not be enough here to subject a distributor to liability. Nor would

ordinary acts incident to product distribution, such as offering customers technical support

or product updates, support liability in themselves. The inducement rule, instead, premises

liability on purposeful, culpable expression and conduct, and thus does nothing to

compromise legitimate commerce or discourage innovation having a lawful promise.

III

A

The only apparent question about treating MGM’s evidence as sufficient to withstand

summary judgment under the theory of inducement goes to the need on MGM’s part to

adduce evidence that StreamCast and Grokster communicated an inducing message to

their software users. The classic instance of inducement is by advertisement or solicitation

that broadcasts a message designed to stimulate others to commit violations. MGM claims

that such a message is shown here. It is undisputed that StreamCast beamed onto the

computer screens of users of Napster-compatible programs ads urging the adoption of its

OpenNap program, which was designed, as its name implied, to invite the custom of

10 Nor does the Patent Act’s exemption from liability for those who distribute a staple article of commerce, 35

U.S.C. § 271(c), extend to those who induce patent infringement, § 271(b).

151.

patrons of Napster, then under attack in the courts for facilitating massive infringement.

Those who accepted StreamCast’s OpenNap program were offered software to perform the

same services, which a factfinder could conclude would readily have been understood in the

Napster market as the ability to download copyrighted music files. Grokster distributed an

electronic newsletter containing links to articles promoting its software’s ability to access

popular copyrighted music. And anyone whose Napster or free file-sharing searches turned

up a link to Grokster would have understood Grokster to be offering the same file-sharing

ability as Napster, and to the same people who probably used Napster for infringing

downloads; that would also have been the understanding of anyone offered Grokster’s

suggestively named Swaptor software, its version of OpenNap. And both companies

communicated a clear message by responding affirmatively to requests for help in locating

and playing copyrighted materials.

In StreamCast’s case, of course, the evidence just described was supplemented by other

unequivocal indications of unlawful purpose in the internal communications and

advertising designs aimed at Napster users (“When the lights went off at Napster ... where

did the users go?”). Whether the messages were communicated is not to the point on this

record. The function of the message in the theory of inducement is to prove by a defendant’s

own statements that his unlawful purpose disqualifies him from claiming protection (and

incidentally to point to actual violators likely to be found among those who hear or read the

message). Proving that a message was sent out, then, is the preeminent but not exclusive

way of showing that active steps were taken with the purpose of bringing about infringing

acts, and of showing that infringing acts took place by using the device distributed. Here,

the summary judgment record is replete with other evidence that Grokster and

StreamCast, unlike the manufacturer and distributor in Sony, acted with a purpose to

cause copyright violations by use of software suitable for illegal use.

Three features of this evidence of intent are particularly notable. First, each company

showed itself to be aiming to satisfy a known source of demand for copyright infringement,

the market comprising former Napster users. StreamCast’s internal documents made

constant reference to Napster, it initially distributed its Morpheus software through an

OpenNap program compatible with Napster, it advertised its OpenNap program to Napster

users, and its Morpheus software functions as Napster did except that it could be used to

distribute more kinds of files, including copyrighted movies and software programs.

Grokster’s name is apparently derived from Napster, it too initially offered an OpenNap

program, its software’s function is likewise comparable to Napster’s, and it attempted to

divert queries for Napster onto its own Web site. Grokster and StreamCast’s efforts to

supply services to former Napster users, deprived of a mechanism to copy and distribute

what were overwhelmingly infringing files, indicate a principal, if not exclusive, intent on

the part of each to bring about infringement.

Second, this evidence of unlawful objective is given added significance by MGM’s showing

that neither company attempted to develop filtering tools or other mechanisms to diminish

the infringing activity using their software. While the Ninth Circuit treated the defendants’

failure to develop such tools as irrelevant because they lacked an independent duty to

152.

monitor their users’ activity, we think this evidence underscores Grokster’s and

StreamCast’s intentional facilitation of their users’ infringement.12

Third, there is a further complement to the direct evidence of unlawful objective. It is useful

to recall that StreamCast and Grokster make money by selling advertising space, by

directing ads to the screens of computers employing their software. As the record shows, the

more the software is used, the more ads are sent out and the greater the advertising

revenue becomes. Since the extent of the software’s use determines the gain to the

distributors, the commercial sense of their enterprise turns on high-volume use, which the

record shows is infringing.13 This evidence alone would not justify an inference of unlawful

intent, but viewed in the context of the entire record its import is clear.

The unlawful objective is unmistakable.

B

In addition to intent to bring about infringement and distribution of a device suitable for

infringing use, the inducement theory of course requires evidence of actual infringement by

recipients of the device, the software in this case. As the account of the facts indicates, there

is evidence of infringement on a gigantic scale, and there is no serious issue of the adequacy

of MGM’s showing on this point in order to survive the companies’ summary judgment

requests. Although an exact calculation of infringing use, as a basis for a claim of damages,

is subject to dispute, there is no question that the summary judgment evidence is at least

adequate to entitle MGM to go forward with claims for damages and equitable relief.

* * *

In sum, this case is significantly different from Sony and reliance on that case to rule in

favor of StreamCast and Grokster was error. Sony dealt with a claim of liability based

solely on distributing a product with alternative lawful and unlawful uses, with knowledge

that some users would follow the unlawful course. The case struck a balance between the

interests of protection and innovation by holding that the product’s capability of substantial

lawful employment should bar the imputation of fault and consequent secondary liability

for the unlawful acts of others.

MGM’s evidence in this case most obviously addresses a different basis of liability for

distributing a product open to alternative uses. Here, evidence of the distributors’ words

12 Of course, in the absence of other evidence of intent, a court would be unable to find contributory

infringement liability merely based on a failure to take affirmative steps to prevent infringement, if the device

otherwise was capable of substantial noninfringing uses. Such a holding would tread too close to the Sony safe

harbor. 13 Grokster and StreamCast contend that any theory of liability based on their conduct is not properly before

this Court because the rulings in the trial and appellate courts dealt only with the present versions of their

software, not “past acts ... that allegedly encouraged infringement or assisted ... known acts of infringement.”

This contention misapprehends the basis for their potential liability. It is not only that encouraging a particular

consumer to infringe a copyright can give rise to secondary liability for the infringement that results.

Inducement liability goes beyond that, and the distribution of a product can itself give rise to liability where

evidence shows that the distributor intended and encouraged the product to be used to infringe. In such a case,

the culpable act is not merely the encouragement of infringement but also the distribution of the tool intended

for infringing use.

153.

and deeds going beyond distribution as such shows a purpose to cause and profit from

third-party acts of copyright infringement. If liability for inducing infringement is

ultimately found, it will not be on the basis of presuming or imputing fault, but from

inferring a patently illegal objective from statements and actions showing what that

objective was.

There is substantial evidence in MGM’s favor on all elements of inducement, and summary

judgment in favor of Grokster and StreamCast was error. On remand, reconsideration of

MGM’s motion for summary judgment will be in order….

[Justices Ginsburg and Breyer concurrences omitted].

NOTES AND QUESTIONS

Who were the direct infringers in this case? Why didn’t the plaintiffs sue them?

Could Grokster and StreamCast be liable for inducing copyright infringement—even if no

user ever engaged in any infringing conduct?

“Curing” Inducement. Assume that Grokster deliberately induced users to engage in

copyright infringement from day 1. However, before any copyright owners sued, assume it

voluntarily decided to mend its ways and stop inducing. How would it do so? Can a

company “cure” historical inducement? Or would Grokster need to wait out the statute of

limitations?

The IsoHunt case, discussed below, discussed the possibility of curing inducement in dicta:

an individual or entity’s unlawful objective at time B is not a virus that

infects all future actions. People, companies, and technologies must be

allowed to rehabilitate, so to speak, through actions actively discouraging the

infringing use of their product, lest the public be deprived of the useful good

or service they are still capable of producing.

What would constitute sufficient “actions actively discouraging the infringing use”?

Is it possible that tools with long-term social value might initially look threatening to

copyright owners? For decades, copyright owners have challenged virtually every major

technological development that enables third parties to do something new with their

copyrighted work. See Mark A. Lemley, Is the Sky Falling on the Content Industries?, 9 J.

TELECOMM. & HIGH TECH. L. 125 (2011). Could Grokster and StreamCast have evolved into

a legitimate and important social resource if the Supreme Court hadn’t effectively shut

them down?

Is Inducement Part of or Separate From Contributory Infringement? Does the Grokster

opinion create a new type of secondary liability called “inducement,” or is inducement just a

subset of the contributory infringement doctrine? Most courts have held the latter, but see

David v. CBS Interactive Inc., 2012 WL 12884914 (C.D. Cal. 2012) (rejecting the

defendant’s liability for contributory or vicarious infringement, but holding that the

defendant nevertheless could have committed inducement).

154.

The IsoHunt Case. Due to Justice Souter’s surgical definition of inducement, few

defendants lose their cases solely on inducement grounds. A notable exception is Columbia

Pictures Industries v. Fung, 710 F.3d 1020 (9th Cir. 2013). Fung ran three torrent sites,

which help users find desired files via the BitTorrent peer-to-peer protocol. The court

explains how Fung promoted use of his torrent sites to infringe copyright:

As for the necessary “clear expression or other affirmative steps” evidence

indicative of unlawful intent, the most important is Fung’s active

encouragement of the uploading of torrent files concerning copyrighted

content. For a time, for example, isoHunt prominently featured a list of “Box

Office Movies,” containing the 20 highest-grossing movies then playing in

U.S. theaters. When a user clicked on a listed title, she would be invited to

“upload [a] torrent” file for that movie. In other words, she would be asked to

upload a file that, once downloaded by other users, would lead directly to

their obtaining infringing content. Fung also posted numerous messages to

the isoHunt forum requesting that users upload torrents for specific

copyrighted films; in other posts, he provided links to torrent files for

copyrighted movies, urging users to download them.

In a footnote, the court clarified that inducement would not be shown by organizing files

into browseable categories or allowing keyword searching of the content in the site’s

database.

In addition:

The record is replete with instances of Fung responding personally to queries

for assistance in: uploading torrent files corresponding to obviously

copyrighted material, finding particular copyrighted movies and television

shows, getting pirated material to play properly, and burning the infringing

content onto DVDs for playback on televisions.

The court, echoing Grokster, also noted that Fung didn’t take any steps to filter his

database for copyright infringing material and generated revenues from advertising.

The Fung ruling indicates that a service provider could still qualify for a Section 512 safe

harbor even if it has induced inducement. In practice, it seems unlikely any defendant will

simultaneously induce infringement and qualify for the Section 512(c) defense. At

minimum, Fung lost eligibility for 512(c) because he had “red flags” of infringement,

discussed in UMG below.

Denouement to the Grokster Case. On remand, Grokster lost in court, and it subsequently

shut down operations. Its website displayed the following announcement/warning (the IP

address is redacted; screen shot taken August 3, 2011):

155.

156.

Section 512(c) Cheat Sheet

Introduction: In 1998, Congress enacted Section 512 to provide some certainty to hosts of

user-supplied content about their exposure to copyright infringement. Section 512(c) sets up

a “notice-and-takedown” system. Congress contemplated that web hosts of third party

content would not be automatically liable for copyright infringement due to their users’

content. Instead, copyright owners would have the responsibility to identify infringing

items. Copyright owners could then notify web hosts of the alleged infringements. After

getting those notices, web hosts would face liability only if they didn’t promptly remove the

allegedly infringing items; but if the web hosts did act quickly, they would avoid liability.

Prerequisites for a Successful Section 512(c) Defense

This “notice-and-takedown” concept sounds straightforward enough, but something got lost

in translating it to statutory language. To establish a Section 512(c) defense, a web host

must satisfy ALL of the following dozen (or more) elements. If the defense fails on any one

of these elements, the Section 512(c) defense is not available, and the web host must find

some other grounds to defend its actions or face potentially business-ending financial

liability. Copyright owners have vigorously contested most of these defense elements in

court, and resulting jurisprudence has undermined the basic “notice-and-takedown” scheme

and raised defense costs substantially.

To successfully assert a 512(c) prima facie defense, the defendant must show that it:

 Qualifies as a “service provider”

 Stores the material at a user’s direction

 Adopts a policy to terminate repeat infringers

 Reasonably implements that policy

 Communicates that policy to users

 Accommodates “standard technical measures”

 Designates an agent at the Copyright Office to receive §512(c)(3) notices

 Posts its agent’s contact info on its website

 Does not have (i) actual knowledge of infringement or (ii) an awareness of

facts/circumstances that make infringement apparent (no “red flags”)

 Does not have the right/ability to control infringement

 Does not have a direct financial interest in the infringement

 Expeditiously responded to the plaintiff’s §512(c)(3) notices (see below)

 [Does not engage in inducement]

 [Is not willfully blind to infringing conduct]

Note: I put the last two elements in brackets because the burden of proof on those two

points might be on the plaintiff, not the defendant.

It is not uncommon for a Section 512(c) opinion to run dozens of pages in length, as the

court addresses seriatim the copyright owner’s challenges to multiple defense elements.

157.

Elements of a 512(c)(3) Takedown Notice

Section 512 specifies that copyright owners properly notify services of allegedly infringing

items if their notice has the following six components.

 It identifies the infringed works (or a representative sample of them)

 It identifies the allegedly infringing copies precisely enough that the provider can

find the files

 It contains a statement that the sender has a good faith belief that the users’

activities are unauthorized

 It contains a statement that the complaint is accurate and, under penalty of perjury,

the person sending the notice is authorized to act on copyright owner’s behalf

 It contains a signature of person authorized to act

 It provides the sender’s contact information

In theory, Section 512(c) suggests that a web host can ignore any other copyright owner

communication about user-caused copyright infringement that fails to meet the Section

512(c)(3) elements. In practice, courts have exposed web hosts to liability in circumstances

where the copyright owner never sent a proper Section 512(c)(3) notice.

158.

In 1998, Congress enacted the Digital Millennium Copyright Act to update copyright law

for the 21st century. The DMCA included safe harbors for online intermediaries, including §

512(c) for web hosts of user-generated content (the “notice-and-takedown” provision).

Section 512(c) plays a crucial role in the user-generated content community, but it did not

anticipate the key online copyright issues for the 2000s. For example, neither of the

Supreme Court’s two online copyright cases since its passage (Grokster and Aereo)

addressed Section 512.

The next case illustrates the kind of punishing, expensive, no-settlement litigation that

copyright owners have brought with the goal of undermining Section 512(c)’s notice-and-

takedown scheme. After you read the case, ask yourself: who won this case?

UMG Recordings, Inc. v. Shelter Capital Partners LLC, 718 F.3d 1006 (9th Cir.

2013)*

…BACKGROUND

Veoh allows people to share video content over the Internet. Users can view videos

uploaded by other users as well as authorized “partner content” made available by major

copyright holders such as SonyBMG, ABC and ESPN. There are two ways to use Veoh’s

service: through a standalone software client application launched in late 2005, or through

the veoh.com website launched in early 2006 that users access via a standard web browser.

Both services are provided free of charge. Veoh generates revenue from advertising

displayed along with the videos. “As of April 2009, Veoh had well over a million videos

available for viewing, and users had uploaded more than four million videos to Veoh.”…

When a video is uploaded, various automated processes take place. Veoh’s software

automatically breaks down the video file into smaller 256-kilobyte “chunks,” which

facilitate making the video accessible to others. Veoh’s software also automatically

converts, or “transcodes,” the video file into Flash 7 format. This is done because “the vast

majority of internet users have software that can play videos” in this format. Veoh presets

the requisite settings for the Flash conversion. If the user is a “Pro” user, Veoh’s software

also converts the uploaded video into Flash 8 and MPEG-4 formats, which are playable on

some portable devices. Accordingly, when a Pro user uploads a video, Veoh automatically

creates and retains four copies: the chunked file, the Flash 7 file, the Flash 8 file and the

MPEG-4 file. None of these automated conversions affects the content of the video.

Veoh’s computers also automatically extract metadata from information users provide to

help others locate the video for viewing. Users can provide a title, as well as tags or

keywords that describe the video, and can also select pre-set categories describing the

video, such as “music,” “faith” or “politics.” The Veoh system then automatically assigns

every uploaded video a “permalink,” or web address, that uniquely identifies the video and

* [Editor’s note: the book includes the 2013 opinion, which superseded an earlier opinion the Ninth Circuit

issued in Dec. 2011. The Notes and Questions following the case will discuss how the opinion changed from 2011

to 2013.]

159.

makes it available to users. Veoh employees do not review the user-submitted video, title or

tags before the video is made available.2

Veoh’s system allows users to access shared videos in two ways. First, the video may be

“streamed” from a server, whereby the user’s web browser begins displaying the video

almost immediately, before the entire file has been transmitted to the user’s computer.

Depending on whether the user stops his web browser from streaming the full video, a

partial or full copy of the video is stored temporarily on the user's computer. Second, the

user can download a copy of the video through Veoh’s website or client software application.

Veoh transfers a “chunked” copy of the file to the user's computer, and the software

reassembles the chunks into a viewable copy. The downloaded file is stored on the user’s

computer in a Veoh directory, which gives Veoh the ability to terminate access to the files.

Veoh employs various technologies to automatically prevent copyright infringement on its

system. In 2006, Veoh adopted “hash filtering” software. Whenever Veoh disables access to

an infringing video, the hash filter also automatically disables access to any identical videos

and blocks any subsequently submitted duplicates. Veoh also began developing an

additional filtering method of its own, but in 2007 opted instead to adopt a third-party

filtering solution produced by a company called Audible Magic. Audible Magic's technology

takes audio “fingerprints” from video files and compares them to a database of copyrighted

content provided by copyright holders. If a user attempts to upload a video that matches a

fingerprint from Audible Magic’s database of forbidden material, the video never becomes

available for viewing. Approximately nine months after beginning to apply the Audible

Magic filter to all newly uploaded videos, Veoh applied the filter to its backlog of previously

uploaded videos. This resulted in the removal of more than 60,000 videos, including some

incorporating UMG’s works. Veoh has also implemented a policy for terminating users who

repeatedly upload infringing material, and has terminated thousands of user accounts.

Despite Veoh’s efforts to prevent copyright infringement on its system, both Veoh and UMG

agree that some of Veoh’s users were able to download unauthorized videos containing

songs for which UMG owns the copyright. The parties also agree that before UMG filed its

complaint, the only notices Veoh received regarding alleged infringements of UMG’s works

were sent by the Recording Industry Association of America (RIAA). The RIAA notices

listed specific videos that were allegedly infringing, and included links to those videos. The

notices did not assert rights to all works by the identified artists, and did not mention

UMG. UMG does not dispute that Veoh removed the material located at the links identified

in the RIAA notices….

DISCUSSION…

II.

“Difficult and controversial questions of copyright liability in the online world prompted

Congress to enact Title II of the DMCA, the Online Copyright Infringement Liability

Limitation Act (OCILLA).” Congress recognized that “[i]n the ordinary course of their

operations service providers must engage in all kinds of acts that expose them to potential

2 Veoh employees do monitor already accessible videos for pornography, which is removed, using a “porn tool” to

review thumbnail images of uploaded videos tagged as “sexy.”

160.

copyright infringement liability.” Although Congress was aware that the services provided

by companies like Veoh are capable of being misused to facilitate copyright infringement, it

was loath to permit the specter of liability to chill innovation that could also serve

substantial socially beneficial functions. Congress decided that “by limiting [service

providers'] liability,” it would “ensure[] that the efficiency of the Internet will continue to

improve and that the variety and quality of services on the Internet will continue to

expand.” To that end, OCILLA created four safe harbors that preclude imposing monetary

liability on service providers for copyright infringement that occurs as a result of specified

activities. The district court concluded that Veoh qualified for one such safe harbor, under

17 U.S.C. § 512(c). UMG challenges that determination and the consequent entry of

summary judgment in Veoh’s favor….

A.

We must first decide whether the functions automatically performed by Veoh’s software

when a user uploads a video fall within the meaning of “by reason of the storage at the

direction of a user.” Although UMG concedes that “[s]torage on computers involves making

a copy of the underlying data,” it argues that “nothing in the ordinary definition of ‘storage’

encompasses” the automatic processes undertaken to facilitate public access to user-

uploaded videos. Facilitation of access, UMG argues, goes beyond “storage.” Therefore the

creation of chunked and Flash files and the streaming and downloading of videos fall

outside § 512(c). UMG also contends that these automatic processes are not undertaken “at

the direction of the user.”

The district court concluded that UMG’s reading of § 512(c) was too narrow, wrongly

requiring “that the infringing conduct be storage,” rather than be “‘by reason of the

storage,’” as its terms provide. We agree that the phrase “by reason of the storage at the

direction of the user” is broader causal language than UMG contends, “clearly meant to

cover more than mere electronic storage lockers.” We hold that the language and structure

of the statute, as well as the legislative intent that motivated its enactment, clarify that §

512(c) encompasses the access-facilitating processes that automatically occur when a user

uploads a video to Veoh….

B.

Under § 512(c)(1)(A), a service provider can receive safe harbor protection only if it “(i) does

not have actual knowledge that the material or an activity using the material on the system

or network is infringing;” “(ii) in the absence of such actual knowledge, is not aware of facts

or circumstances from which infringing activity is apparent; or” “(iii) upon obtaining such

knowledge or awareness, acts expeditiously to remove, or disable access to, the material.”

UMG has never disputed that when Veoh became aware of allegedly infringing material as

a result of the RIAA’s DMCA notices, it removed the files. Rather, it argues that Veoh had

knowledge or awareness of other infringing videos that it did not remove. The district court

found that UMG failed to rebut Veoh’s showing “that when it did acquire knowledge of

allegedly infringing material—whether from DMCA notices, informal notices, or other

means—it expeditiously removed such material.” UMG argues on appeal that the district

court erred by improperly construing the knowledge requirement to unduly restrict the

circumstances in which a service provider has “actual knowledge” under subsection (i) and

setting too stringent a standard for what we have termed “red flag” awareness based on

161.

facts or circumstances from which infringing activity is apparent under subsection (ii). We

hold that the district court properly construed these requirements.

1.

It is undisputed that, until the filing of this lawsuit, UMG “had not identified to Veoh any

specific infringing video available on Veoh’s system.” UMG’s decision to forgo the DMCA

notice protocol “stripped it of the most powerful evidence of a service provider's

knowledge—actual notice of infringement from the copyright holder.” Nevertheless, UMG

contends that Veoh hosted a category of copyrightable content—music—for which it had no

license from any major music company. UMG argues Veoh thus must have known this

content was unauthorized, given its general knowledge that its services could be used to

post infringing material. UMG urges us to hold that this sufficiently demonstrates

knowledge of infringement. We cannot, for several reasons.

As an initial matter, contrary to UMG’s contentions, there are many music videos that

could in fact legally appear on Veoh. “Among the types of videos subject to copyright

protection but lawfully available on Veoh’s system were videos with music created by users

and videos that Veoh provided pursuant to arrangements it reached with major copyright

holders, such as SonyBMG.” Further, Congress’ express intention that the DMCA “facilitate

making available quickly and conveniently via the Internet ... movies, music, software, and

literary works”—precisely the service Veoh provides—makes us skeptical that UMG’s

narrow interpretation of § 512(c) is plausible. Finally, if merely hosting material that falls

within a category of content capable of copyright protection, with the general knowledge

that one's services could be used to share unauthorized copies of copyrighted material, was

sufficient to impute knowledge to service providers, the § 512(c) safe harbor would be

rendered a dead letter: § 512(c) applies only to claims of copyright infringement, yet the fact

that a service provider’s website could contain copyrightable material would remove the

service provider from § 512(c) eligibility.

Cases analyzing knowledge in the secondary copyright infringement context also counsel

against UMG’s should-have-known approach. In Sony Corp. of America v. Universal City

Studios, Inc., 464 U.S. 417 (1984), the Supreme Court held that there was “no precedent in

the law of copyright for the imposition of” liability based on the theory that the defendant

had “sold equipment with constructive knowledge of the fact that their customers may use

that equipment to make unauthorized copies of copyrighted material.” So long as the

product was “capable of substantial noninfringing uses,” the Court refused to impute

knowledge of infringement. Applying Sony to the Internet context, we held in A & M

Records, Inc. v. Napster, Inc., 239 F.3d 1004 (9th Cir. 2001), that “if a computer system

operator learns of specific infringing material available on his system and fails to purge

such material from the system, the operator knows of and contributes to direct

infringement.” But “absent any specific information which identifies infringing activity, a

computer system operator cannot be liable for contributory infringement merely because

the structure of the system allows for the exchange of copyrighted material.”

Requiring specific knowledge of particular infringing activity makes good sense in the

context of the DMCA, which Congress enacted to foster cooperation among copyright

holders and service providers in dealing with infringement on the Internet. See S. Rep. No.

105–190, at 20 (noting OCILLA was intended to provide “strong incentives for service

162.

providers and copyright owners to cooperate to detect and deal with copyright

infringements”). Copyright holders know precisely what materials they own, and are thus

better able to efficiently identify infringing copies than service providers like Veoh, who

cannot readily ascertain what material is copyrighted and what is not. See S. Rep. No. 105–

190, at 48; (“[A] [service] provider could not be expected, during the course of its brief

cataloguing visit, to determine whether [a] photograph was still protected by copyright or

was in the public domain; if the photograph was still protected by copyright, whether the

use was licensed; and if the use was not licensed, whether it was permitted under the fair

use doctrine.”).

These considerations are reflected in Congress’ decision to enact a notice and takedown

protocol encouraging copyright holders to identify specific infringing material to service

providers. They are also evidenced in the “exclusionary rule” that prohibits consideration of

substantially deficient § 512(c)(3)(A) notices for purposes of “determining whether a service

provider has actual knowledge or is aware of facts and circumstances from which infringing

activity is apparent.” Congress’ intention is further reflected in the DMCA’s direct

statement that “[n]othing in this section shall be construed to condition the applicability of

subsections (a) through (d) on ... a service provider monitoring its service or affirmatively

seeking facts indicating infringing activity.” 17 U.S.C. § 512(m). Congress made a

considered policy determination that the “DMCA notification procedures [would] place the

burden of policing copyright infringement—identifying the potentially infringing material

and adequately documenting infringement—squarely on the owners of the copyright.” In

parsing § 512(c)(3), we have “decline[d] to shift [that] substantial burden from the copyright

owner to the provider.”

UMG asks us to change course with regard to § 512(c)(1)(A) by adopting a broad conception

of the knowledge requirement. We see no principled basis for doing so. We therefore hold

that merely hosting a category of copyrightable content, such as music videos, with the

general knowledge that one’s services could be used to share infringing material, is

insufficient to meet the actual knowledge requirement under § 512(c)(1)(A)(i).

We reach the same conclusion with regard to the § 512(c)(1)(A)(ii) inquiry into whether a

service provider is “aware of facts or circumstances from which infringing activity is

apparent.” The district court's conception of this “red flag test” properly followed our

analysis in CCBill, which reiterated that the burden remains with the copyright holder

rather than the service provider. The plaintiffs in CCBill argued that there were a number

of red flags that made it apparent infringing activity was afoot, noting that the defendant

hosted sites with names such as “illegal.net” and “stolencelebritypics.com,” as well as

password hacking websites, which obviously infringe. We disagreed that these were

sufficient red flags because “[w]e do not place the burden of determining whether

[materials] are actually illegal on a service provider,” and “[w]e impose no such

investigative duties on service providers.” For the same reasons, we hold that Veoh’s

general knowledge that it hosted copyrightable material and that its services could be used

for infringement is insufficient to constitute a red flag.

Of course, a service provider cannot willfully bury its head in the sand to avoid obtaining

such specific knowledge. See Viacom Int’l v. YouTube, Inc., 676 F.3d 19, 31 (2d Cir. 2012).

Even viewing the evidence in the light most favorable to UMG as we must here, however,

we agree with the district court there is no evidence that Veoh acted in such a manner.

163.

Rather, the evidence demonstrates that Veoh promptly removed infringing material when

it became aware of specific instances of infringement. Although the parties agree, in

retrospect, that at times there was infringing material available on Veoh’s services, the

DMCA recognizes that service providers who do not locate and remove infringing materials

they do not specifically know of should not suffer the loss of safe harbor protection.

2.

We are not persuaded that UMG’s other purported evidence of Veoh’s actual or apparent

knowledge of infringement warrants trial. First, UMG points to the tagging of videos on

Veoh’s service as “music videos.” Relying on the theory rejected above, UMG contends that

this demonstrates Veoh’s knowledge that it hosted a category of infringing content.

Relatedly, UMG argues that Veoh’s purchase of certain search terms through the Google

AdWords program demonstrates knowledge of infringing activity because some of the terms

purchased, such as “50 Cent,” “Avril Lavigne” and “Britney Spears,” are the names of UMG

artists. However, artists are not always in exclusive relationships with recording

companies, so just because UMG owns the copyrights for some Britney Spears songs does

not mean it owns the copyright for all Britney Spears songs. Indeed, 50 Cent, Avril Lavigne

and Britney Spears are also affiliated with SonyBMG, which gave Veoh permission to

stream its videos by these artists. Furthermore, even if Veoh had not had such permission,

we recognize that companies sometimes purchase search terms they believe will lead

potential customers to their websites even if the terms do not describe goods or services the

company actually provides. For example, a sunglass company might buy the search terms

“sunscreen” or “vacation” because it believed that people interested in such searches would

often also be interested in sunglasses. Accordingly, Veoh’s search term purchases are

insufficient to demonstrate that it knew it hosted infringing material.

UMG also argues that Veoh’s removal of unauthorized content identified in RIAA notices

demonstrates knowledge, even if Veoh complied with § 512(c)’s notice and takedown

procedures. According to UMG, Veoh should have taken the initiative to use search and

indexing tools to locate and remove from its website any other content by the artists

identified in the notices. Relatedly, UMG argues that some of the videos on Veoh that had

been pulled from MTV or other broadcast television stations bore information about the

artist, song title and record label. UMG contends that Veoh should have used this

information to find and remove unauthorized videos. As we have explained, however, to so

require would conflict with § 512(m), § 512(c)(1)(C) and CCBill’s refusal to “impose ...

investigative duties on service providers.” It could also result in removal of noninfringing

content.

UMG also points to news articles discussing the availability of copyrighted materials on

Veoh. One article reported that “several major media companies ... say that Veoh.com has

been among the least aggressive video sharing sites in fighting copyrighted content,” and

has thus “become a haven for pirated content.” Another article reported that,

Veoh Networks CEO Dmitry Shapiro acknowledges that only a week after

the company’s official debut, Veoh.com is host to a wide range of

unauthorized and full-length copies of popular programs. But Shapiro says

it's not his upstart company’s fault: ... “We have a policy that specifically

states that when we see copyright material posted, we take it down,” Shapiro

164.

said. “This problem is the democratization of publishing. Anyone can now

post a video to the Internet. Sometimes the material belongs to someone else.

We take this very seriously.”

UMG elicited deposition testimony from Shapiro that he had heard of these articles, and

was aware that, “from time to time,” “material belonging to someone else end[ed] up on”

Veoh. UMG argues that this evidence of knowledge that, as a general matter, unauthorized

materials had been previously posted on Veoh is sufficient to meet the § 512(c)(1)(A)

requirements.

At base, this argument relies on UMG’s primary theory, which we rejected above. Here, as

well, more specific information than UMG has adduced is required. The DMCA’s detailed

notice and takedown procedure assumes that, “from time to time,” “material belonging to

someone else ends up” on service providers’ websites, and establishes a process for ensuring

the prompt removal of such unauthorized material. If Veoh’s CEO's acknowledgment of this

general problem and awareness of news reports discussing it was enough to remove a

service provider from DMCA safe harbor eligibility, the notice and takedown procedures

would make little sense and the safe harbors would be effectively nullified. We cannot

conclude that Congress intended such a result, and we therefore hold that this evidence is

insufficient to warrant a trial.

UMG comes closer to meeting the § 512(c)(1)(A) requirements with its evidence of emails

sent to Veoh executives and investors by copyright holders and users identifying infringing

content. One email, sent by the CEO of Disney, a major copyright holder, to Michael Eisner,

a Veoh investor, stated that the movie Cinderella III and various episodes from the

television show Lost were available on Veoh without Disney’s authorization. If this

notification had come from a third party, such as a Veoh user, rather than from a copyright

holder, it might meet the red flag test because it specified particular infringing material. As

a copyright holder, however, Disney is subject to the notification requirements in §

512(c)(3), which this informal email failed to meet. Accordingly, this deficient notice “shall

not be considered under paragraph (1)(A) in determining whether a service provider has

actual knowledge or is aware of facts or circumstances from which infringing activity is

apparent.” Further, even if this email could have created actual knowledge or qualified as a

red flag, Eisner's email in response assured Disney that he would instruct Veoh to “take it

down,” and Eisner copied Veoh’s founder to ensure this happened “right away.” UMG

nowhere alleges that the offending material was not immediately removed, and accordingly

Veoh would be saved by § 512(c)(1)(A)(iii), which preserves the safe harbor for service

providers with such knowledge so long as they “act[] expeditiously to remove, or disable

access to, the material.”

UMG also points to an email from a Veoh user whose video was rejected for containing

infringing content. Upset that Veoh would not post his unauthorized material, he stated

that he had seen “plenty of [other] copyright infringement material” on the site, and

identified another user who he said posted infringing content. It is possible that this email

would be sufficient to constitute a red flag under § 512(c)(1)(A)(ii), even though it would not

qualify as sufficient notice from a copyright holder under § 512(c)(3). But even assuming

that is so, UMG has not specifically alleged that Veoh failed to expeditiously remove the

infringing content identified by the user’s email. Accordingly, this too fails to create a

genuine issue of material fact regarding Veoh’s knowledge of infringement.

165.

We do not credit UMG’s contention that the district court conflated the actual knowledge

and red flag awareness tests. A user email informing Veoh of material that appeared to the

user to be infringing and specifying its location provides a good example of the distinction.

Although the user's allegations would not give Veoh actual knowledge under §

512(c)(1)(A)(i), because Veoh would have no assurance that a third party who does not hold

the copyright in question would know whether the material was infringing, the email

nonetheless could act as a red flag under § 512(c)(1)(A)(ii) provided its information was

sufficiently specific. As the Second Circuit recognized:

The difference between actual and red flag knowledge is ... between a

subjective and an objective standard. In other words, the actual knowledge

provision turns on whether the provider actually or “subjectively” knew of

specific infringement, while the red flag provision turns on whether the

provider was subjectively aware of facts that would have made the specific

infringement “objectively” obvious to a reasonable person. The red flag

provision, because it incorporates an objective standard, is not swallowed up

by the actual knowledge provision under our construction of the § 512(c) safe

harbor. Both provisions do independent work, and both apply only to specific

instances of infringement.

Viacom Int’l v. YouTube, Inc., 676 F.3d 19, 31 (2d Cir. 2012); cf. S. Rep. No. 105-190, at 44

(“The ‘red flag’ test has both a subjective and an objective element. In determining whether

the service provider was aware of a ‘red flag,’ the subjective awareness of the service

provider of the facts or circumstances in question must be determined. However, in

deciding whether those facts or circumstances constitute a ‘red flag’—in other words,

whether infringing activity would have been apparent to a reasonable person operating

under the same or similar circumstances—an objective standard should be used.”). In sum,

we agree that there is a distinction between actual and red flag knowledge, but UMG has

not created a genuine issue of material fact as to whether Veoh had either kind of

knowledge here.

C.

A service provider is eligible for the § 512(c) safe harbor only if it “does not receive a

financial benefit directly attributable to the infringing activity, in a case in which the

service provider has the right and ability to control such activity.” UMG appeals the district

court's determination that Veoh did not have the necessary right and ability to control

infringing activity and thus remained eligible for safe harbor protection. We conclude the

district court was correct, and therefore affirm….

UMG argues that we should interpret § 512(c) as we did a similar concept in the common

law vicarious liability context in Napster, 239 F.3d at 1024. The Second Circuit recently

rejected this reading, see Viacom, 676 F.3d at 36–38, and we too are unpersuaded for

several reasons. First, § 512(c) nowhere mentions the term “vicarious liability.” Although it

uses a set of words that has sometimes been used to describe common law vicarious

liability, the language used in the common law standard is loose and has varied. For

example, Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913, 930 n. 9

(2005), refers to “supervis[ing] the direct infringer” rather than “control[ing] such

166.

[infringing] activity,” § 512(c)(1)(B), and “supervise” and “control” are different in

potentially significant ways. “Control,” which we have noted means having the “power or

authority to guide or manage: directing or restraining domination,” connotes more ability to

command than does “supervise,” which means “to look over, inspect, oversee.” Webster's

Third New International Dictionary 496, 2296.

Second, § 512(c) actually presumes that service providers have the sort of control that UMG

argues satisfies the § 512(c)(1)(B) “right and ability to control” requirement to be eligible for

several of the safe harbors: they must “remove[] or disable access to” infringing material

when they become aware of it. Quoting Napster, 239 F.3d at 1024, UMG argues that service

providers have “the right and ability to control” infringing activity, § 512(c)(1)(B), as long as

they have “the ability to locate infringing material” and “terminate users' access.” Under

that reading, service providers would have the “right and ability to control” infringing

activity regardless of their becoming “aware of” the material. Under that interpretation, the

prerequisite to § 512(c) protection under § 512(c)(1)(A)(iii) and (C), would at the same time

be a disqualifier under § 512(c)(1)(B) where the “financial benefit” condition is met.

We agree with Judge Matz that “Congress could not have intended for courts to hold that a

service provider loses immunity under the safe harbor provision of the DMCA because it

engages in acts that are specifically required by the DMCA” to obtain safe harbor

protection. Moreover, Napster was decided after the DMCA was enacted, so Congress could

not have intended to codify Napster’s precise application upon which UMG relies….

Subsequent legislative statements help clarify Congress’ intent. First, Congress explicitly

stated in three different reports that the DMCA was intended to “protect qualifying service

providers from liability for all monetary relief for direct, vicarious and contributory

infringement.” Under UMG’s interpretation, however, every service provider subject to

vicarious liability would be automatically excluded from safe harbor protection. Second,

Congress made clear that it intended to provide safe harbor protection not by altering the

common law vicarious liability standards, but rather by carving out permanent safe

harbors to that liability for Internet service providers even while the common law

standards continue to evolve. See S. Rep. No. 105-190, at 19 (“There have been several

cases relevant to service provider liability for copyright infringement. Most have

approached the issue from the standpoint of contributory and vicarious liability. Rather

than embarking upon a wholesale clarification of these doctrines, the Committee decided to

leave current law in its evolving state and, instead, to create a series of ‘safe harbors,’ for

certain common activities of service providers. A service provider which qualifies for a safe

harbor, receives the benefit of limited liability.”)

Given Congress’ explicit intention to protect qualifying service providers who would

otherwise be subject to vicarious liability, it would be puzzling for Congress to make §

512(c) entirely coextensive with the vicarious liability requirements, which would

effectively exclude all vicarious liability claims from the § 512(c) safe harbor. In addition, it

is difficult to envision, from a policy perspective, why Congress would have chosen to

exclude vicarious infringement from the safe harbors, but retain protection for contributory

infringement. It is not apparent why the former might be seen as somehow worse than the

latter.

167.

Furthermore, if Congress had intended that the § 512(c)(1)(B) “right and ability to control”

requirement be coextensive with vicarious liability law, the statute could have

accomplished that result in a more direct manner.

It is conceivable that Congress [would have] intended that [service providers]

which receive a financial benefit directly attributable to the infringing

activity would not, under any circumstances, be able to qualify for the

subsection (c) safe harbor. But if that was indeed their intention, it would

have been far simpler and much more straightforward to simply say as much.

The Court does not accept that Congress would express its desire to do so by

creating a confusing, self-contradictory catch-22 situation that pits

512(c)(1)(B) and 512(c)(1)(C) directly at odds with one another, particularly

when there is a much simpler explanation: the DMCA requires more than the

mere ability to delete and block access to infringing material after that

material has been posted in order for the [service provider] to be said to have

“the right and ability to control such activity.”

[Quoting the district court judge in this case.] Indeed, in the anti-circumvention provision

in Title I of the DMCA, which was enacted at the same time as the § 512 safe harbors,

Congress explicitly stated, “Nothing in this section shall enlarge or diminish vicarious or

contributory liability for copyright infringement in connection with any technology, product,

service, device, component, or part thereof.” “If Congress had intended to exclude vicarious

liability from the DMCA [Title II] safe harbors, it would have done so expressly as it did in

Title I of the DMCA.”

Our reading of § 512(c)(1)(B) is further informed and reinforced by our concern that the

statute would be internally inconsistent in other respects were we to interpret the “right

and ability to control” language as UMG urges. First, § 512(m) cuts against holding that

Veoh’s general knowledge that infringing material could be uploaded to its site triggered an

obligation to “police” its services to the “fullest extent” possible. As we have explained, §

512(m) provides that § 512(c)’s safe harbor protection may not be conditioned on “a service

provider monitoring its service or affirmatively seeking facts indicating infringing activity.”

UMG's reading of the “right and ability to control” language would similarly run afoul of

CCBill, which likewise clarified that § 512(c) “impose[s] no such investigative duties on

service providers,” and “place[s] the burden of policing copyright infringement ... squarely

on the owners of the copyright.” CCBill did not suggest that Congress meant this limitation

on the duty to monitor to apply only to service providers who do not receive a direct

financial benefit under subsection (B).

In light of the DMCA’s language, structure, purpose and legislative history, we are

compelled to reject UMG’s argument that the district court should have employed Napster’s

vicarious liability standard to evaluate whether Veoh had sufficient “right and ability to

control” infringing activity under § 512(c). Although in some cases service providers subject

to vicarious liability will be excluded from the § 512(c) safe harbor, in others they will not.

As we are unpersuaded by UMG's argument, we conclude instead that whereas the

vicarious liability standard applied in Napster can be met by merely having the general

ability to locate infringing material and terminate users’ access, § 512(c) requires

“something more.”

168.

The Second Circuit recently considered what constitutes “something more.” See Viacom,

676 F.3d at 38. First, the court observed:

To date, only one court has found that a service provider had the right and

ability to control infringing activity under § 512(c)(1)(B). In Perfect 10, Inc. v.

Cybernet Ventures, Inc., the court found control where the service provider

instituted a monitoring program by which user websites received ‘detailed

instructions regard[ing] issues of layout, appearance, and content.’ The

service provider also forbade certain types of content and refused access to

users who failed to comply with its instructions.

The Second Circuit also suggested that “inducement of copyright infringement under

Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., which ‘premises liability on

purposeful, culpable expression and conduct,’ might also rise to the level of control under §

512(c)(1)(B).” Finally, the court noted that “[o]ther courts have suggested that control may

exist where the service provider is ‘actively involved in the listing, bidding, sale and

delivery’ of items offered for sale, ... or otherwise controls vendor sales by previewing

products prior to their listing, editing product descriptions, or suggesting prices.” After

offering this guidance, the Second Circuit “remand[ed] to the District Court to consider in

the first instance whether the plaintiffs ha[d] adduced sufficient evidence to allow a

reasonable jury to conclude that YouTube had the right and ability to control the infringing

activity and received a financial benefit directly attributable to that activity.”

We agree with the Second Circuit and hold that, in order to have the “right and ability to

control,” the service provider must “exert [] substantial influence on the activities of users.”

“Substantial influence” may include, as the Second Circuit suggested, high levels of control

over activities of users, as in Cybernet. Or it may include purposeful conduct, as in Grokster.

In this case, Veoh’s interactions with and conduct toward its users did not rise to such a

level. As Judge Matz recognized, “(a) the allegedly infringing material resided on Veoh’s

system; (b) Veoh had the ability to remove such material; (c) Veoh could have implemented,

and did implement, filtering systems; and (d) Veoh could have searched for potentially

infringing content.” Such circumstances are not equivalent to the activities found to

constitute substantial influence in Cybernet and Grokster. Nor has UMG, in its initial or

supplemental briefing to this court, pointed to other evidence raising a genuine issue of

material fact as to whether Veoh’s activities involved “something more than the ability to

remove or block access to materials posted on a service provider's website.” Accordingly,

because UMG has not created a triable issue regarding Veoh’s right and ability to control

infringing activity, we conclude that Veoh met all the § 512(c) requirements, and we affirm

the entry of summary judgment in its favor.

III.

UMG also appeals the district court’s Rule 12(b)(6) dismissal of its complaint against the

Investor Defendants for vicarious infringement, contributory infringement and inducement

of infringement. It is well-established that “[s]econdary liability for copyright infringement

does not exist in the absence of direct infringement....” UMG argues, however, that even if

summary judgment was properly granted to Veoh on the basis of the DMCA safe harbor, as

we have held it was, “the [Investor] Defendants remain potentially liable for their related

indirect infringement” because the district court did not “make a finding regarding Veoh’s

169.

direct infringement,” and the Investor Defendants do not qualify as “service providers” who

can receive DMCA safe harbor protection. The Investor Defendants argue that it would be

illogical to impose greater liability on them than on Veoh itself. Although we agree that this

would create an anomalous result, we assume without deciding that the suit against the

Investor Defendants can properly proceed even though Veoh is protected from monetary

liability by the DMCA.20 Reaching the merits of UMG’s secondary liability arguments, we

hold that the district court properly dismissed the complaint.

UMG first alleges that the Investor Defendants are liable for contributory infringement.

“[O]ne who, with knowledge of the infringing activity, induces, causes or materially

contributes to the infringing conduct of another, may be held liable as a ‘contributory’

infringer.” In Fonovisa, 76 F.3d at 264, we established the “site and facilities” test:

“providing the site and facilities for known infringing activity is sufficient to establish

contributory liability” where the defendant “actively strives to provide the environment and

the market for counterfeit ... sales to thrive.” The district court concluded this test was not

met, dismissing the complaint because UMG did “not allege sufficiently that [the Investor

Defendants] gave material assistance in helping Veoh or its users accomplish

infringement.” We agree.

UMG acknowledges that funding alone cannot satisfy the material assistance requirement.

It thus argues that the Investor Defendants “provided Veoh’s necessary funding and

directed its spending” on “basic operations including ... hardware, software, and

employees”—“elements” UMG argues “form ‘the site and facilities’ for Veoh’s direct

infringement.” UMG thus attempts to liken its case to UMG Recordings, Inc. v.

Bertelsmann AG et al., 222 F.R.D. 408 (N.D. Cal.2004), where the district court denied an

investor's motion to dismiss claims of contributory infringement. In Bertelsmann, however,

the investor was Napster's “only available source of funding,” and thus “held significant

power and control over Napster's operations.” Here, by contrast, there were multiple

investors, and none of the Investor Defendants could individually control Veoh.

Accordingly, UMG hinges its novel theory of secondary liability on the contention that the

three Investor Defendants together took control of Veoh’s operations by “obtain[ing] three of

20 In Perfect 10, Inc. v. Visa International Service Ass’n, 494 F.3d 788 (9th Cir. 2007), we commented on a

similar circumstance. There, the plaintiff sought secondary liability against a credit card company that had

processed payments for websites that posted infringing materials. Visa observed that,

The result, under Perfect 10’s theories, would therefore be that a service provider with actual

knowledge of infringement and the actual ability to remove the infringing material, but which

has not received a statutorily compliant notice, is entitled to a safe harbor from liability, while

credit card companies with actual knowledge but without the actual ability to remove

infringing material, would benefit from no safe harbor. We recognize that the DMCA was not

intended to displace the development of secondary liability in the courts; rather, we simply

take note of the anomalous result Perfect 10 seeks.

We remain concerned about the possibility of imposing secondary liability on tangentially involved parties, like

Visa and the Investor Defendants, while those accused of direct infringement receive safe harbor protection.

“[B]y limiting the liability of service providers,” the DMCA sought to assuage any “hesitat[ion] to make the

necessary investment in the expansion of the speed and capacity of the Internet.” Congress was no doubt well

aware that service providers can make the desired investment only if they receive funding from investors like

the Investor Defendants. Although we do not decide the matter today, were we to hold that Veoh was protected,

but its investors were not, investors might hesitate to provide the necessary funding to companies like Veoh,

and Congress’ purpose in passing the DMCA would be undermined.

170.

the five seats on Veoh’s Board of Directors,” and effectively provided the “site and facilities”

for direct infringement by wielding their majority power to direct spending.

Even assuming that such joint control, not typically an element of contributory

infringement, could satisfy Fonovisa’s site and facilities requirement, UMG’s argument fails

on its own terms, because the complaint nowhere alleged that the Investor Defendants

agreed to work in concert to this end. UMG suggests that it “did allege that the [Investor]

Defendants agreed to ‘operate’ Veoh jointly—UMG alleged that the [Investor] Defendants

operated Veoh by ‘s[eeking] and obtain[ing] seats on Veoh’s Board of Directors as a

condition of their investments.’” But three investors individually acquiring one seat apiece

is not the same as agreeing to operate as a unified entity to obtain and leverage majority

control. Unless the three independent investors were on some level working in concert, then

none of them actually had sufficient control over the Board to direct Veoh in the way UMG

contends. This missing allegation is critical because finding secondary liability without it

would allow plaintiffs to sue any collection of directors making up 51 percent of the board

on the theory that they constitute a majority, and therefore together they control the

company. Without this lynchpin allegation, UMG's claim that the Investor Defendants had

sufficient control over Veoh to direct its spending and operations in a manner that might

theoretically satisfy the “site and facilities” test falls apart. We therefore affirm the

dismissal of UMG's contributory infringement claim.

This missing allegation likewise requires us to affirm the district court's dismissal of

UMG's vicarious liability and inducement of infringement claims. Inducement liability is

proper where “one [] distributes a device with the object of promoting its use to infringe

copyright, as shown by clear expression or other affirmative steps taken to foster

infringement.” Vicarious liability is warranted if “the defendant profits directly from the

infringement and has a right and ability to supervise the direct infringer.” UMG’s

arguments that the Investor Defendants “distribute[d]” Veoh’s services and had the right

and ability to supervise the infringing users are premised on the unalleged contention that

the Investor Defendants agreed to act in concert, and thus together they held a majority of

seats on the Board and “maintained operational control over the company.” We therefore

affirm the dismissal of the complaint against the Investor Defendants….

NOTES AND QUESTIONS

Background About Viacom v. YouTube. The Viacom v. YouTube litigation was filed in 2007,

before the UMG case was filed, but it took longer to resolve. UMG and Viacom involve

functionally identical video hosting sites and made similar legal arguments in court. The

district court awarded YouTube a decisive win in 2010. In 2012, the Second Circuit

reversed on several grounds. In April 2013, the district court again ruled decisively for

YouTube. Viacom appealed the case to the Second Circuit again, but in March 2014, the

parties settled the case after 7 years of mostly pointless litigation.

Red Flags of Infringement. What, exactly, constitutes a “red flag” of infringement? For

example, if a website provides a tool letting users report problems with content, and one

user reports another user’s content item as infringing, does the website have a “red flag” of

infringement—and if so, does it now have impermissible scienter about that item, about

infringement on the site generally, or about something else?

171.

The Veoh court suggests that a third party sending a general notice of infringement could

create red flags, while the same notice sent by a rightsowner would not qualify as a

512(c)(3) notice and could be ignored. Does it fit with the statutory safe harbor scheme for

courts to give greater legal effect to notices from non-rightsowners than notices from

rightsowners?

In EMI Christian Music Group, Inc. v. MP3tunes, LLC, 844 F.3d 79 (2d Cir. 2016), the

Second Circuit held that the site operators’ knowledge that copyrighted works never had

been authorized for release in MP3 format could support a jury verdict of red flags/willful

blindness when those works were linked to and loaded onto the site.

In Ventura Content, Ltd. v. Motherless, Inc., 885 F.3d 597 (9th Cir. 2018), the Ninth Circuit

said that “infringement must be apparent, not merely suspicious,” and “we look at objective

facts and circumstances from which the specific infringement would be obvious to a

reasonable person.” The court added: “It is hard to imagine that a site with 12.6 million

pictures and video clips uploaded by users would not contain some material that users had

uploaded without authorization,” but that’s not enough to constitute apparent

infringement.

Willful Blindness. What is the legal standard for willful blindness? The Ninth Circuit says

“service providers who do not locate and remove infringing materials they do not

specifically know of should not suffer the loss of safe harbor protection.” Is that a quadruple

negative? Can you translate this sentence into English that a layperson could understand?

Do you have any idea what facts might indicate that a service provider engaged in “willful

blindness”? Given that the statute already addressed “actual knowledge” and “red flags”

and Grokster added “inducement,” what defendant scienter is left for “willful blindness” to

address?

Right and Ability to Control. Does it strike you as odd that the court effectively concludes

that the phrase “right and ability to control” means something different depending on

whether it’s being used in the common law test for vicarious copyright infringement or in

the safe harbor statute?

What, exactly, constitutes “substantial influence” over users’ conduct? Doesn’t every user-

generated content website try to influence users’ conduct to advance the website’s

objectives?

In Ventura Content, Ltd. v. Motherless, Inc., 885 F.3d 597 (9th Cir. 2018), the Ninth Circuit

concluded the following facts didn’t evidence substantial influence: “Nothing in the record

suggests that Motherless told its users what to upload. Its homepage welcomed users to ‘a

moral free zone where anything legal stays.’ It did not curate uploaded content in any

meaningful way, nor did it reject unpopular groups or content. Motherless deleted only

user-created groups that contained little or no content, and it started deleting bestiality

content due to legality issues raised by European advertisers.”

Who Is a “User”? The statute applies to material stored at a user’s direction. Who is a user?

One appeals court held that “users” include paid independent contractors who had

172.

uploading privileges. BWP Media USA, Inc. v. Clarity Digital Group, LLC, 820 F.3d 1175

(10th Cir. 2016).

The Substituted UMG Opinion. The Ninth Circuit issued its first UMG opinion in December

2011. In April 2012, the Second Circuit issued Viacom Intern., Inc. v. YouTube, Inc., 676

F.3d 19 (2d Cir. 2012). The YouTube opinion is mostly consistent with the Ninth Circuit’s

2011 UMG opinion, but it expressly disagreed with the Ninth Circuit regarding the safe

harbor’s meaning of “right and ability to control.” It also had a more detailed (though no

more clear) discussion about “willful blindness,” saying the concept “involve[s] a service

provider exerting substantial influence on the activities of users, without necessarily—or

even frequently—acquiring knowledge of specific infringing activity.” In light of the Second

Circuit’s opinion, the Ninth Circuit reconsidered its earlier opinion, and in March 2013 it

issued the opinion you just read. Among other changes, the Ninth Circuit’s substituted

opinion revised its discussion about “willful blindness” and “right and ability to control” to

harmonize with the Second Circuit’s YouTube opinion without changing the case’s result

(Veoh wins).

Meanwhile, the Second Circuit’s ambiguous discussion about willful blindness and red flags

have made it harder (and more expensive) for defendants to win a § 512(c) defense. Capitol

Records, Inc. v. MP3tunes, LLC shows how this happened.

MP3Tunes is a music-sharing site. It won summary judgment on Section 512 grounds in

2011. After the Second Circuit’s YouTube ruling, the court reevaluated its prior opinion and

reversed MP3Tunes’ summary judgment on two grounds (Capitol Records, Inc. v.

MP3tunes, LLC, 2013 WL 1987225 (S.D.N.Y. 2013)):

1) There was a fact dispute about MP3Tunes’ willful blindness based on the following

evidence:

an email received by MP3tunes in April 2007 gives a specific blog title and

states, “[a]lthough I don't like ratting myself out, everything I post is in clear

violation of the DMCA .... please remove any MP3s that are linked to that

site.”...Another email from November 2007 states, “if you search for ‘the clash

I fought the law’... you will get 5 results ... 2 of which point to the website

www.officerjellynutz.com[.] This website blatantly acknowledges that it

contains infringing MP3’s.”...In a third email, an MP3tunes employee

acknowledges that while “it's not clear if [content from a user’s site] is all

copyright [sic] material ... it probably is though.”

Consider the likelihood that every user-generated content website has received similar

emails.

2) There was a fact dispute about whether MP3Tunes had red flags of infringement. The

judge says:

Since something less than a formal takedown notice may now establish red

flag knowledge and EMI offers communications acknowledging likely

infringement, the issue of Defendants' red flag knowledge cannot be resolved

on summary judgment. This Court reaches this conclusion reluctantly, given

173.

MP3tunes’ salutary practice of sending instructions regarding DMCA-

compliant takedown notices to third parties reporting possible infringement

and the DMCA’s disavowal of any duty on the part of service providers to

monitor user content.

As a result, the case proceeded to a trial on both questions. A jury held MP3Tunes and its

executive liable for copyright infringement and awarded damages of $48 million.

Meanwhile, MP3Tunes went bankrupt in 2012, confirming that the Second Circuit’s

YouTube ruling turned an apparent MP3Tunes victory in court into a complete defeat for

MP3Tunes.

Then again, the MP3Tunes plaintiffs didn’t exactly profit from this long-running litigation.

The judge reduced the jury award to about $12 million, and the plaintiffs spent about $12

million in legal fees to achieve that result. Even the judge called it a “Pyrrhic victory” for

the plaintiffs. Capitol Records, Inc. v. MP3Tunes, LLC, 1:07-cv-09931-WHP-FM (S.D.N.Y.

Apr. 3, 2015). But see EMI Christian Music Group, Inc. v. MP3tunes, LLC, 844 F.3d 79 (2d

Cir. 2016) (expanding the defense’s liability).

Takedown Notices. Why didn’t UMG just send Veoh proper takedown notices instead of

suing it in court? If UMG had sent proper takedown notices, would Veoh have honored

them? Recall how Veoh handled the RIAA’s takedown notices.

The Challenges of Determining Infringement. Viacom’s marketing team and affiliates

uploaded videos to YouTube for their marketing benefit. In some cases, Viacom deliberately

altered clips to look like an unauthorized upload; supposedly that makes the clips more

interesting to viewers. The Viacom legal team would complain about clips posted by

Viacom’s marketing team because they wouldn’t realize employees of their own company

had made the uploads. If Viacom’s legal team doesn’t know that some clips were authorized

by its own marketing department, how is YouTube supposed to know?

Also, Viacom routinely acquiesced to leaving up user-posted video clips, but it constantly

changed its acquiescence policy—and never disclosed the policy to YouTube. If Viacom is

constantly changing its mind about which user postings it considers problematic, how is

YouTube supposed to know?

Also, Viacom TWICE withdrew clips from its complaint when it subsequently determined

the clips weren’t infringing. If Viacom’s litigators can’t figure out which clips are infringing

well enough to file an accurate complaint—when they have full access to Viacom’s

information and its lawyers are under Rule 11’s investigatory duty—how is YouTube

supposed to figure it out?

Preventing “Repeat Infringers.” What steps must service providers take to prevent “repeat

infringers”? This issue was confusingly explored in EMI Christian Music Group, Inc. v.

MP3tunes, LLC, 844 F.3d 79 (2d Cir. 2016). The court upheld the jury’s verdict that the

defense had not adequately prevented repeat infringers based on evidence that “MP3tunes

did not even try to connect known infringing activity of which it became aware through

takedown notices to users who repeatedly sideloaded files and created links to that

infringing content in the sideload.com index…. There was also evidence that MP3tunes was capable of cataloging the sideloads of each MP3tunes user. A jury could reasonably infer

174.

from that evidence that MP3tunes actually knew of specific repeat infringers and failed to

take action.” [Editor’s note: “sideloading” means that when a user posted a link to a file on a

third party site, MP3Tunes would automatically import that file into its database].

Does this ruling mean that service providers are required to build and operate a mechanism

to track recidivists? 17 U.S.C. § 512(m) says that the safe harbors are not conditioned on a

service provider “monitoring its service or affirmatively seeking facts indicating infringing

activity.” The Second Circuit responded:

a reasonable jury could have concluded that it was reasonable for MP3tunes

to track users who repeatedly created links to infringing content in the

sideload.com index or who copied files from those links. After all, MP3tunes

had already tracked and removed 153 users “who allowed others to access

their lockers and copy music files without authorization”; by comparison,

requiring MP3tunes to extend that policy to users who sideloaded infringing

content may not be an unreasonably burdensome request. Furthermore,

doing so would not require MP3tunes to “monitor” or “affirmatively seek

facts” about infringing activity in a manner inconsistent with § 512(m)(1)

because it already had adequate information at its disposal in the form of

takedown notices provided by EMI as to which links were allegedly

infringing. MP3tunes would simply have had to make use of information

already within its possession and connect that information to known users

In Ventura Content, Ltd. v. Motherless, Inc., 885 F.3d 597 (9th Cir. 2018), the Ninth Circuit

affirmed a Section 512(c) defense for a service that didn’t have a written repeat infringer

policy and did not keep written records of the identities of infringers. However, because all

copyright removals were handled by the service’s principal, and he (allegedly) remembered

repeat infringers in his head, the court said the service satisfied the requirement. (Practice

pointer: despite this ruling, keep written repeat infringer policies and written records of the

identities of infringers so repeat infringers can be easily spotted).

Copyright Owner Over-Claiming. UMG argued that Veoh couldn’t advertise the availability

of material from 50 Cent, Avril Lavigne and Britney Spears, even though UMG did not

completely control those artists’ catalogs. This is a typical example of how copyright owners

routinely overclaim their rights.

Direct Financial Benefit and Advertising. Ordinarily, generating ad revenues at user-

generated content sites should not constitute a direct financial benefit from infringement,

even if ad impressions increase as more infringing activity takes place, because the service

provider isn’t trying to profit from infringement. However, in the IsoHunt case (discussed in

the Notes and Questions after Grokster), the Ninth Circuit said the service provider had a

direct financial benefit from the infringement (sufficient to disqualify it from Section 512(c))

because:

Fung promoted advertising by pointing to infringing activity; obtained

advertising revenue that depended on the number of visitors to his sites;

attracted primarily visitors who were seeking to engage in infringing activity,

as that is mostly what occurred on his sites; and encouraged that infringing

activity. Given this confluence of circumstances, Fung’s revenue stream was

175.

tied directly to the infringing activity involving his websites, both as to his

ability to attract advertisers and as to the amount of revenue he received.

Investor Liability. Look again at footnote 20 of the UMG opinion. Why weren’t the investors

automatically protected by the “corporate veil” doctrine?

Do you think Congress intended that websites can qualify for the § 512 safe harbor, but

their investors cannot?

If you were a potential investor in a new user-generated content website, would the UMG

ruling deter you from making the investment? See Michael A. Carrier, Copyright and

Innovation: The Untold Story, 2012 WIS. L. REV. 891.

Discovery Implications. Imagine that you are a copyright owner’s counsel. In light of this

opinion, what kinds of onerous discovery requests might you legitimately make of a service

provider defendant? What kinds of onerous discovery requests might you legitimately make

of the service provider’s investors?

Denouement to the UMG Case. The Ninth Circuit ruling confirmed that Veoh properly

complied with the rules specified by Congress. Good news for Veoh, right? Yes…except that

Veoh’s litigation costs for this and other cases drained its bank account, forcing Veoh to

shut down. Veoh’s investors lost their investments, its employees lost their jobs, and users

who uploaded videos to Veoh had their videos taken offline. So the case illustrates a

conundrum: the courts gave Veoh a clean bill of health, but getting that clean bill of health

killed Veoh.

In Viacom v. YouTube, Google disclosed that it spent $100 million on litigation costs

through the point it filed its summary judgment motions. Obviously, it spent even more

before settling the case. Google can afford to spend over $100M defending YouTube, but

smaller market players—like Veoh—can’t.

What implications might these facts (i.e., Veoh is legal but dead) have for the proper design

of immunities and safe harbors? Compare the litigation costs associated with the 47 U.S.C.

§ 230 immunity discussed later in the casebook, and see Eric Goldman, Want to End the

Litigation Epidemic? Create Lawsuit-Free Zones, FORBES TERTIUM QUID (Apr. 10, 2013).

Consequences of Bogus Takedown Notices. UMG didn’t send § 512(c)(3) takedown notices to

Veoh, but Congress recognized the possibility that copyright owners would send takedown

notices too freely or for illegitimate purposes. To curb such overzealousness, 17 U.S.C. §

512(f) created a cause of action for sending takedown notices that “knowingly materially

misrepresent[]” that the user activity is infringing.

In Rossi v. Motion Picture Association of America, 391 F.3d 1000 (9th Cir. 2004), the Ninth

Circuit said that § 512(f) turns on the sender’s subjective scienter. Because evidence of the

sender’s subjective bad faith will be rarely available, especially before discovery, § 512(f)

plaintiffs rarely have sufficient evidence to state a claim. As a result, § 512(f) plaintiffs

almost never win their claims.

176.

The Ninth Circuit revisited § 512(f) in Lenz v. Universal Music Corp., 815 F.3d 1145 (9th

Cir. 2016). The court held that senders of takedown notices need to consider the possibility

that the user’s content qualifies for fair use before sending the notice:

Universal faces liability if it knowingly misrepresented in the takedown

notification that it had formed a good faith belief the video was not

authorized by the law, i.e., did not constitute fair use.

In Lenz’s case, this legal standard entitled her to a trial. The case ultimately settled,

leaving the legal issues unresolved.

The Lenz panel’s initial opinion indicated that using robots to find alleging infringing

content and then sending automated takedown notices—which is how most major copyright

owners handle online copyright enforcement—would be OK. The court’s amended opinion

stripped out the dicta but did not resolve how a copyright owner might consider the

possibility of fair use when automating the takedown sending process. As a result, it

remains unclear if robo-notices are OK.

It also remains unclear if a takedown notice sender will be able to avoid § 512(f) liability

simply by saying it thought about fair use before sending the notice. Consider this

hypothetical deposition transcript of a takedown notice sender:

Q: Did you consider fair use before sending your takedown notice?

A: Yes.

Q: What steps did you take to evaluate the possibility of fair use?

A: I thought about it and decided it probably didn’t apply.

In light of Rossi’s subjective scienter standard (which the Lenz case did not overturn), could

a § 512(f) plaintiff overcome this transcript—even if an objective reasonable person would

have concluded that fair use applied to the content at issue?

Designating an Agent at the Copyright Office. § 512 requires service providers to file

paperwork with the Copyright Office designating an agent to receive incoming § 512(c)(3)

notices. The statute is clear: no designation with the Copyright Office, no safe harbor.

For the DMCA’s first 20 years, the Copyright Office allowed service providers to make one-

time designations. Once the paperwork was filed, the designation remained in effect

indefinitely unless the service provider amended it.

In 2016, the Copyright Office changed the rule (37 C.F.R. Part 201.38). Now, agent

designations only last for 3 years. Unless the service provider timely renews the

designation and pays an additional nominal fee, the service provider will categorically lose

the DMCA safe harbor protection after the designation expires. This designation renewal

requirement is not required (or contemplated) by the DMCA statute, and it will have

draconian consequences for anyone who inadvertently misses the designation renewal

deadline. Designations filed before 2017 had to be refiled by the end of 2017, or those

designations expired.

177.

If you file an agent designation for a client, you must also ensure that you and the client

track the 3 year expiration date.

European Upload Filters. The E.U.’s Directive on Copyright in the Digital Single Market

takes a different approach. In particular, Article 17 says that “online content-sharing

service providers shall be liable for unauthorised acts of communication to the public…

unless the service providers demonstrate that they have:…made, in accordance with high

industry standards of professional diligence, best efforts to ensure the unavailability of

specific works and other subject matter for which the rightholders have provided the

service providers with the relevant and necessary information…” It’s expected that Article

17 will force all Internet services to deploy pro-active “upload filters” to avoid liability for

user-submitted infringing files. This has several unwanted consequences:

 Upload filters are expensive, so this requirement will further chill any startup

innovations involving user-generated content (not that Europe has a great track

record on that front). This also will drive some existing enterprises out of the UGC

business.

 Upload filters have too many false positives. Filters usually do not accommodate fair

uses, parodies, and de minimis use. Imagine, for example, how upload filters will

handle GIFs and memes that are based on popular copyrighted material.

 To avoid the liability created by this article, some services will prioritize licensing

professional content over user-generated content. Licensed professional content isn’t

infringement-free but has lower rates of infringement. To pay for this licensed

content, the services will increasingly deploy paywalls and subscription-based

business models—moving the Internet closer towards looking like the cable TV

industry.

IAP Liability. The DMCA attempted to protect IAPs for subscriber-caused copyright

infringement. Section 512(a) eliminates damages and limits injunctions for “transmitting,

routing, or providing connections for, material through a system or network controlled or

operated by or for the service provider.” Unlike the more commonly litigated 512(c) safe

harbor for web hosting, there is no notice-and-takedown predicate for 512(a); and 512(a)

seemingly applies equally to direct, contributory, and vicarious infringement claims. For

those reasons, for the first 15 years after the DMCA’s passage, copyright owners largely

ignored IAPs as defendants.

In 2011, major copyright owners and IAPs struck a deal called the Copyright Alert System,

sometimes called the “6 strikes” program. Copyright owners could send notices of claimed

P2P infringement about an IAP’s subscribers, and the IAP would treat each notice as a

“strike” that led to progressively stiffer discipline of the subscriber. It was not always clear

why the IAPs agreed to do this, because 512(a) should have protected IAPs either way.

The Copyright Alert System imploded in 2017. In its wake, copyright owners started sued

IAPs for subscribers’ infringing activities. Despite 512(a), the litigation has not been going

well for IAPs.

As a precondition of 512(a), service providers must terminate repeat infringers. Courts have

held that IAPs should terminate subscribers who have received too many complaints from

178.

copyright owners, even if those notices are never verified as accurate. (Indeed, many

infringement notices are generated and sent by automated robots, with no verification of

accuracy before being sent). In other words, IAPs must turn off Internet access to

subscribers who are accused of being repeat infringers.

With 512(a) out of the way, IAPs’ legal exposure poses a potentially existential threat. In

2019, Cox Communications was hit with a $1B damages award (subsequent proceedings

reduced this number some). Sony Music Entertainment v. Cox Communications, Inc., 2020

WL 3121306 (E.D. Va. 2020); see also UMG Recordings, Inc. v. Grande Communications

Networks, LLC, 2018 WL 1096871 (W.D. Tex. 2018); Warner Records Inc. v. Charter

Communications, Inc., 2020 WL 1872387 (D. Colo. 2020).

If IAPs can be liable for their subscribers’ infringing activity, what should IAPs do to

mitigate that risk? IAPs have a limited remedy toolkit (turn Internet access on or off), and

Internet access has become an essential service to most subscribers. Putting the service’s

available in the hands of copyright owners can’t be the right result.

CHAPTER 5 REVIEW QUESTION #2

A web host has not filed the paperwork with the Copyright Office to designate an agent for

notice, but the web host expeditiously honors all takedown requests. Under what

circumstances can the web host successfully assert a § 512(c) defense?

a) If it prominently disclosed the identity of the agent for notice on its website

b) If the web host is located outside the United States

c) If the web host deployed automated filters to prevent infringing items from being

uploaded

d) If it promptly files the designation with the Copyright Office after being served with a

lawsuit

e) It can’t assert the 512(c) defense

179.

The following case reviews the doctrines we’ve covered so far. As you read it, note the parts

of the opinion that confuse you or that you think conflict with materials we’ve already

covered in the book.

Ticketmaster L.L.C. v. RMG Technologies, Inc., 507 F. Supp. 2d 1096 (C.D. Cal.

2007).

…I. FACTUAL AND PROCEDURAL BACKGROUND

In this action, Plaintiff Ticketmaster (“Plaintiff” or “Ticketmaster”) alleges that Defendant

RMG has developed and marketed automated devices to access and navigate through

Ticketmaster’s website, thereby infringing Plaintiff’s copyrights and violating the website’s

Terms of Use and a number of federal and state statutes.

Plaintiff Ticketmaster sells tickets for entertainment and sports events on behalf of its

clients to the general public through a variety of means, including its copyrighted website

ticketmaster.com (“website”). Recognizing that competition to purchase tickets can be

intense, Plaintiff contends that it attempts to ensure a fair and equitable ticket buying

process on the website by contract and through technological means. First, visitors to

ticketmaster.com are required to accept contractual provisions set forth in the website’s

“Terms of Use.” These terms permit viewers to use ticketmaster.com for personal use only,

prohibit commercial use, prohibit the use of automatic devices, prohibit users from

accessing ticketing pages more than once during any three second interval, and prohibit

consumers from purchasing more than a specific number of tickets in a single transaction.

Second, Plaintiff contends that it employs a number of technological means to ensure that

ticket buying over the website is fair and equitable. One of these measures is a computer

security program known as CAPTCHA that is designed to distinguish between human

users and computer programs, and thereby prevent purchasers from using automated

devices to purchase tickets.

Plaintiff contends that Defendant RMG has marketed and sold applications that enable

Defendant’s customers to use automated devices to enter and navigate through its website

in violation of the Terms of Use governing the website, thereby causing injury to Plaintiff.

For example, Plaintiff contends that Defendant’s applications are prohibited “automatic

devices,” that the applications circumvent Plaintiff’s access control and copy protection

systems, including CAPTCHA, inundate Plaintiff’s computers with thousands of automatic

requests thereby preventing ordinary consumers from accessing the website, and enable

Defendant’s clients to purchase large quantities of tickets. Based on these allegations,

Plaintiff’s FAC, filed on June 25, 2007, states eleven causes of action against Defendant.

Plaintiff now moves for a preliminary injunction based on five of its claims. Plaintiff’s

evidence in support of its motion includes declarations from its Senior Director of

Applications Support, Kevin McLain, wherein Mr. McLain testifies how he was able to trace

ticket requests and purchases made on ticketmaster.com back to individual users and,

ultimately, to Defendant. Based on his methodology, McLain discovered, for example, that

Chris Kovach, a ticket broker and one of Defendant’s clients, purchased over 9,500 ticket

orders—or 24,000 tickets—over the last several years. McLain also explains that he

identified Gary Charles Bonner and Thomas J. Prior as Defendant’s clients. Using IP

180.

addresses registered to Defendant, Bonner made almost 13,000 ticket purchases over

several years, and made more than 425,000 ticket requests in a single day. Using IP

addresses registered to Defendant, Prior made almost 22,000 ticket orders over several

years, and made more than 600,000 ticket requests in a single day….

Defendant challenges the Motion on both legal and factual grounds. Defendant states that

the computer application Plaintiff seeks to enjoin Defendant from using and selling is its

Ticket Broker Acquisition Tool (“TBAT”), and that this application is not an “automated

device” but, rather, is simply a type of internet browser, akin to Internet Explorer,

requiring human interaction. Defendant also urges that it should not be bound by the

Terms of Use and that, in any case, Plaintiff has presented no evidence upon which it—as

opposed to the persons using TBAT—can be enjoined. Defendant also argues that Plaintiff’s

legal theories are flawed in various ways….

III. ANALYSIS

The five claims on which Plaintiff seeks a preliminary injunction are its claims for violation

of the United States Copyright Act, 17 U.S.C. §§ 501 et seq., the Digital Millennium

Copyright Act (“DMCA”) 17 U.S.C. § 1201, California Penal Code § 502, and the Computer

Fraud and Abuse Act (“CFAA”) 18 U.S.C. § 1030(g), and on its breach of contract claim.

A. Likelihood of Success on the Merits.

1. Plaintiff’s Copyright Claim

To prevail on its claim for copyright infringement, Plaintiff must (1) “show ownership of the

allegedly infringed material and (2) [it] must demonstrate that the alleged infringers

violate at least one exclusive right granted to copyright holders under 17 U.S.C. § 106.”

Ticketmaster alleges that RMG is violating its copyright in the ticketmaster.com website.

Ticketmaster has submitted evidence that it owns registered copyrights in the website

ticketmaster.com, and, separately, in portions of the website. “A website may constitute a

work of authorship fixed in a tangible medium of expression ... Copyright protection for a

website may extend to both the screen displays and the computer code for the website.”

Defendant does not dispute Plaintiff’s claim that its website is copyrighted. Ticketmaster

has thus satisfied the first element of its copyright claim.

Ticketmaster alleges that RMG infringes its copyrights in ticketmaster.com both directly

and indirectly. First, Ticketmaster states that each time Defendant views a page from

ticketmaster.com, a copy of that page is necessarily downloaded or “cached” from Plaintiff’s

computers onto the Defendant’s computer’s random access memory (“RAM”), thus

rendering Defendant directly liable for such copying. Plaintiff also argues that Defendant

directly participates in its customers’ unauthorized access of the website because its

customers do not acquire physical possession of the software. Rather, Defendant’s devices

are kept on Defendant’s own computer systems; in order to gain access to Defendant’s

devices, its customers must log onto Defendant’s website ticketbrokertools.com, and use the

devices hosted on ticketbrokertools.com to improperly access ticketmaster.com. Thus,

Defendant allows and, indeed, requires its customers to go through its own infrastructure

in order to employ the devices that access ticketmaster.com. Defendant denies this factual

181.

allegation and states that “TBAT [has never been] operated from RMG’s computer system

on behalf of any client, as it is not, nor has it ever, been centrally run on behalf of any

client.”

Second, Plaintiff states that Defendant is indirectly liable for contributory infringement,

vicarious infringement, and inducing copyright infringement because it provides its clients

with bots and other automated devices to infringe Plaintiff’s copyright in its website. Both

direct and indirect infringement occur insofar as the person viewing the website does so in

excess of the authorization Plaintiff grants through the website’s Terms of Use.

a. Defendant’s Direct Liability for Copyright Infringement

Defendant’s direct liability for copyright infringement is based on the automatically-created

copies of ticketmaster.com webpages that are stored on Defendant’s computer each time

Defendant accesses ticketmaster.com. Defendant does not contest that, as a technological

question, whenever a webpage is viewed on a computer, copies of the viewed pages are

made and stored on the viewer’s computer. However, Defendant contends that such

“cached” copies are not “copies” within the meaning of the Copyright Act, that such copies

could not give rise to copyright liability because their creation constitutes fair use, and that

Plaintiff has not shown that any pages from ticketmaster.com were ever downloaded or

stored on Defendant’s computer.

Section 101 of the Copyright Act defines “copies” as “material objects, other than

phonorecords, in which a work is fixed by any method now known or later developed, and

from which the work can be perceived, reproduced, or otherwise communicated, either

directly or with the aid of a machine or device.” The Copyright Act also provides that “[a]

work is ‘fixed’ in a tangible medium of expression when its embodiment in a copy or

phonorecord, by or under the authority of the author, is sufficiently permanent or stable to

permit it to be perceived, reproduced, or otherwise communicated for a period of more than

transitory duration.”

The copies of webpages stored automatically in a computer’s cache or random access

memory (“RAM”) upon a viewing of the webpage fall within the Copyright Act’s definition of

“copy.” See, e.g., MAI Systems Corp. v. Peak Computer, Inc., 991 F.2d 511, 519 (9th Cir.

1993) (“We recognize that these authorities are somewhat troubling since they do not

specify that a copy is created regardless of whether the software is loaded into the RAM,

the hard disk or the read only memory (‘ROM’). However, since we find that the copy

created in the RAM can be ‘perceived, reproduced, or otherwise communicated,’ we hold

that the loading of software into the RAM creates a copy under the Copyright Act.”) See

also Twentieth Century Fox Film Corp. v. Cablevision Systems Corp., 478 F. Supp. 2d 607,

621 (S.D.N.Y. 2007) (agreeing with the “numerous courts [that] have held that the

transmission of information through a computer’s random access memory or RAM ...

creates a ‘copy’ for purposes of the Copyright Act,” and citing cases.) Thus, copies of

ticketmaster.com webpages automatically stored on a viewer’s computer are “copies” within

the meaning of the Copyright Act.

The Court must next determine whether Plaintiff has shown by a preponderance of the

evidence that Defendant did in fact view the website, thereby copying its webpages.

Although Plaintiff does not present direct evidence of such viewing, the logic from which

182.

such an inference may be drawn is compelling. Plaintiff presents expert testimony that

Defendant necessarily had to view ticketmaster.com in order to create the applications that

enable Defendant’s customers to enter and navigate through the website. Indeed, in order

to test the applications to determine whether they worked as intended, Defendant would

have had to actually use the applications to purchase tickets from the website. By

Defendant’s own description, TBAT is “a browser geared for the purchase of tickets from a

variety of websites including ... ticketmaster.com.” It also follows that Defendant’s clients

would have had to visit the website, and thus copy pages, in order to make ticket purchases.

The Court thus finds that Plaintiff is indeed likely to prove that Defendant visited (and

used) ticketmaster.com and necessarily made copies of pages from the copyrighted website.

Plaintiff also argues that Defendant is directly liable for infringement because its clients

must work through Defendant’s website and computer system in order to use Defendant’s

ticket purchasing software and thereby gain unauthorized access to ticketmaster.com.

Defendant disputes this allegation. However, the Court finds it unnecessary to decide

whether Plaintiff will prevail in its claim for direct infringement by showing that

Defendant directly participates in its clients’ conduct by acting as an intermediary for their

unauthorized use of ticketmaster.com. As discussed above, Plaintiff will likely succeed in its

claim for direct liability by showing that Defendant itself viewed and/or used the website.4

Next, the Court will consider whether Plaintiff is likely to demonstrate that such copying

constitutes copyright infringement. Plaintiff contends that Defendant infringed its

copyrights by accessing and using the copyrighted website in excess of the authorization

granted in the website’s Terms of Use, which Plaintiff contends creates a non-exclusive

license to view (and thus copy) pages from the website. Defendant presents a number of

legal and factual arguments against this theory, but none of them is meritorious.

First, the Court agrees that the Terms of Use presented on ticketmaster.com create a non-

exclusive license to copy the website. “The word ‘license,’ means permission, or authority;

and a license to do any particular thing, is a permission or authority to do that thing.” “No

magic words must be included in a document” to create a copyright license. Furthermore,

nonexclusive licenses can be implied from conduct. See Effects Associates, Inc. v. Cohen,

908 F.2d 555, 558-559 (9th Cir. 1990) (holding that by creating a work at defendant’s

request and handing it over to defendant to copy and distribute, plaintiff granted defendant

an implied nonexclusive license to the work.) Use of a work in excess of a license gives rise

to liability for copyright infringement.

Plaintiff has presented evidence showing that access to the website is governed by specific

Terms of Use, and that any person viewing the website is put on notice of the Terms of Use.

For example, the ticketmaster.com homepage displays the following warning: “Use of this

website is subject to express Terms of Use which prohibit commercial use of this site. By

continuing past this page, you agree to abide by these terms.” The underlined phrase

“Terms of Use” is a hyperlink to the full Terms of Use; the same phrase appears on almost

every page of ticketmaster.com. In addition, since 2003, users of ticketmaster.com have had

to affirmatively agree to the Terms of Use as part of the procedure to set up an account, and

4 In addition, even accepting Defendant’s version of the facts—that its clients download TBAT onto their own

computers and operate it independent of Defendant—its conduct would still render it liable for contributory

infringement, discussed infra.

183.

since mid-2006, users have had to affirmatively agree to the Terms of Use for every ticket

purchase.

Having determined that Plaintiff is highly likely to succeed in showing that Defendants

viewed and navigated through ticketmaster.com, the Court further concludes that Plaintiff

is highly likely to succeed in showing that Defendant received notice of the Terms of Use

and assented to them by actually using the website. See, e.g., Register.com, Inc. v. Verio,

Inc., 126 F. Supp. 2d 238, 248 (S.D.N.Y. 2000) (where website’s terms of use stated “by

submitting this query, you agree to abide by these terms,” court held “there can be no

question that [the user of website] manifested its assent to be bound” by the terms of use

when it electronically submitted queries to the database); Hotmail Corp. v. Van$ Money Pie

Inc., 1998 WL 388389, *2, 6 (N.D. Cal. 1998) (granting preliminary injunction based in part

on breach of “Terms of Service” agreement, to which defendants had assented.) Indeed,

Defendant does not contest that it was on notice of the Terms of Use; rather, Defendant

argues that the Terms of Use do not amount to an agreement or a license, and that the

Terms are too uncertain to be enforced. The Court finds no merit in these arguments.

The Terms of Use governing ticketmaster.com include the following terms:

“You [the viewer] agree that you are only authorized to visit, view and to

retain a copy of pages of this site for your own personal use, and that you

shall not duplicate, download, [or] modify ... the material on this Site for any

purpose other than to review event and promotions information, for personal

use ...”

“No ... areas of this Site may be used by our visitors for any commercial

purposes ...”

“You agree that you will not use any robot, spider or other automated device,

process, or means to access the Site.... You agree that you will not use any

device, software or routine that interferes with the proper working of the Site

nor shall you attempt to interfere with the proper working of the Site.”

“You agree that you will not take any action that imposes an unreasonable or

disproportionately large load on our infrastructure.”

“You agree that you will not access, reload or ‘refresh’ transactional event or

ticketing pages, or make any other request to transactional servers, more

than once during any three second interval.”

“You do not have permission to access this Site in any way that violates ...

these terms of use.”

“You understand and agree that ... Ticketmaster may terminate your access

to this Site, cancel your ticket order or tickets acquired through your ticket

order ... if Ticketmaster believes that your conduct or the conduct of any

person with whom Ticketmaster believes you act in concert ... violates or is

inconsistent with these Terms or the law, or violates the rights of

Ticketmaster, a client of Ticketmaster or another user of the Site.”

184.

Viewers are thus authorized to view—and thereby copy—pages of the website when they do

so in accordance with the Terms of Use. In addition, Plaintiff reserves the right to

terminate any person’s access to the website if it believes that person violated the Terms of

Use. Thus, by the Terms of Use, Plaintiff grants a nonexclusive license to consumers to copy

pages from the website in compliance with those Terms. Inasmuch as Defendant used the

website, Defendant assented to the terms.

Nor are the terms so vague as to be unenforceable. The above terms permit access for

personal use only, prohibit commercial use, prohibit the use of bots and automated devices,

limit the frequency with which users can make requests of the website, and require the

user to agree not to interfere with the proper working of the website. Defendant argues,

however, that the term “automated device” is confusing. Specifically, Defendant’s President,

Cipriano Garibay, a software designer, testifies in his declaration that TBAT—which he

appears to claim is the only product in issue in this case—is just a web browser and is not

an “automated device” because it requires human interaction to function. Garibay further

claims that he does not know what Plaintiff is referring to by the term “automated device”

because “every computer in the world, as well as all computer programs and web browsers,

have [sic] a large degree of automation built in since they are not run manually. Clearly,

Ticketmaster is not seeking to prohibit all computers and browsers from accessing its

website, otherwise the website would be useless. However, as Ticketmaster has not defined

‘automated device’ in its ‘Terms of Use,’ I can only speculate as to what it means by same.”

This claim is specious. First, the term appears in the provision in which website viewers

agree to “not use any robot, spider or other automated device, process, or means to access

the Site.” (emphasis added). Although the terms of use include no additional definition of

“automated device,” they identify robots and spiders as examples of such devices, which

Garibay states are “programs which by their very nature run without interfacing with

humans.” Plaintiff has submitted credible testimony showing that Defendant’s applications

are, in fact, automated devices. For example, Adam Lieb, a computer consultant who

studied a directory Defendant placed on Kovach’s computer, testified that “the term

‘automated device’ is easy to understand in the context of computer programming”—a field

in which Garibay claims 10 years of experience—and that TBAT is an automated device.

Lieb explains that even though TBAT may require human initialization or set up, the

application generates automated requests thereafter. Based on his examination of the

“super proxy” log files on Kovach’s computer, Lieb states that “several webpage requests

per second were made to Ticketmaster, via the proxy, from the same source IP address.

Thousands of requests were made per day. No human would be able to generate that many

requests during manual, non-automated web browsing. These were automated request[s]

made by an ‘automated device.’”

Based on his personal experience, Kovach describes Defendant’s software as “including

automated devices that RMG calls ‘workers’ that can automatically navigate the

Ticketmaster website.... [M]y level of service enabled me to use multiple workers—

sometimes over one hundred of them—simultaneously to search for and request tickets.”

Kovach further describes how he could command the workers to search for tickets according

to parameters that he would set, and that the workers would search for tickets

automatically and alert him when they found tickets matching his parameters. Indeed,

Defendant’s own website advertises its products as “let[ting] you do the work of a dozen

185.

people at once. Just enter the event information ... and the moment the event goes on sale,

PurchaseMaster goes into action.” In view of all of the evidence, Plaintiff is highly likely to

succeed on its claim that Defendant’s applications are automated devices that violate the

Terms of Use.

However, even setting aside Plaintiff’s prohibition of automated devices, the application as

described would violate other provisions of the Terms of Use. For example, using an

application that enables a person to make several requests per second would violate the

provision limiting the frequency of requests to no more than one every three seconds.

Furthermore, use of an application designed to thwart Plaintiff’s access control by, in

Defendant’s own description, “stealth technology [that] lets you hide your IP address, so you

never get blocked by Ticketmaster,” (original emphasis) would breach the user’s

agreement to “not use any device, software or routine that interferes with the proper

working of the Site nor shall you attempt to interfere with the proper working of the Site.”

See also Kovach Decl. ¶ 8 (explaining his understanding that the “workers are specifically

designed to navigate or otherwise avoid various security measures on Ticketmaster’s

website.”)

Finally, Defendant argues in summary fashion that to the extent Plaintiff’s claim is

predicated on automatically-made cache copies of Plaintiff’s webpages, such cache copies

constitute fair use as a matter of law under Perfect 10, Inc., v. Amazon.com, Inc., 487 F.3d

701, 716 (9th Cir. 2007). This argument is unavailing for several reasons. First, “[b]ecause

the defendant in an infringement action has the burden of proving fair use, the defendant is

responsible for introducing evidence of fair use in responding to a motion for preliminary

relief.” Here, Defendant has come forward with no evidence of fair use. Nor did Defendant

attempt to explain how its use satisfies any of the four fair use factors set forth in 17 U.S.C.

§ 107. Accordingly, the fair use defense fails to defeat Plaintiff’s motion on these grounds

alone.

Second, Perfect 10 does not stand for the absolute principle of law that Defendant attributes

to it. Rather, Perfect 10 addressed, among other questions, whether users who link to

infringing websites and thus make automatic cache copies of those infringing websites

themselves commit copyright infringement. The Ninth Circuit agreed with the district court

that such conduct was “fair use in this context” because the caching was “noncommercial,

transformative ... and has a minimal impact on the potential market for the original work.”

Significantly, the Court also noted that “a cache copies no more than necessary to assist the

user in Internet use,” and, in the case before it, the “background copying has no more than

a minimal effect” on the plaintiff’s rights. In this context, by contrast, Defendant is not an

“innocent” third-party visitor to another person’s infringing site. Instead, the purpose of

Defendant’s viewing ticketmaster.com and the copying that necessarily entails is to engage

in conduct that violates the Terms of Use in the ways described above. In addition,

Defendant’s use of the website is to further its own commercial objectives, that is, to create

and sell ticket purchasing applications that can gain unauthorized access to

ticketmaster.com. In addition, in this case, such copying has a significant, as opposed to

minimal, effect on Plaintiff’s rights because Defendant’s conduct empowers its customers to

also violate the Terms of Use, infringe on Plaintiff’s rights, and collectively cause Plaintiff

the harm described below. For all of these reasons, Defendant’s fair use defense fails.

186.

Because the Court finds that Plaintiff has a strong likelihood of proving that Defendant

violated ticketmaster.com’s Terms of Use by using automated devices, making excessive

requests, and interfering with the proper working of the website when it used and/or

designed applications that access ticketmaster.com, the Court finds that Plaintiff has a

strong likelihood of succeeding on the merits of its claim for direct copyright infringement.

b. Defendant’s Indirect Liability for Copyright Infringement

Plaintiff also argues that it has a strong likelihood of success on its claim for indirect

copyright infringement. The Court agrees.

“One infringes contributorily by intentionally inducing or encouraging direct infringement,

and infringes vicariously by profiting from direct infringement while declining to exercise a

right to stop or limit it.” Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913,

930-931 (2005). Although “[t]he Copyright Act does not expressly render anyone liable for

infringement committed by another, these doctrines of secondary liability emerged from

common law principles and are well established in the law.” In Grokster, the Supreme

Court held that “one who distributes a device with the object of promoting its use to

infringe copyright, as shown by clear expression or other affirmative steps taken to foster

infringement, is liable for the resulting acts of infringement by third parties.” Evidence to

support an inducement theory includes, for example “advertisement[s] or solicitation[s] that

broadcast [] a message designed to stimulate others to commit violations.” Here, as

described above, there is substantial evidence that Defendant designed its application for

the purpose of giving its clients unauthorized access to ticketmaster.com; Defendant even

advertises its product as “stealth technology [that] lets you hide your IP address, so you

never get blocked by Ticketmaster” (original emphasis.) Designing and marketing a

device whose purpose is to allow unauthorized access to, and thus to infringe on, a

copyrighted website is sufficient to trigger contributory liability for infringement committed

by the device’s immediate users. See, e.g., Fonovisa, Inc. v. Cherry Auction, Inc., 76 F.3d

259, 264 (9th Cir. 1996) (stating that providing the site and facilities for known infringing

activity is sufficient to establish contributory liability, and quoting with approval 2 William

F. Patry, Copyright Law & Practice 1147, “Merely providing the means for infringement

may be sufficient” to incur contributory copyright liability.)

As discussed in the Background section, Plaintiff has presented examples of Defendant’s

clients making numerous ticket purchases and ticket requests using Defendant’s

applications and resources, including the examples of Bonner making more than 425,000

requests in a single day, and Prior making more than 600,000 requests in a single day, both

through IP addresses registered to Defendant. Requests so numerous cannot be made other

than with automated devices. Kovach testified how he used Defendant’s applications to

make automated ticket requests, and that Defendant made representatives available to

help him use its applications, circumvent Plaintiff’s security measures, and set up his

hardware for optimal use. Such uses infringe on Plaintiff’s copyrights for the reasons stated

above with regard to Defendant’s direct infringement.

Based on this evidence, the Court finds that Plaintiff is highly likely to prove that

Defendant induced or encouraged its clients’ direct infringement by providing them with

devices that gain them unauthorized access to and use of ticketmaster.com. Plaintiff is

187.

therefore highly likely to succeed in its claim against Defendant for contributory

infringement.

2. Plaintiff’s Claim Under the Digital Millennium Copyright Act

Plaintiff alleges that Defendant has violated the Digital Millennium Copyright Act

(“DMCA”), 17 U.S.C. § 1201 et seq., by trafficking in technological products, services,

devices, or components that are primarily designed to circumvent Plaintiff’s access control

and copy protection systems. Plaintiff’s Motion relies on two provisions of the DMCA.

First, Plaintiff claims Defendant is liable under section 1201(a)(2), which prohibits

trafficking in devices designed to circumvent “technological measure[s] that effectively

control[] access to a work protected under this title.” “A plaintiff alleging a violation of §

1201(a)(2) must prove: (1) ownership of a valid copyright on a work, (2) effectively

controlled by a technological measure, which has been circumvented, (3) that third parties

can now access (4) without authorization, in a manner that (5) infringes or facilitates

infringing a right protected by the Copyright Act, because of a product that (6) the

defendant either (i) designed or produced primarily for circumvention; (ii) made available

despite only limited commercial significance other than circumvention; or (iii) marketed for

use in circumvention of the controlling technological measure.”

The Court finds that Plaintiff is likely to prevail on its section 1201(a)(2) claim. Specifically,

as stated above, Plaintiff is likely to prove that (1) Plaintiff owns copyrights to

ticketmaster.com and specific portions thereof; (2) Plaintiff employs “technological

measures” such as CAPTCHA to block automated access to its copyrighted ticket purchase

pages; (3) Defendant’s customers are third parties who can now access those copyrighted

pages; (4) these parties access those pages without Plaintiff’s authorization; and (5) that

this access infringes Plaintiff’s rights because it entails copying those pages in excess of the

third parties’ license to do so; and (6)(i), (iii) these third parties have such access because of

Defendant’s products designed primarily for circumvention, and marketed for use in

circumvention of the controlling technological measure.

The majority of Defendant’s challenges to Plaintiff’s Motion on the DMCA claim are

repetitive of its arguments with regard to the copyright claim, and are unavailing for the

same reasons. The only unique arguments as to the DMCA claim are that CAPTCHA is not

a system or a program, but is simply an image, and that CAPTCHA is designed to regulate

ticket sales, not to regulate access to a copyrighted work.

First, the Court notes that the DMCA does not equate its use of the term “technological

measure” with Defendant’s terms “system” or “program.” In any case, Plaintiff has

submitted evidence that CAPTCHA is a technological measure that regulates access to a

copyrighted work. Although the DMCA does not appear to include a definition of the term,

it states that “a technological measure ‘effectively controls access to a work’ if the measure,

in the ordinary course of its operation, requires the application of information, or a process

or a treatment, with the authority of the copyright owner, to gain access to the work.” When

the user makes a ticket request on ticketmaster.com, CAPTCHA presents “a box with

stylized random characters partially obscured behind hash marks.” The user is required to

type the characters into an entry on the screen in order to proceed with the request. Most

automated devices cannot decipher and type the random characters and thus cannot

188.

proceed to the copyrighted ticket purchase pages. Thus, because CAPTCHA “in the ordinary

course of its operation, requires the application of information ... to gain access to the

work,” it is a technological measure that regulates access to a copyrighted work. Plaintiff is

therefore likely to prevail on its DMCA § 1201(a)(2) claim.

Section 1201(b)(1) similarly prohibits the trafficking of devices primarily designed or

produced for the purpose of circumventing “protection afforded by a technological measure

that effectively protects a right of a copyright owner under this title in a work or a portion

thereof.” Sections 1201(a)(2) and 1201(b)(1) differ only in that 1201(a)(2), by its terms,

makes it wrongful to traffic in devices that circumvent technological measures that control

access to protected works, while 1201(b)(1) makes it wrongful to traffic in devices that

circumvent technological measures that protect rights of a copyright owner in a work. Here,

CAPTCHA both controls access to a protected work because a user cannot proceed to

copyright protected webpages without solving CAPTCHA, and protects rights of a copyright

owner because, by preventing automated access to the ticket purchase webpage, CAPTCHA

prevents users from copying those pages. For the foregoing reasons, the Court finds that

Plaintiff is likely to prevail on its DMCA §§ 1201(a)(2) and 1201(b)(1) claims.

3. Plaintiff’s Breach of Contract Claim

Plaintiff argues that Defendant is breaching the ticketmaster.com Terms of Use in

numerous ways, and is therefore liable for breach of contract. The facts and issues that this

claim raises are the same as those raised by Plaintiff’s contention, in connection with its

copyright claims, that Defendant breached the Terms of Use. The Court addressed the

merits of that claim in its discussion of Plaintiff’s claim for copyright infringement, and

concluded that Plaintiff is highly likely to prove that use of ticketmaster.com is governed by

the Terms of Use; that Defendant was on notice of, and assented to, the Terms of Use; and

that Defendant violated the Terms of Use by using automated devices to access the website,

using an application that makes several requests per second (in violation of the provision

limiting the frequency of requests to no more than one every three seconds), and by using

an application designed to thwart Plaintiff’s access controls (which breaches the user’s

agreement to “not use any device, software or routine that interferes with the proper

working of the Site nor shall you attempt to interfere with the proper working of the Site.”).

The Court therefore finds that Plaintiff is therefore likely to prevail on its breach of

contract claim.

4. Plaintiff’s Computer Fraud and Abuse Act Claim

Plaintiff also argues that it is likely to prevail on its claim under the Computer Fraud and

Abuse Act (“CFAA”), 18 U.S.C. § 1030. Although the CFAA is a criminal statute, it permits

“any person who suffers damage or loss” through a violation of its provisions “to maintain a

civil action ... to obtain compensatory damages and injunctive relief or other equitable

relief.” To prevail on its CFAA claim, Plaintiff must demonstrate that Defendant

“intentionally accesse[d] a computer without authorization or exceed[ed] authorized access,

and thereby obtain[ed] information from any protected computer,” or that Defendant

“knowingly cause[d] the transmission of a program ... and ... cause [d] damage without

authorization to a protected computer.” Plaintiff must also demonstrate that Defendant’s

unauthorized access caused $5,000 in loss or damage during a one year period.

189.

It appears likely that Plaintiff will be able to prove that Defendant gained unauthorized

access to, and/or exceeded authorized access to, Plaintiff’s protected computers, and caused

damage thereby. Based on the statute and the cases Plaintiff cites, the Court also agrees

that the required $5,000 of harm may consist of harm to a computer system, and need not

be suffered by just one computer during one particular intrusion. However, because

Plaintiff has not quantified its harm as required by the statute or even attempted to show

what portion of the harm is attributable to Defendant, the Court cannot find that Plaintiff

has affirmatively shown that its harm caused by Defendant exceeds the $5,000 minimum.

Thus, the CFAA claim does not provide a basis for a preliminary injunction.

In light of the Court’s rulings on Plaintiff’s copyright, DMCA, and breach of contract claims,

the Court need not address whether Plaintiff is likely to succeed on its claims under

California Penal Code § 502, the fifth basis asserted for the preliminary injunction.

B. Irreparable Harm

Having determined that Plaintiff has a strong likelihood of success on the merits of its

copyright, DMCA, and breach of contract claims, the Court now addresses whether Plaintiff

has shown “the possibility of irreparable injury.”

For Plaintiff’s copyright claim, “a showing of a reasonable likelihood of success on the

merits raises a presumption of irreparable harm.” “A copyright holder seeking a

preliminary injunction is therefore not required to make an independent demonstration of

irreparable harm.” Here, because Plaintiff has shown a strong likelihood of success on the

merits of its copyright claim, the Court presumes irreparable harm. Defendant has done

nothing to rebut that presumption.

The Court also finds that Plaintiff has otherwise shown the possibility of irreparable harm

required to support the issuance of a preliminary injunction on its DMCA and breach of

contract claims. Specifically, Plaintiff has submitted extensive evidence demonstrating that

it is suffering a loss of goodwill with the buying public in that there is a growing public

perception that Plaintiff does not provide the public with a fair opportunity to buy tickets

due to automated purchases. Such evidence includes numerous complaints from consumers

about the unavailability of tickets, some of which demonstrate extreme dissatisfaction with

Plaintiff and indicate suspicions that Plaintiff is colluding with ticket brokers to deny

consumers tickets.5 Plaintiff has also submitted copies of consumer comments posted on

blogs expressing similar extreme dissatisfaction6 and evidence of numerous news stories

discussing the unavailability of tickets. For example, many of the news stories concern the

unavailability of tickets to concerts in Hannah Montana’s “Best of Both Worlds” tour. Based

on the reports, many parents expressed disappointed and outrage at Plaintiff because

5 Plaintiff’s brief quotes several of the complaints compiled in Exhibit 19. One such complaint states: “I would

like to know how within 20 seconds of a show going on sale I could not find ANY seats together at ANY price at

this event. However, there are gobs of them for sale on many different scalper sites. How is this possible and

why is this tolerated. The only explanation for this is that people inside TM are in cahoots with these criminals.

I would just like to know if there are any plans whatsoever to address this situation.” 6 For example, the following is a comment posted by someone who could not obtain tickets to a performance of

the rock group “Rush”: “I am absolutely irate about TicketBxxxxxd and its practices. As has been mentioned on

this site already, the whole process of getting tickets to concerts has gotten completely out of control with

scalpers, brokers, and God-knows-who-else trying to make a buck at the expense of fans.”

190.

tickets to many Hannah Montana concerts throughout the nation (Bossier City, Louisiana;

Miami, Florida; Atlanta, Georgia; and Kansas City, Missouri, for example) were snapped up

within several hours—and sometimes within minutes—of their release for sale. It also

appears that the public’s difficulty obtaining tickets to the Hannah Montana concerts was

so severe and created such an outcry that the Attorneys General of Missouri and Arkansas

initiated investigations into Plaintiff’s ticket selling practices….

Although the extent of Defendant’s culpability for this harm to Plaintiff’s goodwill cannot

yet be determined, it is likely that some of Defendant’s customers were able to obtain

tickets to such concerts by using Defendant’s applications. Given the alleged extent of

Defendant’s participation in the hundreds of thousands of automated ticket requests

wrongfully made of Plaintiff’s website, it is likely that Defendant’s conduct has caused, and

will continue to cause, some portion of Plaintiff’s loss of goodwill unless Defendant’s conduct

is enjoined. As a consequence of Plaintiff’s loss of consumer goodwill, Plaintiff also faces the

possibility of loss of goodwill and loss of business from its clients.

In this Circuit, intangible injuries, such as damage to goodwill, can constitute irreparable

harm. Plaintiff has also submitted evidence that it has attempted to use technological

countermeasures to prevent automated ticket requests, but that these efforts have had only

limited success. Thus, the Court is not persuaded by Defendant’s argument that Plaintiff’s

self-help measures (such as “blacklisting” IP addresses) are enough to prevent irreparable

harm and thus obviate the need for injunctive relief. In addition, the cost to Plaintiff of

developing and implementing such countermeasures is not easily calculable. For the

foregoing reasons, the Court finds that Plaintiff has demonstrated the possibility of

irreparable harm….

NOTES AND QUESTIONS

What exactly was Ticketmaster’s prima facie case of copyright infringement? Why did

RMG’s fair use defense fail?

Why wasn’t there sufficient damage to support the Computer Fraud & Abuse Act claim?

You probably aren’t sympathetic to RMG. But are you sympathetic to Ticketmaster?

Denouement. RMG ultimately defaulted, so Ticketmaster got a default judgment of $18.2M

in damages plus $350,000 in attorneys’ fees.

In 2016, Congress enacted the BOTS Act making it unlawful “to circumvent a security

measure, access control system, or other technological control or measure on an Internet

website or online service that is used by the ticket issuer to enforce posted event ticket

purchasing limits or to maintain the integrity of posted online ticket purchasing order

rules.” Several states have enacted analogous laws.

Ticketmaster, Redux. More than a decade after its RMG suit, Ticketmaster still sues ticket

brokers for automated purchases, using pretty much the same legal theories addressed in

the RMG case. For example, in one 2018 ruling, the court held:

191.

 Robots downloading (“browsing”) webpages likely qualify for fair use (citing Perfect

10 v. Amazon, which came out after the RMG case).

 Bypassing a CAPTCHA might still constitute a 1201 violation.

 Ticketmaster’s cease-and-desist letter wasn’t sufficient to revoke authorization to

access Ticketmaster’s servers for CFAA purposes (but that might be easily fixed

with a reworded letter), and Ticketmaster’s TOU didn’t delimit access (cites to

Facebook v. Power Ventures and the Nosal case).

 The California Penal Code 502 claim failed for the same reason.

 The TOU’s liquidated damages ($0.25 per page request or reserve request made in

excess of 1,000 pages or 800 reserve requests per 24-hour period) appeared

reasonable.

 Ticketmaster adequately alleged fraudulent account creation by alleging that “every

time Defendants created an account, they assented to the TOU with the intent to

breach the TOU by using bots and automated software to purchase large quantities

of tickets.”

Ticketmaster L.L.C. v. Prestige Entertainment, Inc., 306 F. Supp. 3d 1164 (C.D. Cal. 2018).

In the Prestige case, the defendants allegedly purchased 30-40% of Ticketmaster’s inventory

for certain shows. So despite a decade to develop new technology to fight the ticket brokers,

it seems like Ticketmaster still can’t defeat them. Why do you think that’s the case? What

should Ticketmaster do differently? Why hasn’t the BOTS Act solved this problem?

192.

VI. Trademarks and Domain Names

Trademark FAQs (from http://www.uspto.gov/web/offices/tac/tmfaq.htm on August 5,

2007) (omitted questions aren’t indicated)

What is a trademark?

A trademark includes any word, name, symbol, or device, or any combination, used, or

intended to be used, in commerce to identify and distinguish the goods of one manufacturer

or seller from goods manufactured or sold by others, and to indicate the source of the goods.

In short, a trademark is a brand name.

What is a service mark?

A service mark is any word, name, symbol, device, or any combination, used, or intended to

be used, in commerce, to identify and distinguish the services of one provider from services

provided by others, and to indicate the source of the services.

What is a certification mark?

A certification mark is any word, name, symbol, device, or any combination, used, or

intended to be used, in commerce with the owner’s permission by someone other than its

owner, to certify regional or other geographic origin, material, mode of manufacture,

quality, accuracy, or other characteristics of someone’s goods or services, or that the work or

labor on the goods or services was performed by members of a union or other organization.

What is a collective mark?

A collective mark is a trademark or service mark used, or intended to be used, in commerce,

by the members of a cooperative, an association, or other collective group or organization,

including a mark which indicates membership in a union, an association, or other

organization.

Do I have to register my trademark?

No, but federal registration has several advantages, including notice to the public of the

registrant’s claim of ownership of the mark, a legal presumption of ownership nationwide,

and the exclusive right to use the mark on or in connection with the goods or services set

forth in the registration.

What are the benefits of federal trademark registration?

1. Constructive notice nationwide of the trademark owner’s claim.

2. Evidence of ownership of the trademark.

3. Jurisdiction of federal courts may be invoked.

4. Registration can be used as a basis for obtaining registration in foreign countries.

5. Registration may be filed with U.S. Customs Service to prevent importation of infringing

foreign goods.

Are there federal regulations governing the use of the designations “TM” or “SM” with

trademarks?

No. Use of the symbols “TM” or “SM” (for trademark and service mark, respectively) may,

however, be governed by local, state, or foreign laws and the laws of the pertinent

jurisdiction must be consulted. These designations usually indicate that a party claims

rights in the mark and are often used before a federal registration is issued.

193.

When is it proper to use the federal registration symbol (the letter R enclosed within a circle

— ® — with the mark.

The federal registration symbol may be used once the mark is actually registered in the

U.S. Patent and Trademark Office. Even though an application is pending, the registration

symbol may not be used before the mark has actually become registered. The federal

registration symbol should only be used on goods or services that are the subject of the

federal trademark registration. [Note: Several foreign countries use the letter R enclosed

within a circle to indicate that a mark is registered in that country. Use of the symbol by

the holder of a foreign registration may be proper.]

What constitutes interstate commerce?

For goods, “Interstate commerce” involves sending the goods across state lines with the

mark displayed on the goods or the packaging for the goods. With services, “interstate

commerce” involves offering a service to those in another state or rendering a service which

affects interstate commerce (e.g. restaurants, gas stations, hotels, etc.).

Is a federal registration valid outside the United States?

No. However, if you are a qualified owner of a trademark application pending before the

USPTO, or of a registration issued by the USPTO, you may seek registration in any of the

countries that have joined the Madrid Protocol by filing a single application, called an

“international application,” with [the] International Bureau of the World Property

Intellectual Organization, through the USPTO….Also, certain countries recognize a United

States registration as a basis for filing an application to register a mark in those countries

under international treaties….

What are common law rights?

Federal registration is not required to establish rights in a trademark. Common law rights

arise from actual use of a mark. Generally, the first to either use a mark in commerce or file

an intent to use application with the Patent and Trademark Office has the ultimate right to

use and registration. However, there are many benefits of federal trademark registration.

CHAPTER 6 REVIEW QUESTION #1

Which of the following are potentially protectable as trademarks?

a) a domain name

b) a Twitter handle

c) a hashtag

d) a meme GIF

e) an emoji

f) a celebrity’s name

194.

Trademark Glossary

The Multi-Factor Likelihood of Confusion Test

The Ninth Circuit Model Civil Jury Instructions 15.16, 2016 version (sometimes called the

Sleekcraft factors):

You must consider whether the defendant’s use of the trademark is likely to

cause confusion about the source of the plaintiff’s or the defendant’s goods.

…As you consider the likelihood of confusion you should examine the

following:

1. Strength or Weakness of the Plaintiff’s Mark. The more the consuming

public recognizes the plaintiff’s trademark as an indication of origin of the

plaintiff’s goods, the more likely it is that consumers would be confused about

the source of the defendant’s goods if the defendant uses a similar mark.

2. Defendant’s Use of the Mark. If the defendant and plaintiff use their

trademarks on the same, related, or complementary kinds of goods there may

be a greater likelihood of confusion about the source of the goods than

otherwise.

3. Similarity of Plaintiff’s and Defendant’s Marks. If the overall impression

created by the plaintiff’s trademark in the marketplace is similar to that

created by the defendant’s trademark in [appearance] [sound] [or] [meaning],

there is a greater chance [that consumers are likely to be confused by

defendant’s use of a mark] [of likelihood of confusion]. [Similarities in

appearance, sound or meaning weigh more heavily than differences in finding

the marks are similar.]

4. Actual Confusion. If use by the defendant of the plaintiff’s trademark has

led to instances of actual confusion, this strongly suggests a likelihood of

confusion. However actual confusion is not required for a finding of likelihood

of confusion. Even if actual confusion did not occur, the defendant’s use of the

trademark may still be likely to cause confusion. As you consider whether the

trademark used by the defendant creates for consumers a likelihood of

confusion with the plaintiff’s trademark, you should weigh any instances of

actual confusion against the opportunities for such confusion. If the instances

of actual confusion have been relatively frequent, you may find that there has

been substantial actual confusion. If, by contrast, there is a very large volume

of sales, but only a few isolated instances of actual confusion you may find

that there has not been substantial actual confusion.

5. Defendant’s Intent. Knowing use by defendant of the plaintiff’s trademark

to identify similar goods may strongly show an intent to derive benefit from

the reputation of the plaintiff’s mark, suggesting an intent to cause a

likelihood of confusion. On the other hand, even in the absence of proof that

the defendant acted knowingly, the use of plaintiff’s trademark to identify

similar goods may indicate a likelihood of confusion.

195.

6. Marketing/Advertising Channels. If the plaintiff’s and defendant’s [goods]

[services] are likely to be sold in the same or similar stores or outlets, or

advertised in similar media, this may increase the likelihood of confusion.

7. Consumer’s Degree of Care. The more sophisticated the potential buyers of

the goods or the more costly the goods, the more careful and discriminating

the reasonably prudent purchaser exercising ordinary caution may be. They

may be less likely to be confused by similarities in the plaintiff’s and

defendant’s trademarks.

8. Product Line Expansion. When the parties’ products differ, you may

consider how likely the plaintiff is to begin selling the products for which the

defendant is using the plaintiff’s trademark. If there is a strong possibility of

expanding into the other party’s market, there is a greater likelihood of

confusion.

[9. Other Factors. Any other factors that bear on likelihood of confusion.]

Dilution

To establish a federal trademark dilution claim, a plaintiff must show:

(1) its mark is “famous,” defined as “widely recognized by the general consuming public of

the United States.” Some factors to help evaluate fame:

 the mark owner’s advertising/publicity duration/extent/geographic reach

 the mark owner’s amount/volume/geographic extent of sales

 the mark’s actual recognition

 if the mark has a federal trademark registration

(2) defendant used the mark in commerce

(3) defendant’s use of the mark began after the mark became famous

(4) the mark suffers a likelihood of dilution, as evidenced by either

(a) blurring = the defendant’s activity impairs the mark’s distinctiveness (factors:

mark similarity; level of distinctiveness; degree of exclusivity; level of recognition), or

(b) tarnishment = the defendant’s activity harms the mark’s reputation

Nominative Use (from New Kids on the Block v. News America Publishing, 971 F.2d 302

(9th Cir. 1992)):

The Ninth Circuit’s elements of a nominative use defense:

(1) “the product or service in question must be one not readily identifiable without use of

the trademark,”

(2) “only so much of the mark or marks may be used as is reasonably necessary to identify

the product or service,” and

(3) “the user must do nothing that would, in conjunction with the mark, suggest

sponsorship or endorsement by the trademark holder”

196.

Uniform Dispute Resolution Procedure Standards

The elements of a successful UDPR action:

(1) the domain name is confusing similar (or identical) to a third party’s mark

(2) the registrant has no legitimate interests in the name. However, the registrant can show

legitimate rights by:

 actual or planned bona fide offering of goods/services;

 it is commonly known by the domain name; or

 making a legitimate noncommercial or fair use without intent for commercial gain,

misleading diversion of traffic, or dilution.

(3) the name is being used in bad faith, such as:

 the registrant acquired the name for profitable resale;

 the registrant registered the name to block the legitimate TM owner if a pattern can

be shown;

 the registrant acquired name to disrupt a competitor; or

 name is intended to attract attention to site by creating a likelihood of confusion.

Anticybersquatting Consumer Protection Act

The elements of a federal ACPA claim:

(1) The domain name registrant registers a domain name containing a third party

trademark

(2) The registrant has a bad faith intent to profit from the domain name. Some factors that

might show or negate bad faith

 the registrant’s IP rights in the domain name

 if the domain name contains the registrant’s real name

 the use of the domain name in a bona fide offering of goods/services

 a bona fide noncommercial or fair use of the domain name

 an intent to divert consumers in a way that harms the trademark owner’s goodwill

 an offer to sell the domain name without having used it for a bona fide offering of

goods/services

 providing false contact info

 multiple bogus registrations

 distinctiveness/famousness of the mark

(3) The registrant registers, traffics in or uses a domain name that is identical or

confusingly similar to the mark or, in the case of a famous mark, dilutes it.

197.

The next case is one of the leading cases involving “gripers,” individuals who express their

frustrations about a company or individual using online channels. Ken Hamidi, from the

Intel v. Hamidi case, was also a griper.

In the 2000s, gripers built disparaging websites at a domain name containing their griping

target’s name—sometimes using name verbatim, sometimes followed by the “sucks” suffix.

Such griping practices are now rare. Nowadays, gripers more typically take their gripes to

review websites like Yelp or to social media. Services like Twitter and Facebook have their

own policies defining what they consider to be acceptable griping, and their house rules

play a large role in regulating griping.

The following case illustrates a trademark owner’s then-standard maneuvers to shut down

a domain name griper. After this ruling, anti-griper lawsuits have rarely succeeded in

court.

Lamparello v. Falwell, 420 F.3d 309 (4th Cir. 2005).

Christopher Lamparello appeals the district court’s order enjoining him from maintaining a

gripe website critical of Reverend Jerry Falwell. For the reasons stated below, we reverse.

I.

Reverend Falwell is “a nationally known minister who has been active as a commentator on

politics and public affairs.” He holds the common law trademarks “Jerry Falwell” and

“Falwell,” and the registered trademark “Listen America with Jerry Falwell.” Jerry Falwell

Ministries can be found online at “www.falwell.com,” a website which receives 9,000 hits (or

visits) per day.

Lamparello registered the domain name “www.fallwell.com” on February 11, 1999, after

hearing Reverend Falwell give an interview “in which he expressed opinions about gay

people and homosexuality that [Lamparello] considered ... offensive.” Lamparello created a

website at that domain name to respond to what he believed were “untruths about gay

people.” Lamparello’s website included headlines such as “Bible verses that Dr. Falwell

chooses to ignore” and “Jerry Falwell has been bearing false witness (Exodus 20:16) against

his gay and lesbian neighbors for a long time.” The site also contained in-depth criticism of

Reverend Falwell’s views. For example, the website stated:

Dr. Falwell says that he is on the side of truth. He says that he will preach

that homosexuality is a sin until the day he dies. But we believe that if the

reverend were to take another thoughtful look at the scriptures, he would

discover that they have been twisted around to support an anti-gay political

agenda ... at the expense of the gospel.

Although the interior pages of Lamparello’s website did not contain a disclaimer, the

homepage prominently stated, “This website is NOT affiliated with Jerry Falwell or his

ministry”; advised, “If you would like to visit Rev. Falwell’s website, you may click here”;

and provided a hyperlink to Reverend Falwell’s website.

198.

At one point, Lamparello’s website included a link to the Amazon.com webpage for a book

that offered interpretations of the Bible that Lamparello favored, but the parties agree that

Lamparello has never sold goods or services on his website. The parties also agree that

“Lamparello’s domain name and web site at www.fallwell.com,” which received only 200

hits per day, “had no measurable impact on the quantity of visits to [Reverend Falwell’s]

web site at www.falwell.com.”

Nonetheless, Reverend Falwell sent Lamparello letters in October 2001 and June 2003

demanding that he cease and desist from using www.fallwell.com or any variation of

Reverend Falwell’s name as a domain name. Ultimately, Lamparello filed this action

against Reverend Falwell and his ministries (collectively referred to hereinafter as

“Reverend Falwell”), seeking a declaratory judgment of noninfringement. Reverend Falwell

counter-claimed, alleging trademark infringement under 15 U.S.C. § 1114 (2000), false

designation of origin under 15 U.S.C. § 1125(a), unfair competition under 15 U.S.C. § 1126

and the common law of Virginia,1 and cybersquatting under 15 U.S.C. § 1125(d).

The parties stipulated to all relevant facts and filed cross-motions for summary judgment.

The district court granted summary judgment to Reverend Falwell, enjoined Lamparello

from using Reverend Falwell’s mark at www.fallwell.com, and required Lamparello to

transfer the domain name to Reverend Falwell. However, the court denied Reverend

Falwell’s request for statutory damages or attorney fees, reasoning that the “primary

motive” of Lamparello’s website was “to put forth opinions on issues that were contrary to

those of [Reverend Falwell]” and “not to take away monies or to profit.”

Lamparello appeals the district court’s order; Reverend Falwell cross-appeals the denial of

statutory damages and attorney fees. We review de novo a district court’s ruling on cross-

motions for summary judgment. See People for the Ethical Treatment of Animals v.

Doughney, 263 F.3d 359, 364 (4th Cir. 2001) [hereinafter “PETA”].

II.

We first consider Reverend Falwell’s claims of trademark infringement and false

designation of origin.

A….

Both infringement and false designation of origin have five elements. To prevail under

either cause of action, the trademark holder must prove:

(1) that it possesses a mark; (2) that the [opposing party] used the mark; (3)

that the [opposing party’s] use of the mark occurred “in commerce”; (4) that

the [opposing party] used the mark “in connection with the sale, offering for

1 …because “[t]he test for trademark infringement and unfair competition under the Lanham Act is essentially

the same as that for common law unfair competition under Virginia law because both address the likelihood of

confusion as to the source of the goods or services involved,” Reverend Falwell’s state-law unfair competition

claim rises or falls with his federal claims of infringement and false designation of origin. Therefore, we will not

analyze his state-law claim separately.

199.

sale, distribution, or advertising” of goods or services; and (5) that the

[opposing party] used the mark in a manner likely to confuse consumers.

Trademark law serves the important functions of protecting product identification,

providing consumer information, and encouraging the production of quality goods and

services. See Qualitex Co. v. Jacobson Prods. Co., 514 U.S. 159, 164 (1995). But protections

“‘against unfair competition’” cannot be transformed into “‘rights to control language.’”

“Such a transformation” would raise serious First Amendment concerns because it would

limit the

ability to discuss the products or criticize the conduct of companies that may

be of widespread public concern and importance. Much useful social and

commercial discourse would be all but impossible if speakers were under

threat of an infringement lawsuit every time they made reference to a person,

company or product by using its trademark.

Lamparello and his amici argue at length that application of the Lanham Act must be

restricted to “commercial speech” to assure that trademark law does not become a tool for

unconstitutional censorship. The Sixth Circuit has endorsed this view, see Taubman Co. v.

Webfeats, 319 F.3d 770, 774 (6th Cir. 2003), and the Ninth Circuit recently has done so as

well, see Bosley Med. Inst., Inc. v. Kremer, 403 F.3d 672, 674 (9th Cir. 2005).

In its two most significant recent amendments to the Lanham Act, the Federal Trademark

Dilution Act of 1995 (“FTDA”) and the Anticybersquatting Consumer Protection Act of 1999

(“ACPA”), Congress left little doubt that it did not intend for trademark laws to impinge the

First Amendment rights of critics and commentators. The dilution statute applies to only a

“commercial use in commerce of a mark,” and explicitly states that the “[n]oncommercial

use of a mark” is not actionable. Congress explained that this language was added to

“adequately address [] legitimate First Amendment concerns,” and “incorporate[d] the

concept of ‘commercial’ speech from the ‘commercial speech’ doctrine.” Similarly, Congress

directed that in determining whether an individual has engaged in cybersquatting, the

courts may consider whether the person’s use of the mark is a “bona fide noncommercial or

fair use.” The legislature believed this provision necessary to “protect[] the rights of

Internet users and the interests of all Americans in free speech and protected uses of

trademarked names for such things as parody, comment, criticism, comparative

advertising, news reporting, etc.”

In contrast, the trademark infringement and false designation of origin provisions of the

Lanham Act (Sections 32 and 43(a), respectively) do not employ the term “noncommercial.”

They do state, however, that they pertain only to the use of a mark “in connection with the

sale, offering for sale, distribution, or advertising of any goods or services,” or “in connection

with any goods or services.” But courts have been reluctant to define those terms narrowly.2

Rather, as the Second Circuit has explained, “[t]he term ‘services’ has been interpreted

broadly” and so “[t]he Lanham Act has ... been applied to defendants furnishing a wide

variety of non-commercial public and civic benefits.” Similarly, in PETA we noted that a

website need not actually sell goods or services for the use of a mark in that site’s domain

2 Indeed, Lamparello agreed at oral argument that the Lanham Act’s prohibitions on infringement and false

designation apply to more than just commercial speech as defined by the Supreme Court.

200.

name to constitute a use “‘in connection with’ goods or services.” PETA, 263 F.3d at 365; see

also Taubman Co., 319 F.3d at 775 (concluding that website with two links to websites of

for-profit entities violated the Lanham Act).

Thus, even if we accepted Lamparello’s contention that Sections 32 and 43(a) of the

Lanham Act apply only to commercial speech, we would still face the difficult question of

what constitutes such speech under those provisions. In the case at hand, we need not

resolve that question or determine whether Sections 32 and 43(a) apply exclusively to

commercial speech because Reverend Falwell’s claims of trademark infringement and false

designation fail for a more obvious reason. The hallmark of such claims is a likelihood of

confusion—and there is no likelihood of confusion here.

B.

1.

“[T]he use of a competitor’s mark that does not cause confusion as to source is permissible.”

Accordingly, Lamparello can only be liable for infringement and false designation if his use

of Reverend Falwell’s mark would be likely to cause confusion as to the source of the

website found at www.fallwell.com. This likelihood-of-confusion test “generally strikes a

comfortable balance” between the First Amendment and the rights of markholders.

We have identified seven factors helpful in determining whether a likelihood of confusion

exists as to the source of a work, but “not all these factors are always relevant or equally

emphasized in each case.” The factors are: “(a) the strength or distinctiveness of the mark;

(b) the similarity of the two marks; (c) the similarity of the goods/services the marks

identify; (d) the similarity of the facilities the two parties use in their businesses; (e) the

similarity of the advertising used by the two parties; (f) the defendant’s intent; (g) actual

confusion.”

Reverend Falwell’s mark is distinctive, and the domain name of Lamparello’s website,

www.fallwell.com, closely resembles it. But, although Lamparello and Reverend Falwell

employ similar marks online, Lamparello’s website looks nothing like Reverend Falwell’s;

indeed, Lamparello has made no attempt to imitate Reverend Falwell’s website. Moreover,

Reverend Falwell does not even argue that Lamparello’s website constitutes advertising or

a facility for business, let alone a facility or advertising similar to that of Reverend Falwell.

Furthermore, Lamparello clearly created his website intending only to provide a forum to

criticize ideas, not to steal customers.

Most importantly, Reverend Falwell and Lamparello do not offer similar goods or services.

Rather they offer opposing ideas and commentary. Reverend Falwell’s mark identifies his

spiritual and political views; the website at www.fallwell.com criticizes those very views.

After even a quick glance at the content of the website at www.fallwell.com, no one seeking

Reverend Falwell’s guidance would be misled by the domain name—www.fallwell.com—

into believing Reverend Falwell authorized the content of that website. No one would

believe that Reverend Falwell sponsored a site criticizing himself, his positions, and his

interpretations of the Bible.3

3 If Lamparello had neither criticized Reverend Falwell by name nor expressly rejected Reverend Falwell’s

teachings, but instead simply had quoted Bible passages and offered interpretations of them subtly different

201.

Finally, the fact that people contacted Reverend Falwell’s ministry to report that they

found the content at www.fallwell.com antithetical to Reverend Falwell’s views does not

illustrate, as Reverend Falwell claims, that the website engendered actual confusion. To the

contrary, the anecdotal evidence Reverend Falwell submitted shows that those searching

for Reverend Falwell’s site and arriving instead at Lamparello’s site quickly realized that

Reverend Falwell was not the source of the content therein.

For all of these reasons, it is clear that the undisputed record evidences no likelihood of

confusion. In fact, Reverend Falwell even conceded at oral argument that those viewing the

content of Lamparello’s website probably were unlikely to confuse Reverend Falwell with

the source of that material.

2.

Nevertheless, Reverend Falwell argues that he is entitled to prevail under the “initial

interest confusion” doctrine. This relatively new and sporadically applied doctrine holds

that “the Lanham Act forbids a competitor from luring potential customers away from a

producer by initially passing off its goods as those of the producer’s, even if confusion as to

the source of the goods is dispelled by the time any sales are consummated.” According to

Reverend Falwell, this doctrine requires us to compare his mark with Lamparello’s website

domain name, www.fallwell.com, without considering the content of Lamparello’s website.

Reverend Falwell argues that some people who misspell his name may go to

www.fallwell.com assuming it is his site, thus giving Lamparello an unearned audience—

albeit one that quickly disappears when it realizes it has not reached Reverend Falwell’s

site. This argument fails for two reasons.

First, we have never adopted the initial interest confusion theory; rather, we have followed

a very different mode of analysis, requiring courts to determine whether a likelihood of

confusion exists by “examin[ing] the allegedly infringing use in the context in which it is

seen by the ordinary consumer.”

Contrary to Reverend Falwell’s arguments, we did not abandon this approach in PETA. Our

inquiry in PETA was limited to whether Doughney’s use of the domain name

“www.peta.org” constituted a successful enough parody of People for the Ethical Treatment

of Animals that no one was likely to believe www.peta.org was sponsored or endorsed by

that organization. For a parody to be successful, it “must convey two simultaneous—and

contradictory—messages: that it is the original, but also that it is not the original and is

instead a parody.” Doughney argued that his domain name conveyed the first message (that

it was PETA’s website) and that the content of his website conveyed the requisite second

message (that it was not PETA’s site). Although “[t]he website’s content ma[de] it clear that

it [wa]s not related to PETA,” we concluded that the website’s content could not convey the

requisite second message because the site’s content “[wa]s not conveyed simultaneously

with the first message, [i.e., the domain name itself,] as required to be considered a parody.”

Accordingly, we found the “district court properly rejected Doughney’s parody defense.”

from those of Reverend Falwell, this would be a different case. For, while a gripe site, or a website dedicated to

criticism of the markholder, will seldom create a likelihood of confusion, a website purporting to be the official

site of the markholder and, for example, articulating positions that could plausibly have come from the

markholder may well create a likelihood of confusion.

202.

PETA simply outlines the parameters of the parody defense; it does not adopt the initial

interest confusion theory or otherwise diminish the necessity of examining context when

determining whether a likelihood of confusion exists. Indeed, in PETA itself, rather than

embracing a new approach, we reiterated that “[t]o determine whether a likelihood of

confusion exists, a court should not consider how closely a fragment of a given use

duplicates the trademark, but must instead consider whether the use in its entirety creates a

likelihood of confusion.” (emphasis added). When dealing with domain names, this means a

court must evaluate an allegedly infringing domain name in conjunction with the content of

the website identified by the domain name.4

Moreover, even if we did endorse the initial interest confusion theory, that theory would not

assist Reverend Falwell here because it provides no basis for liability in circumstances such

as these. The few appellate courts that have followed the Ninth Circuit and imposed

liability under this theory for using marks on the Internet have done so only in cases

involving a factor utterly absent here—one business’s use of another’s mark for its own

financial gain.

Profiting financially from initial interest confusion is thus a key element for imposition of

liability under this theory.5 When an alleged infringer does not compete with the

markholder for sales, “some initial confusion will not likely facilitate free riding on the

goodwill of another mark, or otherwise harm the user claiming infringement. Where

confusion has little or no meaningful effect in the marketplace, it is of little or no

consequence in our analysis.” For this reason, even the Ninth Circuit has stated that a firm

is not liable for using another’s mark in its domain name if it “could not financially

capitalize on [a] misdirected consumer [looking for the markholder’s site] even if it so

desired.”

This critical element—use of another firm’s mark to capture the markholder’s customers

and profits—simply does not exist when the alleged infringer establishes a gripe site that

criticizes the markholder. See Hannibal Travis, The Battle For Mindshare: The Emerging

Consensus that the First Amendment Protects Corporate Criticism and Parody on the

Internet, 10 VA. J.L. & TECH. 3, 85 (Winter 2005) (“The premise of the ‘initial interest’

confusion cases is that by using the plaintiff’s trademark to divert its customers, the

defendant is engaging in the old ‘bait and switch.’ But because ... Internet users who find

[gripe sites] are not sold anything, the mark may be the ‘bait,’ but there is simply no

‘switch.’”) (citations omitted).6 Applying the initial interest confusion theory to gripe sites

4 Contrary to Reverend Falwell’s suggestions, this rule does not change depending on how similar the domain

name or title is to the mark. Hence, Reverend Falwell’s assertion that he objects only to Lamparello using the

domain name www.fallwell.com and has no objection to Lamparello posting his criticisms at

“www.falwelliswrong.com,” or a similar domain name, does not entitle him to a different evaluation rule. Rather

it has long been established that even when alleged infringers use the very marks at issue in titles, courts look

to the underlying content to determine whether the titles create a likelihood of confusion as to source. 5 Offline uses of marks found to cause actionable initial interest confusion also have involved financial gain. And

even those courts recognizing the initial interest confusion theory of liability but finding no actionable initial

confusion involved one business’s use of another’s mark for profit. 6 Although the appellate courts that have adopted the initial interest confusion theory have only applied it to

profit-seeking uses of another’s mark, the district courts have not so limited the application of the theory.

Without expressly referring to this theory, two frequently-discussed district court cases have held that using

another’s domain name to post content antithetical to the markholder constitutes infringement. See Planned

203.

like Lamparello’s would enable the markholder to insulate himself from criticism—or at

least to minimize access to it. We have already condemned such uses of the Lanham Act,

stating that a markholder cannot “‘shield itself from criticism by forbidding the use of its

name in commentaries critical of its conduct.’” “[J]ust because speech is critical of a

corporation and its business practices is not a sufficient reason to enjoin the speech.”

In sum, even if we were to accept the initial interest confusion theory, that theory would

not apply in the case at hand. Rather, to determine whether a likelihood of confusion exists

as to the source of a gripe site like that at issue in this case, a court must look not only to

the allegedly infringing domain name, but also to the underlying content of the website.

When we do so here, it is clear, as explained above, that no likelihood of confusion exists.

Therefore, the district court erred in granting Reverend Falwell summary judgment on his

infringement, false designation, and unfair competition claims.

III.

We evaluate Reverend Falwell’s cybersquatting claim separately because the elements of a

cybersquatting violation differ from those of traditional Lanham Act violations. To prevail

on a cybersquatting claim, Reverend Falwell must show that Lamparello: (1) “had a bad

faith intent to profit from using the [www.fallwell.com] domain name,” and (2) the domain

name www.fallwell.com “is identical or confusingly similar to, or dilutive of, the distinctive

and famous [Falwell] mark.”

“The paradigmatic harm that the ACPA was enacted to eradicate” is “the practice of

cybersquatters registering several hundred domain names in an effort to sell them to the

legitimate owners of the mark.” Lucas Nursery & Landscaping, Inc. v. Grosse, 359 F.3d

806, 810 (6th Cir. 2004). The Act was also intended to stop the registration of multiple

marks with the hope of selling them to the highest bidder, “distinctive marks to defraud

consumers” or “to engage in counterfeiting activities,” and “well-known marks to prey on

consumer confusion by misusing the domain name to divert customers from the mark

owner’s site to the cybersquatter’s own site, many of which are pornography sites that

derive advertising revenue based on the number of visits, or ‘hits,’ the site receives.” S.Rep.

No. 106-140. The Act was not intended to prevent “noncommercial uses of a mark, such as

for comment, criticism, parody, news reporting, etc.,” and thus they “are beyond the scope”

of the ACPA.

To distinguish abusive domain name registrations from legitimate ones, the ACPA directs

courts to consider nine nonexhaustive factors [the court then quotes the statute]….

These factors attempt “to balance the property interests of trademark owners with the

legitimate interests of Internet users and others who seek to make lawful uses of others’

Parenthood Fed’n of Am., Inc. v. Bucci, 1997 WL 133313 (S.D.N.Y. March 24, 1997), aff’d, 152 F.3d 920 (2d Cir.

1998) (table) (finding use of domain name “www.plannedparenthood.com” to provide links to passages of anti-

abortion book constituted infringement); Jews for Jesus v. Brodsky, 993 F. Supp. 282 (D. N.J. 1998), aff’d, 159

F.3d 1351 (3d Cir. 1998) (table) (finding use of “www.jewsforjesus.org” to criticize religious group constituted

infringement). We think both cases were wrongly decided to the extent that in determining whether the domain

names were confusing, the courts did not consider whether the websites’ content would dispel any confusion. In

expanding the initial interest confusion theory of liability, these cases cut it off from its moorings to the

detriment of the First Amendment.

204.

marks, including for purposes such as comparative advertising, comment, criticism, parody,

news reporting, fair use, etc.” H.R. Rep. No. 106-412 (emphasis added). “The first four

[factors] suggest circumstances that may tend to indicate an absence of bad-faith intent to

profit from the goodwill of a mark, and the others suggest circumstances that may tend to

indicate that such bad-faith intent exists.” Id. However, “[t]here is no simple formula for

evaluating and weighing these factors. For example, courts do not simply count up which

party has more factors in its favor after the evidence is in.” In fact, because use of these

listed factors is permissive, “[w]e need not ... march through” them all in every case. “The

factors are given to courts as a guide, not as a substitute for careful thinking about whether

the conduct at issue is motivated by a bad faith intent to profit.”

After close examination of the undisputed facts involved in this case, we can only conclude

that Reverend Falwell cannot demonstrate that Lamparello “had a bad faith intent to profit

from using the [www.fallwell.com] domain name.” Lamparello clearly employed

www.fallwell.com simply to criticize Reverend Falwell’s views. Factor IV of the ACPA

counsels against finding a bad faith intent to profit in such circumstances because “use of a

domain name for purposes of ... comment, [and] criticism,” constitutes a “bona fide

noncommercial or fair use” under the statute.7 That Lamparello provided a link to an

Amazon.com webpage selling a book he favored does not diminish the communicative

function of his website. The use of a domain name to engage in criticism or commentary

“even where done for profit” does not alone evidence a bad faith intent to profit, H.R. Rep.

No. 106-412, and Lamparello did not even stand to gain financially from sales of the book at

Amazon.com. Thus factor IV weighs heavily in favor of finding Lamparello lacked a bad

faith intent to profit from the use of the domain name.

Equally important, Lamparello has not engaged in the type of conduct described in the

statutory factors as typifying the bad faith intent to profit essential to a successful

cybersquatting claim. First, we have already held that Lamparello’s domain name does not

create a likelihood of confusion as to source or affiliation. Accordingly, Lamparello has not

engaged in the type of conduct—“creating a likelihood of confusion as to the source,

sponsorship, affiliation, or endorsement of the site”—described as an indicator of a bad faith

intent to profit in factor V of the statute.

Factors VI and VIII also counsel against finding a bad faith intent to profit here.

Lamparello has made no attempt—or even indicated a willingness—“to transfer, sell, or

otherwise assign the domain name to [Reverend Falwell] or any third party for financial

gain.” Similarly, Lamparello has not registered “multiple domain names”; rather, the record

indicates he has registered only one. Thus, Lamparello’s conduct is not of the suspect

variety described in factors VI and VIII of the Act.

Notably, the case at hand differs markedly from those in which the courts have found a bad

faith intent to profit from domain names used for websites engaged in political commentary

7 We note that factor IV does not protect a faux noncommercial site, that is, a noncommercial site created by the

registrant for the sole purpose of avoiding liability under the FTDA, which exempts noncommercial uses of

marks, or under the ACPA. As explained by the Senate Report discussing the ACPA, an individual cannot avoid

liability for registering and attempting to sell a hundred domain names incorporating famous marks by posting

noncommercial content at those domain names. But Lamparello’s sole purpose for registering www.fallwell.com

was to criticize Reverend Falwell, and this noncommercial use was not a ruse to avoid liability. Therefore, factor

IV indicates that Lamparello did not have a bad faith intent to profit.

205.

or parody. For example, in PETA we found the registrant of www.peta.org engaged in

cybersquatting because www.peta.org was one of fifty to sixty domain names Doughney had

registered and because Doughney had evidenced a clear intent to sell www.peta.org to

PETA, stating that PETA should try to “‘settle’ with him and ‘make him an offer.’”

Similarly, in Coca-Cola Co. v. Purdy, 382 F.3d 774 (8th Cir. 2004), the Eighth Circuit found

an anti-abortion activist who had registered domain names incorporating famous marks

such as “Washington Post” liable for cybersquatting because he had registered almost

seventy domain names, had offered to stop using the Washington Post mark if the

newspaper published an opinion piece by him on its editorial page, and posted content that

created a likelihood of confusion as to whether the famous markholders sponsored the anti-

abortion sites and “ha[d] taken positions on hotly contested issues.” In contrast, Lamparello

did not register multiple domain names, he did not offer to transfer them for valuable

consideration, and he did not create a likelihood of confusion.

Instead, Lamparello, like the plaintiffs in two cases recently decided by the Fifth and Sixth

Circuits, created a gripe site. Both courts expressly refused to find that gripe sites located

at domain names nearly identical to the marks at issue violated the ACPA. In TMI, Inc. v.

Maxwell, 368 F.3d 433, 434-35 (5th Cir. 2004), Joseph Maxwell, a customer of homebuilder

TMI, registered the domain name “www.trendmakerhome.com,” which differed by only one

letter from TMI’s mark, TrendMaker Homes, and its domain name,

“www.trendmakerhomes.com.” Maxwell used the site to complain about his experience with

TMI and to list the name of a contractor whose work pleased him. After his registration

expired, Maxwell registered “www.trendmakerhome.info.” TMI then sued, alleging

cybersquatting. The Fifth Circuit reversed the district court’s finding that Maxwell violated

the ACPA, reasoning that his site was noncommercial and designed only “to inform

potential customers about a negative experience with the company.”

Similarly, in Lucas Nursery & Landscaping, a customer of Lucas Nursery registered the

domain name “www.lucasnursery.com” and posted her dissatisfaction with the company’s

landscaping services. Because the registrant, Grosse, like Lamparello, registered a single

domain name, the Sixth Circuit concluded that her conduct did not constitute that which

Congress intended to proscribe—i.e., the registration of multiple domain names. Noting

that Grosse’s gripe site did not create any confusion as to sponsorship and that she had

never attempted to sell the domain name to the markholder, the court found that Grosse’s

conduct was not actionable under the ACPA. The court explained: “One of the ACPA’s main

objectives is the protection of consumers from slick internet peddlers who trade on the

names and reputations of established brands. The practice of informing fellow consumers of

one’s experience with a particular service provider is surely not inconsistent with this

ideal.”

Like Maxwell and Grosse before him, Lamparello has not evidenced a bad faith intent to

profit under the ACPA. To the contrary, he has used www.fallwell.com to engage in the type

of “comment[][and] criticism” that Congress specifically stated militates against a finding of

bad faith intent to profit. And he has neither registered multiple domain names nor

attempted to transfer www.fallwell.com for valuable consideration. We agree with the Fifth

and Sixth Circuits that, given these circumstances, the use of a mark in a domain name for

a gripe site criticizing the markholder does not constitute cybersquatting.

206.

IV.

For the foregoing reasons, Lamparello, rather than Reverend Falwell, is entitled to

summary judgment on all counts. Accordingly, the judgment of the district court is reversed

and the case is remanded for entry of judgment for Lamparello.

NOTES AND QUESTIONS

Website Evolution. Lamparello’s website evolved substantially over the years. Screen shot

from October 1999:

207.

Screen shot from October 2002:

208.

Screen shot from July 2003:

Which (if any) of these screenshots would you find confusing if you visited the site for the

first time?

Case Prelude. Falwell did not sue Lamparello initially. Instead, Falwell initiated—and

won—a UDRP proceeding. See The Reverend Dr. Jerry L. Falwell and The Liberty Alliance

v. Lamparello International, #FA0310000198936, National Arbitration Forum, Nov. 20,

2003, https://www.adrforum.com/domaindecisions/198936.htm. To prevent the registrar

from transferring his domain name (the remedy of a successful UDRP proceeding),

Lamparello sued Falwell in federal court for a declaratory judgment. Per UDRP policy,

Lamparello’s lawsuit immediately froze the domain name transfer. Because Lamparello

brought Falwell into court, it was logical for Falwell to countersue Lamparello for

trademark infringement and ACPA.

Gripers and Commerciality. Often, 1990s and 2000s gripers registered

[trademarkowner]sucks.com, commonly called a “sucks site.” Instead of a “sucks site,”

Lamparello registered a misspelled version of Falwell’s last name. Nevertheless, most

209.

visitors to fallwell.com quickly realized that Lamparello was a griper. Why, then, did

Lamparello lose both his UDRP proceeding and at the district court?

Why does the court punt on the “use in commerce” question? Isn’t Lamparello’s site

obviously non-commercial? Lamparello had, at one point, an outlink to Amazon, but so

what? See Eric Goldman, Online Word of Mouth and Its Implications for Trademark Law,

in TRADEMARK LAW AND THEORY: A HANDBOOK OF CONTEMPORARY RESEARCH 404 (Graeme

B. Dinwoodie and Mark D. Janis eds.) (Edward Elgar Press, 2008).

In a 2015 griper case, the Fourth Circuit again struggled with a griper’s commerciality, or

lack thereof. The case involved the “NAACP” mark, which stands for the National

Association for the Advancement of Colored People, but the registrant promoted the

“National Association for the Abortion of Colored People.” The court relied on the Lanham

Act language that the defendant must use the mark “in connection with” goods and

services:

the [district] court held that because the Radiance article appeared in a

Google search for the term “NAACP,” it diverted “Internet users to Radiance’s

article as opposed to the NAACP’s websites,” which thereby created a

connection to the NAACP’s goods and services. But typically the use of the

mark has to be in connection with the infringer’s goods or services, not the

trademark holder’s. If the general rule was that the use of the mark merely

had to be in connection with the trademark holder’s goods or services, then

even the most offhand mention of a trademark holder’s mark could

potentially satisfy the “in connection with” requirement. That interpretation

would expand the requirement to the point that it would equal or surpass the

scope of the Lanham Act’s “in commerce” jurisdictional element….The

provision of mere “information services” without any commercial or

transactional component is speech – nothing more….

The article was just one piece of each Radiance website’s content, which was

comprised of articles, videos, and multimedia advocacy materials. That the

protected marks appear somewhere in the content of a website that includes

transactional components [such as a “donate” button] is not alone enough to

satisfy the “in connection with” element. To say it was would come too close to

an absolute rule that any social issues commentary with any transactional

component in the neighborhood enhanced the commentator’s risk of Lanham

Act liability.

The Radiance Foundation, Inc. v. National Association for the Advancement of

Colored People, 786 F.3d 316 (4th Cir. 2015). Another way to interpret this passage

is that the Fourth Circuit will make increasingly tortured efforts to distinguish its

mistaken precedent rather than expressly overturning it.

What Are We Fighting For? Two uncontroversial propositions: (1) Lamparello’s website got

a small amount of traffic, and (2) even if Lamparello could not post his critical remarks at

fallwell.com, he could freely publish those remarks elsewhere. Given this, why did Falwell

care about the domain name? Then again, why did Lamparello?

210.

Scope of the ACPA. With respect to the domain name news.google.com, “google” is the

second-level domain, “.com” is the top-level domain, and “news” is sometimes called the

third-level domain. The ACPA only applies to second-level domain names. It probably does

not apply to top-level domain names. See Del Monte International GMBH v. Del Monte

Corp., 995 F. Supp. 2d 1107 (C.D. Cal. 2014). The ACPA does not apply to third-level

domain names, other parts of a URL (see Patmont Motors v. Gateway Marine, 1997 WL

811770 (N.D. Cal. 1997)), email aliases, Twitter handles or other online identifiers. Given

the general decline in importance of second-level domain names, it’s possible that the

ACPA’s relevance is continuing to wane.

It is difficult to hold domain name registrars liable for ACPA violations. See Academy of

Motion Picture Arts and Sciences v. GoDaddy.com, Inc., 2015 WL 5311085 (C.D. Cal. 2015).

211.

The next case deals with a long-outdated practice called keyword metatag stuffing. It’s a

good example of how courts negatively react to “surreptitious” marketing practices, as well

as their constant struggles to understand Internet technology. Pay close attention to the

litigants’ business objectives and think about whether they achieved those goals.

Promatek Industries, Ltd. v. Equitrac Corp., 300 F.3d 808 (7th Cir. 2002).

This appeal concerns the propriety of a preliminary injunction in which one competitor,

Promatek, prevailed against another, Equitrac. The preliminary injunction was issued

without a hearing and Equitrac had to place language on its web page to remedy violations

of the Lanham Act. Equitrac now appeals that order and because the district court did not

abuse its discretion, we affirm.

I. BACKGROUND

Promatek and Equitrac are competitors in selling cost-recovery equipment. Equitrac’s

marketing department advised its web designer that certain words and phrases should be

used as metatags for Equitrac’s website.1 In response, the web designer placed the term

“Copitrack” in the contents of Equitrac’s website as a metatag.* Equitrac used the term as a

metatag because it provides maintenance and service on Copitrak equipment, a product

used in the cost-recovery business.2 Promatek holds the trademark for Copitrak, and once it

learned of Equitrac’s use of the term Copitrack in the metatag, it brought suit. After

learning of Promatek’s suit, Equitrac contacted all of the search engines known to it and

requested that they remove any link between the term Copitrack and Equitrac’s website.

Equitrac also removed the Copitrack metatag from its website.

Not satisfied with Equitrac’s remedial measures, Promatek sought a preliminary injunction

preventing Equitrac from using the term Copitrack in its website. After receiving materials

submitted by both parties, the district court granted Promatek’s motion for preliminary

1 [Quoting Brookfield for this definition:] Metatags are HTML [HyperText Markup Language] code intended to

describe the contents of the web site. There are different types of metatags, but those of principal concern to us

are the “description” and “keyword” metatags. The description metatags are intended to describe the web site;

the keyword metatags, at least in theory, contain keywords relating to the contents of the web site. The more

often a term appears in the metatags and in the text of the web page, the more likely it is that the web page will

be “hit” in a search for that keyword and the higher on the list of “hits” the web page will appear. * [Editor’s note: the site’s metatags from May 11, 2000]:

<head>

<BASE HREF=“http://www.equitrac.com/”>

<meta NAME=“description” CONTENT=“Equitrac Corporation is the global leader in

automated cost recovery and expense management solutions. The company’s System 4,

OfficeTrac, DebitLog, PAS and PrintLog software and Alpha hardware track, record and report

on print, copy, fax, postage and phone usage of office equipment.”>

<meta NAME=“keywords” CONTENT=“PrintLog, printing, tracking, copying, cost recovery,

billback, disbursements, clients, projects, printers, copiers, networking, hardcopy, vending,

accounting, reporting, billing, Equitrac, System 4, Copitrack, PAS, pcounter, xcounter,

uniprint, ocs, plotting, software, transactions, DebitLog, Telemetrac, Telemate, Officetrac,

Disbursemate, copy centers, HP, Xerox, Canon, Ricoh, Savin, Mita, Toshiba, Pitney, Metrics,

document, copies”>

<title>Equitrac Corporation</title>

<meta name=“Microsoft Border” content=“none”>

</head> 2 The parties agree that Equitrac meant to use the term “Copitrak” as its metatag rather than “Copitrack.”

212.

injunction. Under the terms of the injunction, Equitrac was directed to place language on

its web page informing consumers that any link between its website and Copitrack was in

error:

If you were directed to this site through the term “Copitrack,” that is in error

as there is no affiliation between Equitrac and that term. The mark

“Copitrak” is a registered trademark of Promatek Industries, Ltd., which can

be found at www.promatek.com or www.copitrak.com.

Equitrac appeals the issuance of the injunction, arguing that the ordered language will not

only inform consumers of its competitor, Promatek, but will encourage people to go to

Promatek’s website. Promatek counters that without this language, Equitrac will continue

to benefit, to Promatek’s detriment, from consumer internet searches containing the word

Copitrack. We conclude that the district court was correct in finding Promatek would suffer

a greater harm than Equitrac if corrective measures were not taken, and we affirm the

grant of the preliminary injunction.

II. ANALYSIS…

A. The District Court Was Correct in Granting the Injunction

1. Likelihood of success on the merits

Equitrac argues that because there was no likelihood of success on the merits of Promatek’s

Lanham Act claim, the district court erred in granting the preliminary injunction. In order

to prevail under the Lanham Act, 15 U.S.C. § 1125(a), Promatek must establish that

Copitrak is a protectable trademark and that Equitrac’s use of the term is likely to cause

confusion among consumers. Preregistration of Promatek’s Copitrak trademark is prima

facie evidence of the mark’s validity, which Equitrac does not dispute. Therefore, we turn to

the issue of whether consumers would be confused by Equitrac’s use of Copitrak as a

metatag.

In assessing the likelihood of consumer confusion, we consider: (1) the similarity between

the marks in appearance and suggestion, (2) the similarity of the products, (3) the area and

manner of concurrent use of the products, (4) the degree of care likely to be exercised by

consumers, (5) the strength of the plaintiff’s marks, (6) any evidence of actual confusion,

and (7) the defendant’s intent to palm off its goods as those of the plaintiff’s. None of these

factors are dispositive and the proper weight given to each will vary in each case. However,

the similarity of the marks, the defendant’s intent, and evidence of actual confusion are of

particular importance.

Given these factors, it is clear that Promatek has a fair likelihood of succeeding on the

merits of its Lanham Act claim. Although Promatek has not provided us with evidence

regarding the strength of its Copitrak mark or evidence of any actual consumer confusion,

the other factors weigh in its favor. First, not only are the marks Copitrack and Copitrak

similar, Equitrac admits that it meant to use the correct spelling of Copitrak in its metatag.

Second, Equitrac’s use of Copitrack refers to Promatek’s registered trademark, Copitrak.

Additionally, Equitrac and Promatek are direct competitors in the cost-recovery and cost-

213.

control equipment and services market. Most importantly, for purposes of this case,

however, is the degree of care to be exercised by consumers.

Although Equitrac claims that it did not intend to mislead consumers with respect to

Copitrak, the fact remains that there is a strong likelihood of consumer confusion as a

result of its use of the Copitrack metatag. The degree of care exercised by consumers could

lead to initial interest confusion. Initial interest confusion, which is actionable under the

Lanham Act, occurs when a customer is lured to a product by the similarity of the mark,

even if the customer realizes the true source of the goods before the sale is consummated.

The Ninth Circuit has dealt with initial interest confusion for websites and metatags and

held that placing a competitor’s trademark in a metatag creates a likelihood of confusion. In

Brookfield Communications, the court found that although consumers are not confused

when they reach a competitor’s website, there is nevertheless initial interest confusion.

This is true in this case, because by Equitrac’s placing the term Copitrack in its metatag,

consumers are diverted to its website and Equitrac reaps the goodwill Promatek developed

in the Copitrak mark. That consumers who are misled to Equitrac’s website are only briefly

confused is of little or no consequence. In fact, “that confusion as to the source of a product

or service is eventually dispelled does not eliminate the trademark infringement which has

already occurred.” What is important is not the duration of the confusion, it is the

misappropriation of Promatek’s goodwill. Equitrac cannot unring the bell. As the court in

Brookfield explained, “[u]sing another’s trademark in one’s metatags is much like posting a

sign with another’s trademark in front of one’s store.” Customers believing they are

entering the first store rather than the second are still likely to mill around before they

leave. The same theory is true for websites. Consumers who are directed to Equitrac’s

webpage are likely to learn more about Equitrac and its products before beginning a new

search for Promatek and Copitrak. Therefore, given the likelihood of initial consumer

confusion, the district court was correct in finding Promatek could succeed on the merits.

2. No adequate remedy at law

A plaintiff seeking a preliminary injunction must also prove that it has no adequate remedy

at law and as a result, will suffer irreparable harm if the injunction is not issued.

Furthermore, it is well settled that injuries arising from Lanham Act violations are

presumed to be irreparable, even if the plaintiff fails to demonstrate a business loss.

As has been discussed, Promatek has suffered injury to its consumer goodwill through

Equitrac’s use of Copitrack as a metatag and would have continued to suffer in the absence

of an injunction. This damage would have constituted irreparable harm for which Promatek

had no adequate remedy. Because of the difficulty in assessing the damages associated with

a loss of goodwill, the district court was correct in finding that Promatek lacked an

adequate remedy at law.

3. Balancing of the harms

The final factor we must consider is the balance of harms—the irreparable harm Equitrac

will suffer if the injunction is enforced weighed against the irreparable harm Promatek will

suffer if it is not. We must also consider the effect the injunction will have on the public. We

review a district court’s balancing of the harms for an abuse of discretion.

214.

In finding that the harm to Promatek as a result of denying the injunction outweighed the

harm to Equitrac in granting it, the district court found, and we agree, that without the

injunction, Equitrac would continue to attract consumers browsing the web by using

Promatek’s trademark, thereby acquiring goodwill that belongs to Promatek. In response,

Equitrac points out that even though it offers products for sale on its website, it has yet to

consummate a sale by this means. Furthermore, Equitrac claims that “consumers of

products and services provided by Equitrac and Promatek are sophisticated business people

who are not likely to be confused between Equitrac and Copitrak and are not likely to buy

based on a visit to a website.”

Although Equitrac claims that the language on its website is harmful because it alerts

consumers to Promatek’s website, it has not provided any evidence of customers it has lost

as a result of the remedial language. Indeed the remedial language on the website is more

informative than it is harmful. Equitrac’s speculative argument that Promatek may gain a

competitive advantage by inclusion of the remedial language is rejected. As to the public

interest, because the injunction prevents consumer confusion in the marketplace, the public

interest will be served as well. Accordingly, the strong likelihood of consumer confusion

weighs strongly in favor of issuing the injunction, and the district court did not abuse its

discretion in finding this to be the case.

B. No evidentiary hearing was needed….

Equitrac claims that the court should not have issued the preliminary injunction without a

hearing. Specifically, Equitrac argues that because the court failed to find, and did not

receive evidence to contradict, Equitrac’s position that it was entitled to advertise that it

was capable of servicing Copitrak equipment, Promatek’s motion for a preliminary

injunction should have been denied. Equitrac’s argument misses the point. What is relevant

to the preliminary injunction is not that Equitrac may advertise that it is capable of

servicing Copitrak. Equitrac is free to do so; it is also free to place comparison claims on its

website, or include press releases involving the litigation between Equitrac and Promatek.

It is Equitrac’s use of the term Copitrack in its metatag that is a prohibited practice because

of its potential for customer confusion. [Editor’s note: regarding this italicized language, see

below] Because Equitrac failed to demonstrate that its evidence would weaken Promatek’s

case, an evidentiary hearing was not necessary….

Promatek Industries, Ltd. v. Equitrac Corp., October 18, 2002 Amendment

The slip opinion of this Court issued on 8/13/02 is hereby amended as follows: On page 9,

the second-to-last sentence of the first paragraph (beginning “It is Equitrac’s use of the

term...”) should be removed and replaced with the following: “The problem here is not that

Equitrac, which repairs Promatek products, used Promatek’s trademark in its metatag, but

that it used that trademark in a way calculated to deceive consumers into thinking that

Equitrac was Promatek. Id.” Immediately following the sentence to be inserted above, the

following footnote should be inserted: “It is not the case that trademarks can never appear

in metatags, but that they may only do so where a legitimate use of the trademark is being

made.”

215.

NOTES AND QUESTIONS

Screen Shots. The Equitrac home page from May 2002—missing a few graphical elements,

but showing the disclaimer:

216.

Google’s 2001 search results for “Copitrak”:

Google’s 2001 search results for “Copitrack”:

217.

Who Won This Case? Think carefully about the parties’ stated objectives. We know

Promatek won the appellate ruling, but which party do you think better fulfilled its

apparent business objectives?

Non-Deceptive Metatag Usage? The court says that Equitrac loses because “it used that

trademark in a way calculated to deceive consumers into thinking that Equitrac was

Promatek.” How, exactly, did Equitrac’s use of the keyword metatags satisfy this standard?

For many years, courts routinely held that including a third party trademark in the

website’s metatags was per se infringing. In addition to the Promatek case, other federal

appellate cases supporting this proposition include Venture Tape Corp. v. McGills Glass

Warehouse. 540 F.3d 56 (1st Cir. 2008) and North American Medical Corp. v. Axiom

Worldwide, Inc. 522 F.3d 1211 (11th Cir. 2008).

Over time, courts questioned this outcome as it became clearer that search engines

generally ignore keyword metatags. See, e.g., Southern Snow Mfg. Inc. v. Sno Wizards

Holdings, Inc., 2011 WL 601639 (E.D. La. 2011); Sazerac Brands LLC v. Peristyle

LLC, 2017 WL 4558022 (E.D. Ky. 2017) (“Sazerac fails to explain why metatags should still

form the basis for Lanham Act liability in light of major search engines' change in policy”).

Still, even years after keyword metatags have become technologically irrelevant, courts

encountering keyword metatags can overreact. See adidas America, Inc. v. Skechers USA,

Inc., 890 F.3d 747 (9th Cir. 2018) (competitor’s use of keyword metatags created an

“inference” of an intent to confuse consumers).

218.

Keyword advertising generates tens of billions of dollars of revenue each year. There has

been particular angst about competitive keyword advertising, when a company buys the

trademark of its rival as a trigger to show its ads. The following ruling effectively confirmed

the legality of competitive keyword advertising.

Network Automation, Inc. v. Advanced Systems Concepts, Inc., 638 F.3d 1137 (9th

Cir. 2011)

“We must be acutely aware of excessive rigidity when applying the law in the

Internet context; emerging technologies require a flexible approach.”

Brookfield Commc’ns, Inc. v. West Coast Entm’t Corp., 174 F.3d 1036, 1054

(9th Cir. 1999).

Network Automation (“Network”) and Advanced Systems Concepts (“Systems”) are both in

the business of selling job scheduling and management software, and both advertise on the

Internet. Network sells its software under the mark AutoMate, while Systems’ product is

sold under the registered trademark ActiveBatch. Network decided to advertise its product

by purchasing certain keywords, such as “ActiveBatch,” which when keyed into various

search engines, most prominently Google and Microsoft Bing, produce a results page

showing “www.NetworkAutomation.com” as a sponsored link. Systems’ objection to

Network’s use of its trademark to interest viewers in Network’s website gave rise to this

trademark infringement action.

The district court was confronted with the question whether Network’s use of ActiveBatch

to advertise its products was a clever and legitimate use of readily available technology,

such as Google’s AdWords, or a likely violation of the Lanham Act, 15 U.S.C. § 1114. The

court found a likelihood of initial interest confusion by applying the eight factors we

established more than three decades ago in AMF Inc. v. Sleekcraft Boats, 599 F.2d 341 (9th

Cir. 1979), and reasoning that the three most important factors in “cases involving the

Internet” are (1) the similarity of the marks; (2) the relatedness of the goods; and (3) the

marketing channel used. The court therefore issued a preliminary injunction against

Network’s use of the mark ActiveBatch.

Mindful that the sine qua non of trademark infringement is consumer confusion, and that

the Sleekcraft factors are but a nonexhaustive list of factors relevant to determining the

likelihood of consumer confusion, we conclude that Systems’ showing of a likelihood of

confusion was insufficient to support injunctive relief. Therefore, we vacate the injunction

and reverse and remand.

I. FACTUAL AND PROCEDURAL BACKGROUND

Systems is a software engineering and consulting firm founded in 1981. It has used the

ActiveBatch trademark since 2000, and it procured federal registration of the mark in 2001.

Systems markets ActiveBatch software to businesses, which use the product to centralize

and manage disparate tasks. Network is a software company founded in 1997 under the

name Unisyn. Its signature product, AutoMate, also provides businesses with job

scheduling, event monitoring, and related services. Network has approximately 15,000 total

customers, and between 4,000 and 5,000 active customers, including Fortune 500

219.

companies and mid-sized and small firms. The cost of a license to use AutoMate typically

ranges from $995 to $10,995. There is no dispute that Network and Systems are direct

competitors, or that ActiveBatch and AutoMate are directly competing products.

Google AdWords is a program through which the search engine sells “keywords,” or search

terms that trigger the display of a sponsor’s advertisement. When a user enters a keyword,

Google displays the links generated by its own algorithm in the main part of the page, along

with the advertisements in a separate “sponsored links” section next to or above the

objective results. Multiple advertisers can purchase the same keyword, and Google charges

sponsors based on the number of times users click on an ad to travel from the search results

page to the advertiser’s own website. Network purchased “ActiveBatch” as a keyword from

Google AdWords and a comparable program offered by Microsoft’s Bing search engine.

As a result, consumers searching for business software who enter “ActiveBatch” as a search

term would locate a results page where the top objective results are links to Systems’ own

website and various articles about the product. In the “Sponsored Links” or “Sponsored

Sites” section of the page, above or to the right of the regular results, users see Network’s

advertisement, either alone or alongside Systems’ own sponsored link. The text of

Network’s advertisements begin with phrases such as “Job Scheduler,” “Intuitive Job

Scheduler,” or “Batch Job Scheduling,” and end with the company’s web site address,

www.NetworkAutomation.com. The middle line reads: “Windows Job Scheduling + Much

More. Easy to Deploy, Scalable. D/L Trial.”

220.

[Screenshot from the court’s opinion—apologies for the poor resolution]

221.

[Screenshot taken March 17, 2011]

On November 16, 2009, Systems demanded that Network cease and desist from using the

ActiveBatch mark in its search engine advertising, as it was not “authorized to use these

marks in commerce.” In a second letter, Systems explained that Network’s use of

ActiveBatch in its Google AdWords keyword advertising infringed Systems’ trademark

rights by deceiving customers into believing that Network’s software products were

affiliated with Systems’ products. Systems threatened litigation unless Network

immediately ceased all use of Systems’ mark, including removing the mark from the Google

AdWords Program. Network responded that its use of the ActiveBatch mark was non-

infringing as a matter of law, and filed this lawsuit seeking a declaratory judgment of non-

infringement. Systems counterclaimed on February 22, 2010, alleging trademark

infringement under the Lanham Act, 15 U.S.C. § 1114(1), and moved for a preliminary

injunction against Network’s use of the ActiveBatch mark pending trial.

The district court granted injunctive relief on April 30, 2010. Noting that the parties did not

dispute the validity or ownership of the ActiveBatch mark, the district court ruled that

Systems was likely to succeed in satisfying the Lanham Act’s “use in commerce”

requirement by showing that Network “used” the mark when it purchased advertisements

from search engines triggered by the term “ActiveBatch.” Applying the eight-factor

Sleekcraft test for source confusion, the district court emphasized three factors it viewed as

222.

significant for “cases involving the Internet”: the similarity of the marks, relatedness of the

goods or services, and simultaneous use of the Web as a marketing channel. The district

court concluded that all three factors favored Systems: Network used the identical mark to

sell a directly competing product, and both advertised on the Internet.

The district court also concluded that Systems’ mark was strong because, as a federally

registered trademark, ActiveBatch is presumptively distinctive. It concluded that the

degree of consumer care suggested likely confusion because “there is generally a low degree

of care exercised by Internet consumers.” Moreover, Network intentionally used Systems’

mark to advertise its own product. Finally, the district court noted that neither party

introduced evidence of actual confusion, and that the likelihood of product expansion was

not relevant.

The district court also analyzed whether Network infringed Systems’ mark by creating

initial interest confusion—as opposed to source confusion—which “occurs when the

defendant uses the plaintiff’s trademark in a manner calculated to capture initial consumer

attention, even though no actual sale is finally completed as a result of the confusion.”

Because the district court found that Network’s advertisements did not clearly divulge their

source, it concluded that consumers might be confused into unwittingly visiting Network’s

website, allowing the company to “impermissibly capitalize[] on [Systems’] goodwill.”

Based on its analysis of the Sleekcraft factors and its finding of likely initial interest

confusion, the district court concluded that Systems had a strong likelihood of success on

the merits of its trademark infringement claim. It then presumed a likelihood of irreparable

harm, and concluded that the balance of hardships and the public interest favored Systems.

Following entry of the preliminary injunction, Network timely appealed….

III. DISCUSSION…

To prevail on a claim of trademark infringement under the Lanham Act, 15 U.S.C. § 1114, a

party “must prove: (1) that it has a protectible ownership interest in the mark; and (2) that

the defendant’s use of the mark is likely to cause consumer confusion.”

Network does not contest the ownership or its use of the mark. We note that the district

court correctly found the prerequisite “use in commerce” in Network’s use of the mark to

purchase keywords to advertise its products for sale on the Internet. Previously we have

assumed, without expressly deciding, that the use of a trademark as a search engine

keyword that triggers the display of a competitor’s advertisement is a “use in commerce”

under the Lanham Act. See Playboy Enters., Inc. v. Netscape Commc’ns Corp., 354 F.3d

1020, 1024 (9th Cir. 2004); Brookfield, 174 F.3d at 1053. We now agree with the Second

Circuit that such use is a “use in commerce” under the Lanham Act. See Rescuecom Corp.

v. Google Inc., 562 F.3d 123, 127 (2d Cir. 2009) (holding that Google’s sale of trademarks as

search engine keywords is a use in commerce); see also J. THOMAS MCCARTHY, MCCARTHY

ON TRADEMARKS & UNFAIR COMPETITION §§ 23:11.50, 25:70:25 (4th ed. 2010) (suggesting

that cases taking a more restrictive view of “use” in this context are based on an erroneous

interpretation of the Lanham Act).

This case, therefore, turns on whether Network’s use of Systems’ trademark is likely to

cause consumer confusion. Network argues that its use of Systems’ mark is legitimate

223.

“comparative, contextual advertising” which presents sophisticated consumers with clear

choices. Systems characterizes Network’s behavior differently, accusing it of misleading

consumers by hijacking their attention with intentionally unclear advertisements. To

resolve this dispute we must apply the Sleekcraft test in a flexible manner, keeping in mind

that the eight factors it recited are not exhaustive, and that only some of them are relevant

to determining whether confusion is likely in the case at hand.

A.

In Sleekcraft, we…identified eight “relevant” factors for determining whether consumers

would likely be confused by related goods: “[1] strength of the mark; [2] proximity of the

goods; [3] similarity of the marks; [4] evidence of actual confusion; [5] marketing channels

used; [6] type of goods and the degree of care likely to be exercised by the purchaser; [7]

defendant’s intent in selecting the mark; and [8] likelihood of expansion of the product

lines.” We also noted that “the list is not exhaustive,” and that “[o]ther variables may come

into play depending on the particular facts presented.”

The Sleekcraft factors are intended as an adaptable proxy for consumer confusion, not a

rote checklist. See, e.g., Fortune Dynamic, Inc. v. Victoria’s Secret Stores Brand Mgmt.,

Inc., 618 F.3d 1025, 1030 (9th Cir. 2010) (“This eight-factor analysis is ‘pliant,’ illustrative

rather than exhaustive, and best understood as simply providing helpful guideposts.”);

Dreamwerks Prod. Grp., Inc. v. SKG Studio, 142 F.3d 1127, 1129 (9th Cir. 1998) (“The

factors should not be rigidly weighed; we do not count beans.”); Eclipse Assoc. Ltd. v. Data

Gen. Corp., 894 F.2d 1114, 1118 (9th Cir. 1990) (“These tests were not meant to be

requirements or hoops that a district court need jump through to make the

determination.”).

When we first confronted issues of trademark infringement and consumer confusion in the

Internet context over a decade ago in Brookfield, we noted that “[w]e must be acutely aware

of excessive rigidity when applying the law in the Internet context; emerging technologies

require a flexible approach.”… There, Brookfield, a software company, marketed an

entertainment database program under the mark MovieBuff. It sold the software, and

offered access to the database, on its website, moviebuffonline.com. West Coast, a video

retailer, had registered the mark The Movie Buff’s Movie Store. West Coast operated a

website using the domain name moviebuff.com, which included a film database that

competed with Brookfield’s product.

We held that Brookfield was likely to succeed in its claim to be the senior user of

MovieBuff, and that there was a likelihood of source confusion stemming from West Coast’s

use of the mark in its domain name. “Heeding our repeated warnings against simply

launching into a mechanical application of the eight-factor Sleekcraft test,” we determined

that three of the eight factors were the most important in analyzing source confusion in the

context of Internet domain names: (1) the similarity of the marks; (2) the relatedness of the

goods and services offered; and (3) the simultaneous use of the Internet as a marketing

channel. Reasoning that the two marks were virtually identical in terms of sight, sound and

meaning, that West Coast and Brookfield both offered products and services relating to

movies, and that they both used the Web as a marketing and advertising device, we

concluded that consumer confusion was likely, particularly given the nature of the

224.

consumers at issue, who included casual movie watchers unlikely to realize that they had

mistakenly clicked on to West Coast’s site when they had intended to reach Brookfield’s.

Brookfield also asserted that West Coast infringed its mark by causing initial interest

confusion because it had included MovieBuff in its “metatags,” code not visible to web users

embedded in a website to attract search engines seeking a corresponding keyword.3

Although were we to apply the same analysis in the metatags context as we did in the

domain name context, we would easily reach the same conclusion as to each of the factors

(with the possible exception of purchaser care), we declined to do so, reasoning that the

“question in the metatags context is quite different.” In the metatags context, the question

was whether West Coast could use the mark MovieBuff in the metatags of its website to

attract search engines to locate its site when the keyword “MovieBuff” was entered, a

question analogous to the issue presented here. As in the domain name context, the degree

of care and sophistication of the consumer was a key factor, although the outcome differed.

We did not find a likelihood of source confusion because the results list from a search for

“MovieBuff” would result in a list that included both Brookfield’s and West Coast’s

websites, and if the consumer clicked on West Coast’s site its own name was “prominently

display[ed].” Thus a consumer was much less likely to be confused about which site he was

viewing.

Finding no source confusion, we nonetheless concluded that West Coast’s use of MovieBuff

in its metatags was likely to cause initial interest confusion. That is, by using Brookfield’s

mark MovieBuff to direct persons searching for Brookfield’s product to the West Coast site,

West Coast derived an improper benefit from the goodwill Brookfield developed in its mark.

Five years later in Playboy, we considered the practice of “keying”—another situation

analogous to that here. Netscape operated a search engine that offered an early version of a

keyword advertising program. It sold lists of terms to sponsors, and when users searched

for the keywords on the list, the sponsor’s advertisement would be displayed on the results

page. Netscape required its advertisers from the adult entertainment industry to link their

ads to one such list that contained more than 400 terms, including trademarks held by

Playboy. Playboy sued, contending that this practice infringed its trademarks in violation of

the Lanham Act. The district court entered summary judgment in favor of Netscape.

We reversed, holding that summary judgment was inappropriate because genuine issues of

material fact existed as to whether Netscape’s keying practices constituted actionable

infringement. Following Brookfield, we analyzed the keying issue in terms of initial interest

confusion, “find[ing] insufficient evidence to defeat summary judgment on any other

theory.” Playboy claimed that Netscape “misappropriated the goodwill of [its] marks by

leading Internet users to competitors’ websites just as West Coast ... misappropriated the

goodwill of Brookfield’s mark.” In framing the initial interest confusion inquiry, we stressed

that Playboy’s infringement claim relied on the fact that the linked banner advertisements

were “unlabeled,” and were, therefore, more likely to mislead consumers into believing they

had followed a link to Playboy’s own website.

3 Modern search engines such as Google no longer use metatags. Instead they rely on their own algorithms to

find websites.

225.

In Playboy, as in Brookfield, we applied the Sleekcraft test flexibly, determining that

evidence of actual confusion was the most important factor. Playboy had introduced an

expert study showing that a “statistically significant number” of Internet users searching

for the terms “playboy” and “playmate” would think that Playboy itself sponsored the

banner advertisements which appeared on the search results page. We noted that this

study “alone probably suffices to reverse the grant of summary judgment,” but we

nonetheless analyzed other relevant Sleekcraft factors. As to the strength of the mark, we

credited Playboy’s expert reports showing it had created strong secondary meanings for

“playboy” and “playmate.” This suggested that consumers who entered these terms were

likely searching for Playboy’s products in particular. Analyzing the nature of the goods and

consumer, we “presume[d] that the average searcher seeking adult-oriented materials on

the Internet is easily diverted from a specific product he or she is seeking if other options,

particularly graphic ones, appear more quickly.” We concluded that there were genuine

issues of material fact with respect to whether consumers were likely to be confused by

Netscape’s keying practices.

Concurring, Judge Berzon was struck by how analytically similar the keyed advertisements

in Playboy were to the infringing metatags in Brookfield. We agree, and also find similarity

to the use of the keyword “ActiveBatch” in this case. Judge Berzon cautioned that a broad

reading of Brookfield’s metatags holding could result in a finding of initial interest

confusion “when a consumer is never confused as to source or affiliation, but instead knows,

or should know, from the outset that a product or web link is not related to that of the

trademark holder because the list produced by the search engine so informs him.” She

clarified that the Playboy panel’s holding was limited to “situations in which the banner

advertisements are not labeled or identified.”

Judge Berzon analogized the experience of browsing clearly labeled keyword

advertisements to shopping at Macy’s, explaining that if a shopper en route to the Calvin

Klein section is diverted by a prominently displayed Charter Club (Macy’s own brand)

collection and never reaches the Calvin Klein collection, it could not be said that Macy’s had

infringed on Calvin Klein’s trademark by diverting the customer to it with a clearly labeled,

but more prominent display. Therefore, it would be wrong to expand the initial interest

confusion theory of infringement beyond the realm of the misleading and deceptive to the

context of legitimate comparative and contextual advertising.

B.

Here we consider whether the use of another’s trademark as a search engine keyword to

trigger one’s own product advertisement violates the Lanham Act. We begin by examining

the Sleekcraft factors that are most relevant to the determination whether the use is likely

to cause initial interest confusion.4 While the district court analyzed each of the Sleekcraft

factors, it identified the three most important factors as (1) the similarity of the marks, (2)

the relatedness of the goods or services, and (3) the simultaneous use of the Web as a

marketing channel, for any case addressing trademark infringement on the Internet….

However, we did not intend Brookfield to be read so expansively as to forever enshrine

these three factors—now often referred to as the “Internet trinity” or “Internet troika”—as

4 Systems’ argument rests only on the theory of initial interest confusion. It does not argue source confusion.

226.

the test for trademark infringement on the Internet. Brookfield was the first to present a

claim of initial interest confusion on the Internet; we recognized at the time it would not be

the last, and so emphasized flexibility over rigidity. Depending on the facts of each specific

case arising on the Internet, other factors may emerge as more illuminating on the question

of consumer confusion. In Brookfield, we used the “troika” factors to analyze the risk of

source confusion generated by similar domain names, but we did not wholesale adopt them

in the metatag analysis. Subsequent courts similarly have found the “troika” helpful to

resolve disputes involving websites with similar names or appearances. The leading

trademark treatise correctly explains that the “troika” analysis “is appropriate for domain

name disputes.”

Given the multifaceted nature of the Internet and the ever-expanding ways in which we all

use the technology, however, it makes no sense to prioritize the same three factors for every

type of potential online commercial activity. The “troika” is a particularly poor fit for the

question presented here. The potential infringement in this context arises from the risk

that while using Systems’ mark to search for information about its product, a consumer

might be confused by a results page that shows a competitor’s advertisement on the same

screen, when that advertisement does not clearly identify the source or its product.

In determining the proper inquiry for this particular trademark infringement claim, we

adhere to two long stated principles: the Sleekcraft factors (1) are non-exhaustive, and (2)

should be applied flexibly, particularly in the context of Internet commerce. Finally,

because the sine qua non of trademark infringement is consumer confusion, when we

examine initial interest confusion, the owner of the mark must demonstrate likely

confusion, not mere diversion.

We turn to an examination of each Sleekcraft factor to analyze whether there is a likelihood

of consumer confusion in this case, assigning each factor appropriate weight in accordance

with its relevance to the factual circumstances presented here.

1. Strength of the Mark

“The stronger a mark—meaning the more likely it is to be remembered and associated in

the public mind with the mark’s owner—the greater the protection it is accorded by the

trademark laws.” Two relevant measurements are conceptual strength and commercial

strength. Conceptual strength involves classification of a mark “along a spectrum of

generally increasing inherent distinctiveness as generic, descriptive, suggestive, arbitrary,

or fanciful.” “A mark’s conceptual strength depends largely on the obviousness of its

connection to the good or service to which it refers.” Federal trademark “[r]egistration alone

may be sufficient in an appropriate case to satisfy a determination of distinctiveness.”

However, “while the registration adds something on the scales, we must come to grips with

an assessment of the mark itself.” Commercial strength is based on “actual marketplace

recognition,” and thus “advertising expenditures can transform a suggestive mark into a

strong mark.”

This factor is probative of confusion here because a consumer searching for a generic term

is more likely to be searching for a product category. See [Brookfield] at 1058 n. 19

(“Generic terms are those used by the public to refer generally to the product rather than a

particular brand of the product.”). That consumer is more likely to expect to encounter links

227.

and advertisements from a variety of sources. By contrast, a user searching for a distinctive

term is more likely to be looking for a particular product, and therefore could be more

susceptible to confusion when sponsored links appear that advertise a similar product from

a different source. On the other hand, if the ordinary consumers of this particular product

are particularly sophisticated and knowledgeable, they might also be aware that Systems is

the source of ActiveBatch software and not be confused at all.

The district court acknowledged that the parties failed to address the strength of the mark,

but it concluded that the factor favors Systems. It reasoned that ActiveBatch is a suggestive

mark because it “requires a mental leap from the mark to the product,” and as a registered

trademark it is “inherently distinctive.” We agree. Because the mark is both Systems’

product name and a suggestive federally registered trademark, consumers searching for the

term are presumably looking for its specific product, and not a category of goods.

Nonetheless, that may not be the end of the inquiry about this factor, as the sophistication

of the consumers of the product may also play a role. The district court properly declined to

consider commercial strength, which, as an evidence-intensive inquiry, is unnecessary at

the preliminary injunction stage.

2. Proximity of the Goods

“Related goods are generally more likely than unrelated goods to confuse the public as to

the producers of the goods.” “[T]he danger presented is that the public will mistakenly

assume there is an association between the producers of the related goods, though no such

association exists.” The proximity of goods is measured by whether the products are: (1)

complementary; (2) sold to the same class of purchasers; and (3) similar in use and function.

The proximity of the goods was relevant in Playboy, where unsophisticated consumers were

confronted with unlabeled banner advertisements that touted adult-oriented material very

similar to Playboy’s own products. There, we concluded that under the circumstances, the

relatedness of the goods bolstered the likelihood of confusion, and therefore favored

Playboy. However, the proximity of the goods would become less important if

advertisements are clearly labeled or consumers exercise a high degree of care, because

rather than being misled, the consumer would merely be confronted with choices among

similar products. Id. at 1035 (Berzon, J., concurring) (“[S]uch choices do not constitute

trademark infringement off the internet, and I cannot understand why they should on the

internet.”).

Because the products at issue here are virtually interchangeable, this factor may be helpful,

but it must be considered in conjunction with the labeling and appearance of the

advertisements and the degree of care exercised by the consumers of the ActiveBatch

software. By weighing this factor in isolation and failing to consider whether the parties’

status as direct competitors would actually lead to a likelihood of confusion, the district

court allowed this factor to weigh too heavily in the analysis.

3. Similarity of the Marks

“[T]he more similar the marks in terms of appearance, sound, and meaning, the greater the

likelihood of confusion.” “Where the two marks are entirely dissimilar, there is no likelihood

228.

of confusion.” “Similarity of the marks is tested on three levels: sight, sound, and meaning.

Each must be considered as they are encountered in the marketplace.”

In Sleekcraft, we concluded that the marks “Sleekcraft” and “Slickcraft” were similar in

terms of sight, sound, and meaning by examining the actual situations in which consumers

were likely to read, hear, and consider the meaning of the terms. Such an inquiry is

impossible here where the consumer does not confront two distinct trademarks. Rather,

after entering one company’s mark as a search term, the consumer sees a competitor’s

sponsored link that displays neither company’s trademarks. The district court erroneously

treated “ActiveBatch,” the keyword purchased by Network, as conceptually separate from

ActiveBatch the trademark owned by Systems. This is an artificial distinction that does not

reflect what consumers “encountered in the marketplace.” Again, however, because the

consumer keys in Systems’ trademark, which results in Network’s sponsored link,

depending on the labeling and appearance of the advertisement, including whether it

identifies Network’s own mark, and the degree of care and sophistication of the consumer,

it could be helpful in determining initial interest confusion.

4. Evidence of Actual Confusion

“[A] showing of actual confusion among significant numbers of consumers provides strong

support for the likelihood of confusion.” However, “actual confusion is not necessary to a

finding of likelihood of confusion under the Lanham Act.” Indeed, “[p]roving actual

confusion is difficult ... and the courts have often discounted such evidence because it was

unclear or insubstantial.”

In Playboy, the expert report showing a significant number of users were confused by the

keying practice at issue was strong evidence that Playboy’s infringement claim should be

allowed to proceed. Playboy, however, was decided at the summary judgment stage,

whereas here we examine a sparse record supporting preliminary injunctive relief. As the

district court noted, neither Network nor Systems provided evidence regarding actual

confusion, which is not surprising given the procedural posture. Therefore, while this is a

relevant factor for determining the likelihood of confusion in keyword advertising cases, its

importance is diminished at the preliminary injunction stage of the proceedings. The

district court correctly concluded that this factor should be accorded no weight.

5. Marketing Channels

“Convergent marketing channels increase the likelihood of confusion.” In Sleekcraft, the

two products were sold in niche marketplaces, including boat shows, specialty retail outlets,

and trade magazines. However, this factor becomes less important when the marketing

channel is less obscure. Today, it would be the rare commercial retailer that did not

advertise online, and the shared use of a ubiquitous marketing channel does not shed much

light on the likelihood of consumer confusion. See Playboy, 354 F.3d at 1028 (“Given the

broad use of the Internet today, the same could be said for countless companies. Thus, this

factor merits little weight.”).

Therefore, the district court’s determination that because both parties advertise on the

Internet this factor weighed in favor of Systems was incorrect.

229.

6. Type of Goods and Degree of Care

“Low consumer care ... increases the likelihood of confusion.” “In assessing the likelihood of

confusion to the public, the standard used by the courts is the typical buyer exercising

ordinary caution.... When the buyer has expertise in the field, a higher standard is proper

though it will not preclude a finding that confusion is likely. Similarly, when the goods are

expensive, the buyer can be expected to exercise greater care in his purchases; again,

though, confusion may still be likely.”

The nature of the goods and the type of consumer is highly relevant to determining the

likelihood of confusion in the keyword advertising context. A sophisticated consumer of

business software exercising a high degree of care is more likely to understand the

mechanics of Internet search engines and the nature of sponsored links, whereas an un-

savvy consumer exercising less care is more likely to be confused. The district court

determined that this factor weighed in Systems’ favor because “there is generally a low

degree of care exercised by Internet consumers.” However, the degree of care analysis

cannot begin and end at the marketing channel. We still must consider the nature and cost

of the goods, and whether “the products being sold are marketed primarily to expert

buyers.”

In Brookfield, the websites were visited by both sophisticated entertainment industry

professionals and amateur film fans, which supported the conclusion that at least some of

the consumers were likely to exercise a low degree of care. In Playboy, the relevant

consumer was looking for cheap, interchangeable adult-oriented material, which similarly

led to our court’s finding that the consumers at issue would exercise a low degree of care. In

both cases, we looked beyond the medium itself and to the nature of the particular goods

and the relevant consumers.

We have recently acknowledged that the default degree of consumer care is becoming more

heightened as the novelty of the Internet evaporates and online commerce becomes

commonplace. In Toyota Motor Sales v. Tabari, 610 F.3d 1171 (9th Cir. 2010), we vacated a

preliminary injunction that prohibited a pair of automobile brokers from using Toyota’s

“Lexus” mark in their domain names. We determined that it was unlikely that a reasonably

prudent consumer would be confused into believing that a domain name that included a

product name would necessarily have a formal affiliation with the maker of the product, as

“[c]onsumers who use the internet for shopping are generally quite sophisticated about such

matters.” The Tabari panel reasoned,

[I]n the age of FIOS, cable modems, DSL and T1 lines, reasonable, prudent

and experienced internet consumers are accustomed to such exploration by

trial and error. They skip from site to site, ready to hit the back button

whenever they’re not satisfied with a site’s contents. They fully expect to find

some sites that aren’t what they imagine based on a glance at the domain

name or search engine summary. Outside the special case of ... domains that

actively claim affiliation with the trademark holder, consumers don’t form

any firm expectations about the sponsorship of a website until they’ve seen

the landing page—if then.

230.

We further explained that we expect consumers searching for expensive products online to

be even more sophisticated. Id. at 1176 (“Unreasonable, imprudent and inexperienced web-

shoppers are not relevant.”).

Therefore the district court improperly concluded that this factor weighed in Systems’ favor

based on a conclusion reached by our court more than a decade ago in Brookfield and

GoTo.com that Internet users on the whole exercise a low degree of care. While the

statement may have been accurate then, we suspect that there are many contexts in which

it no longer holds true.

7. Defendant’s Intent

“When the alleged infringer knowingly adopts a mark similar to another’s, reviewing courts

presume that the defendant can accomplish his purpose: that is, that the public will be

deceived.” Nevertheless, we have also “recognized that liability for infringement may not be

imposed for using a registered trademark in connection with truthful comparative

advertising.”

Therefore, much like the proximity of the goods, the defendant’s intent may be relevant

here, but only insofar as it bolsters a finding that the use of the trademark serves to

mislead consumers rather than truthfully inform them of their choice of products. The

district court incorrectly considered the intent factor in isolation, and concluded that it

weighed in Systems’ favor without first determining that Network intended to deceive

consumers rather than compare its product to ActiveBatch.

8. Likelihood of Expansion of the Product Lines

“Inasmuch as a trademark owner is afforded greater protection against competing goods, a

‘strong possibility’ that either party may expand his business to compete with the other will

weigh in favor of finding that the present use is infringing. When goods are closely related,

any expansion is likely to result in direct competition.” Where two companies are direct

competitors, this factor is unimportant. Therefore, the district court correctly declined to

consider the likelihood of expansion.

9. Other Relevant Factors

The eight Sleekcraft factors are “not exhaustive. Other variables may come into play

depending on the particular facts presented.” In the keyword advertising context the

“likelihood of confusion will ultimately turn on what the consumer saw on the screen and

reasonably believed, given the context.” Hearts on Fire Co. v. Blue Nile, Inc., 603 F. Supp.

2d 274, 289 (D. Mass. 2009).6 In Playboy, we found it important that the consumers saw

banner advertisements that were “confusingly labeled or not labeled at all.” We noted that

6 The Hearts on Fire court identified a new seven-factor test to determine whether there is a likelihood of

consumer confusion arising from a firm’s use of a competitor’s trademark as a search engine keyword triggering

its own sponsored links. Network urges us to adopt the Hearts on Fire factors. While we agree that the

decision’s reasoning is useful, we decline to add another multi-factor test to the extant eight-factor Sleekcraft

test.

231.

clear labeling “might eliminate the likelihood of initial interest confusion that exists in this

case.”

The appearance of the advertisements and their surrounding context on the user’s screen

are similarly important here. The district court correctly examined the text of Network’s

sponsored links, concluding that the advertisements did not clearly identify their source.

However, the district court did not consider the surrounding context. In Playboy, we also

found it important that Netscape’s search engine did not clearly segregate the sponsored

advertisements from the objective results. Here, even if Network has not clearly identified

itself in the text of its ads, Google and Bing have partitioned their search results pages so

that the advertisements appear in separately labeled sections for “sponsored” links. The

labeling and appearance of the advertisements as they appear on the results page includes

more than the text of the advertisement, and must be considered as a whole.

C.

Given the nature of the alleged infringement here, the most relevant factors to the analysis

of the likelihood of confusion are: (1) the strength of the mark; (2) the evidence of actual

confusion; (3) the type of goods and degree of care likely to be exercised by the purchaser;

and (4) the labeling and appearance of the advertisements and the surrounding context on

the screen displaying the results page.

The district court did not weigh the Sleekcraft factors flexibly to match the specific facts of

this case. It relied on the Internet “troika,” which is highly illuminating in the context of

domain names, but which fails to discern whether there is a likelihood of confusion in a

keywords case. Because the linchpin of trademark infringement is consumer confusion, the

district court abused its discretion in issuing the injunction….

NOTES AND QUESTIONS

How Keyword Advertising Works. For a good summary of keyword advertising technology

and the efficacy of search ads, see In the Matter of 1-800 Contacts, Inc., FTC Docket No.

9372 (Oct. 27, 2017), https://www.ftc.gov/system/files/documents/cases/docket_9372_1-

800_contacts_inc._initial_decision_final_redacted_public_version.pdf (especially pages 21-

37).

Trademarks in Ad Copy. When the advertiser only purchases the trademark as the

keyword to display ads, but doesn’t reference the trademark in the ad copy, the advertiser

routinely wins any resulting trademark litigation:

apart from a single district court summary judgment decision from over ten

years ago, no court has found bidding on trademark keywords to constitute

trademark infringement, absent some additional factor, such as a misleading

use of the trademark in the ad text that confuses consumers as to the

advertisement’s source, sponsorship, or affiliation. Rather, “[c]ourts have

consistently rejected the notion that buying or creating internet search terms,

alone, is enough to raise a claim of trademark infringement”

In the Matter of 1-800 Contacts, Inc., 2018 WL 6078349 (FTC Docket #9372, Nov. 7, 2018).

232.

As this passage indicates, the legal analysis may be more complicated if the advertiser

references the trademark in the ad copy. Nevertheless, advertisers have had substantial

courtroom success in those cases as well.

If Consumers Search for a Brand, What Do They Expect to Get? The court says:

a consumer searching for a generic term is more likely to be searching for a

product category….That consumer is more likely to expect to encounter links

and advertisements from a variety of sources. By contrast, a user searching

for a distinctive term is more likely to be looking for a particular product, and

therefore could be more susceptible to confusion when sponsored links appear

that advertise a similar product from a different source.

Does this sound right to you? The court relied on its own intuition, not any empirical

studies of consumer search behavior. Unfortunately, this intuition is demonstrably false.

See Jeffrey P. Dotson et al, Brand Attitudes and Search Engine Queries, 37 J. INTERACTIVE

MARKETING 105 (2016):

there are many reasons a user might submit a brand search query. Users

who are shopping in a category are more likely to search for any brand in the

category; users are more likely to search for brands for which they hold

positive attitudes; users who own a brand are more likely to search for the

brand; and users who are category enthusiasts are more likely to search for

all brands in the category

See also Comphy Co. v. Amazon.com, Inc., 371 F. Supp. 3d 914 (W.D. Wash. 2019) (“use of

COMPHY as a search term does not necessarily indicate an intent to search for Plaintiff’s

products. This is true even in the more limited situation where COMPHY is used in

reference to bedding”); David J. Franklyn & David A. Hyman, Trademarks As Search

Engine Keywords: Much Ado About Something?, 26 HARV. J. L. & TECH. 481, 517 (2013)

(emphasis added):

We began by asking survey respondents who had searched for a particular

brand of product whether they were usually interested in finding information

about that brand, or whether they were also interested in getting information

about similar products from other brands. A near majority, 47%, of survey

respondents indicated they usually wanted information about the specific

brand they had searched for, while 31% usually wanted information

about similar products from other brands, and 22% had no preference.

What is “Initial Interest Confusion”? How did the Lamparello court define initial interest

confusion? How did Promatek, Brookfield and Network Automation? Although the

Brookfield definition is the most cited definition, there are dozens of definitions of the term

“initial interest confusion.”

Is the Initial Interest Confusion Doctrine Dying? Following the Network Automation case,

the initial interest confusion doctrine has waned substantially. For example, 1-800

233.

Contacts, Inc. v. Lens.com, Inc., 722 F.3d 1229 (10th Cir. 2013) is a keyword advertising

case where the trademark owner argued initial interest confusion. The Tenth Circuit said

that an ad’s click-through rate provides an upper bound on the amount of consumer

confusion created by the ad (i.e., assume that every click on the ad was a confused

consumer). Trademark law consistently says that a consumer confusion rate of less than

10% shows that the ads don’t create a likelihood of consumer confusion; and in the 1-800

Contacts case, the defendants’ ads generated a clickthrough rate of 1.5% or less, well below

the 10% threshold that evidences a lack of consumer confusion. As a result, the court said 1-

800 Contacts couldn’t show initial interest confusion.

Here’s the punchline: ads never have clickthrough rates anywhere close to 10%. Typically

clickthrough rates are in the 1-2% range. As a result, if other courts follow this clickthrough

rate-based approach, defendants should win every initial interest confusion claim based on

buying a competitor’s trademark for keyword advertising.

More generally, the “initial interest confusion” doctrine rarely appears in court opinions

any more, and it has contributed to a trademark owner’s win in only a handful of cases in

the past half-decade.

Internal Search Engines. Most keyword advertising cases involve general-purpose search

engines like Google. Do outcomes differ when a consumer searches for a third party

trademark in an e-commerce website’s internal search function? The Ninth Circuit

addressed this issue in Multi Time Machine, Inc. v. Amazon.com, Inc., 804 F. 3d 930 (9th

Cir. 2015) (this is the second panel opinion; it replaced an earlier withdrawn opinion).

MTM manufactures watches. It does not allow its watches to be sold on Amazon, and

Amazon has never sold any MTM watches. When Amazon customers searched for “mtm

special ops”, they saw a page like this:

234.

The court ruled for Amazon because:

Amazon is responding to a customer’s inquiry about a brand it does not carry

by doing no more than stating clearly (and showing pictures of) what brands

it does carry. To whatever extent the Sleekcraft factors apply in a case such

235.

as this – a merchant responding to a request for a particular brand it does

not sell by offering other brands clearly identified as such – the undisputed

evidence shows that confusion on the part of the inquiring buyer is not at all

likely. Not only are the other brands clearly labeled and accompanied by

photographs, there is no evidence of actual confusion by anyone.

Publicity Rights and Keyword Advertising. Habush v. Cannon, 346 Wis.2d 709 (Wis. App.

Ct. 2013), held that buying a person’s name (in that case, a rival lawyer) as a keyword for

competitive advertising didn’t violate the person’s publicity rights.

Is Suing Over Keyword Advertising Litigation a Good Business Decision? Trademark

owners have a poor track record in keyword advertising cases. Irrespective of the courtroom

result, the lawsuits often are economically irrational based on minimal financial

consequences of the defendant’s advertising. Consider one court’s summation (emphasis

added):

Apparently, Defendants bid on 14,057 keywords with their AdWords

accounts. The evidence shows that 14 (or 0.1%) included the word “bandago.”

Of those 14 AdWords, only three generated any clicks at all. Each of those

three keywords generated exactly one click. In other words, Defendants’ bids

on infringing keywords from November 2008 to April 2009 resulted in a total

of three visits to Defendants’ website. Even assuming all three visits were

from different users, that each would have rented from Bandago absent the

advertisements, and that each of those users proceeded to rent vans from

Defendants instead, Digby’s actual damages attributable to the

infringing AdWords must have been vanishingly small.

Digby Adler Group LLC v. Image Rent a Car, Inc., 79 F. Supp. 3d 1095 (N.D. Cal. 2015). It’s

in fact fairly common for keyword advertising lawsuits to have dubious economic stakes.

More examples:

 Passport Health v. Avance Health: the advertiser got 41 clicks in 3 years.

 800-JR Cigar v. GoTo.com: the search engine defendant generated $345 in revenue

(not profit, just revenue) from the litigated terms.

 Control Solutions, Inc. v. MicroDAQ.com, Inc.: the advertiser made one sale for $305,

which the buyer subsequently returned.

 InternetShopsInc.com v. Six C: the advertiser got 1,319 impressions, 35 clicks and

zero sales.

As a result, many trademark owners just avail themselves of any extra-judicial recourse

offered by keyword sellers, such as Google’s trademark policy for keyword ads, even if it

doesn’t provide full relief.

236.

The Internet makes markets more efficient, but that also helps purveyors of counterfeit

items reach consumers. The following case largely resolved the legal questions about

marketplace operator liability for user-caused trademark infringements. It remains the

flagship case on secondary trademark liability online.

Tiffany Inc. v. eBay, Inc., 600 F.3d 93 (2d Cir. 2010).

eBay, Inc. (“eBay”), through its eponymous online marketplace, has revolutionized the

online sale of goods, especially used goods. It has facilitated the buying and selling by

hundreds of millions of people and entities, to their benefit and eBay’s profit. But that

marketplace is sometimes employed by users as a means to perpetrate fraud by selling

counterfeit goods.

Plaintiffs Tiffany (NJ) Inc. and Tiffany and Company (together, “Tiffany”) have created and

cultivated a brand of jewelry bespeaking high-end quality and style. Based on Tiffany’s

concern that some use eBay’s website to sell counterfeit Tiffany merchandise, Tiffany has

instituted this action against eBay, asserting various causes of action—sounding in

trademark infringement, trademark dilution and false advertising—arising from eBay’s

advertising and listing practices. For the reasons set forth below, we affirm the district

court’s judgment with respect to Tiffany’s claims of trademark infringement and dilution

but remand for further proceedings with respect to Tiffany’s false advertising claim.

BACKGROUND…

eBay

eBay is the proprietor of www.ebay.com, an Internet-based marketplace that allows those

who register with it to purchase goods from and sell goods to one another. It “connect[s]

buyers and sellers and [] enable[s] transactions, which are carried out directly between

eBay members.” In its auction and listing services, it “provides the venue for the sale [of

goods] and support for the transaction[s], [but] it does not itself sell the items” listed for

sale on the site, nor does it ever take physical possession of them. Thus, “eBay generally

does not know whether or when an item is delivered to the buyer.”

eBay has been enormously successful. More than six million new listings are posted on its

site daily. At any given time it contains some 100 million listings.

eBay generates revenue by charging sellers to use its listing services. For any listing, it

charges an “insertion fee” based on the auction’s starting price for the goods being sold and

ranges from $0.20 to $4.80. For any completed sale, it charges a “final value fee” that

ranges from 5.25% to 10% of the final sale price of the item. Sellers have the option of

purchasing, at additional cost, features “to differentiate their listings, such as a border or

bold-faced type.”

eBay also generates revenue through a company named PayPal, which it owns and which

allows users to process their purchases. PayPal deducts, as a fee for each transaction that it

processes, 1.9% to 2.9% of the transaction amount, plus $0.30. This gives eBay an added

incentive to increase both the volume and the price of the goods sold on its website.

237.

Tiffany

Tiffany is a world-famous purveyor of, among other things, branded jewelry. Since 2000, all

new Tiffany jewelry sold in the United States has been available exclusively through

Tiffany’s retail stores, catalogs, and website, and through its Corporate Sales Department.

It does not use liquidators, sell overstock merchandise, or put its goods on sale at

discounted prices. It does not—nor can it, for that matter—control the “legitimate

secondary market in authentic Tiffany silvery jewelry,” i.e., the market for second-hand

Tiffany wares. The record developed at trial “offere[d] little basis from which to discern the

actual availability of authentic Tiffany silver jewelry in the secondary market.”

Sometime before 2004, Tiffany became aware that counterfeit Tiffany merchandise was

being sold on eBay’s site. Prior to and during the course of this litigation, Tiffany conducted

two surveys known as “Buying Programs,” one in 2004 and another in 2005, in an attempt

to assess the extent of this practice. Under those programs, Tiffany bought various items on

eBay and then inspected and evaluated them to determine how many were counterfeit.

Tiffany found that 73.1% of the purported Tiffany goods purchased in the 2004 Buying

Program and 75.5% of those purchased in the 2005 Buying Program were counterfeit. The

district court concluded, however, that the Buying Programs were “methodologically flawed

and of questionable value,” and “provide[d] limited evidence as to the total percentage of

counterfeit goods available on eBay at any given time.” The court nonetheless decided that

during the period in which the Buying Programs were in effect, a “significant portion of the

‘Tiffany’ sterling silver jewelry listed on the eBay website ... was counterfeit,” and that eBay

knew “that some portion of the Tiffany goods sold on its website might be counterfeit.” The

court found, however, that “a substantial number of authentic Tiffany goods are [also] sold

on eBay.”

Reducing or eliminating the sale of all second-hand Tiffany goods, including genuine

Tiffany pieces, through eBay’s website would benefit Tiffany in at least one sense: It would

diminish the competition in the market for genuine Tiffany merchandise. See id. at 510 n.

36 (noting that “there is at least some basis in the record for eBay’s assertion that one of

Tiffany’s goals in pursuing this litigation is to shut down the legitimate secondary market

in authentic Tiffany goods”). The immediate effect would be loss of revenue to eBay, even

though there might be a countervailing gain by eBay resulting from increased consumer

confidence about the bona fides of other goods sold through its website.

Anti-Counterfeiting Measures

Because eBay facilitates many sales of Tiffany goods, genuine and otherwise, and obtains

revenue on every transaction, it generates substantial revenues from the sale of purported

Tiffany goods, some of which are counterfeit. “eBay’s Jewelry & Watches category manager

estimated that, between April 2000 and June 2004, eBay earned $4.1 million in revenue

from completed listings with ‘Tiffany’ in the listing title in the Jewelry & Watches

category.” Although eBay was generating revenue from all sales of goods on its site,

including counterfeit goods, the district court found eBay to have “an interest in eliminating

counterfeit Tiffany merchandise from eBay ... to preserve the reputation of its website as a

safe place to do business.” The buyer of fake Tiffany goods might, if and when the forgery

was detected, fault eBay. Indeed, the district court found that “buyers ... complain[ed] to

eBay” about the sale of counterfeit Tiffany goods. “[D]uring the last six weeks of 2004, 125

consumers complained to eBay about purchasing ‘Tiffany’ items through the eBay website

that they believed to be counterfeit.”

238.

Because eBay “never saw or inspected the merchandise in the listings,” its ability to

determine whether a particular listing was for counterfeit goods was limited. Even had it

been able to inspect the goods, moreover, in many instances it likely would not have had the

expertise to determine whether they were counterfeit.

Notwithstanding these limitations, eBay spent “as much as $20 million each year on tools

to promote trust and safety on its website.” For example, eBay and PayPal set up “buyer

protection programs,” under which, in certain circumstances, the buyer would be

reimbursed for the cost of items purchased on eBay that were discovered not to be genuine.

eBay also established a “Trust and Safety” department, with some 4,000 employees

“devoted to trust and safety” issues, including over 200 who “focus exclusively on combating

infringement” and 70 who “work exclusively with law enforcement.”

By May 2002, eBay had implemented a “fraud engine,” “which is principally dedicated to

ferreting out illegal listings, including counterfeit listings.” eBay had theretofore employed

manual searches for keywords in listings in an effort to “identify blatant instances of

potentially infringing ... activity.” “The fraud engine uses rules and complex models that

automatically search for activity that violates eBay policies.” In addition to identifying

items actually advertised as counterfeit, the engine also incorporates various filters

designed to screen out less-obvious instances of counterfeiting using “data elements

designed to evaluate listings based on, for example, the seller’s Internet protocol address,

any issues associated with the seller’s account on eBay, and the feedback the seller has

received from other eBay users.” In addition to general filters, the fraud engine

incorporates “Tiffany-specific filters,” including “approximately 90 different keywords”

designed to help distinguish between genuine and counterfeit Tiffany goods. During the

period in dispute, eBay also “periodically conducted [manual] reviews of listings in an effort

to remove those that might be selling counterfeit goods, including Tiffany goods.”

For nearly a decade, including the period at issue, eBay has also maintained and

administered the “Verified Rights Owner (‘VeRO’) Program”—a “‘notice-and-takedown’

system” allowing owners of intellectual property rights, including Tiffany, to “report to

eBay any listing offering potentially infringing items, so that eBay could remove such

reported listings.” Any such rights-holder with a “good-faith belief that [a particular listed]

item infringed on a copyright or a trademark” could report the item to eBay, using a “Notice

Of Claimed Infringement form or NOCI form.” During the period under consideration,

eBay’s practice was to remove reported listings within twenty-four hours of receiving a

NOCI, but eBay in fact deleted seventy to eighty percent of them within twelve hours of

notification.

On receipt of a NOCI, if the auction or sale had not ended, eBay would, in addition to

removing the listing, cancel the bids and inform the seller of the reason for the cancellation.

If bidding had ended, eBay would retroactively cancel the transaction. In the event of a

cancelled auction, eBay would refund the fees it had been paid in connection with the

auction.

In some circumstances, eBay would reimburse the buyer for the cost of a purchased item,

provided the buyer presented evidence that the purchased item was counterfeit. During the

relevant time period, the district court found, eBay “never refused to remove a reported

239.

Tiffany listing, acted in good faith in responding to Tiffany’s NOCIs, and always provided

Tiffany with the seller’s contact information.”

In addition, eBay has allowed rights owners such as Tiffany to create an “About Me”

webpage on eBay’s website “to inform eBay users about their products, intellectual property

rights, and legal positions.” eBay does not exercise control over the content of those pages in

a manner material to the issues before us.

Tiffany, not eBay, maintains the Tiffany “About Me” page. With the headline “BUYER

BEWARE,” the page begins: “Most of the purported TIFFANY & CO. silver jewelry

and packaging available on eBay is counterfeit.” It also says, inter alia:

The only way you can be certain that you are purchasing a genuine TIFFANY

& CO. product is to purchase it from a Tiffany & Co. retail store, via our

website (www.tiffany.com) or through a Tiffany & Co. catalogue. Tiffany &

Co. stores do not authenticate merchandise. A good jeweler or appraiser may

be able to do this for you.

In 2003 or early 2004, eBay began to use “special warning messages when a seller

attempted to list a Tiffany item.” These messages “instructed the seller to make sure that

the item was authentic Tiffany merchandise and informed the seller that eBay ‘does not

tolerate the listing of replica, counterfeit, or otherwise unauthorized items’ and that

violation of this policy ‘could result in suspension of [the seller’s] account.’” The messages

also provided a link to Tiffany’s “About Me” page with its “buyer beware” disclaimer. If the

seller “continued to list an item despite the warning, the listing was flagged for review.”

In addition to cancelling particular suspicious transactions, eBay has also suspended from

its website “‘hundreds of thousands of sellers every year,’ tens of thousands of whom were

suspected [of] having engaged in infringing conduct.” eBay primarily employed a “‘three

strikes rule’” for suspensions, but would suspend sellers after the first violation if it was

clear that “the seller ‘listed a number of infringing items,’ and ‘[selling counterfeit

merchandise] appears to be the only thing they’ve come to eBay to do.’” But if “a seller

listed a potentially infringing item but appeared overall to be a legitimate seller, the

‘infringing items [were] taken down, and the seller [would] be sent a warning on the first

offense and given the educational information, [and] told that ... if they do this again, they

will be suspended from eBay.’”5

By late 2006, eBay had implemented additional anti-fraud measures: delaying the ability of

buyers to view listings of certain brand names, including Tiffany’s, for 6 to 12 hours so as to

give rights-holders such as Tiffany more time to review those listings; developing the ability

to assess the number of items listed in a given listing; and restricting one-day and three-

day auctions and cross-border trading for some brand-name items.

5 According to the district court, “eBay took appropriate steps to warn and then to suspend sellers when eBay

learned of potential trademark infringement under that seller’s account.” The district court concluded that it

was understandable that eBay did not have a “hard-and-fast, one-strike rule” of suspending sellers because a

NOCI “did not constitute a definitive finding that the listed item was counterfeit” and because “suspension was

a very serious matter, particularly to those sellers who relied on eBay for their livelihoods.” The district court

ultimately found eBay’s policy to be “appropriate and effective in preventing sellers from returning to eBay and

re-listing potentially counterfeit merchandise.”

240.

The district court concluded that “eBay consistently took steps to improve its technology

and develop anti-fraud measures as such measures became technologically feasible and

reasonably available.”

eBay’s Advertising

At the same time that eBay was attempting to reduce the sale of counterfeit items on its

website, it actively sought to promote sales of premium and branded jewelry, including

Tiffany merchandise, on its site. Among other things,

eBay “advised its sellers to take advantage of the demand for Tiffany

merchandise as part of a broader effort to grow the Jewelry & Watches

category.” And prior to 2003, eBay advertised the availability of Tiffany

merchandise on its site. eBay’s advertisements trumpeted “Mother’s Day

Gifts!,” a “Fall FASHION BRAND BLOWOUT,” “Jewelry Best Sellers,”

“GREAT BRANDS, GREAT PRICES,” or “Top Valentine’s Deals,” among

other promotions. It encouraged the viewer to “GET THE FINER THINGS.”

These advertisements provided the reader with hyperlinks, at least one of

each of which was related to Tiffany merchandise—“Tiffany,” “Tiffany & Co.

under $150,” “Tiffany & Co,” “Tiffany Rings,” or “Tiffany & Co. under $50.”

eBay also purchased sponsored-link advertisements on various search engines to promote

the availability of Tiffany items on its website. In one such case, in the form of a printout of

the results list from a search on Yahoo! for “tiffany,” the second sponsored link read

“Tiffany on eBay. Find tiffany items at low prices. With over 5 million items for sale every

day, you’ll find all kinds of unique [unreadable] Marketplace. www.ebay.com.” Tiffany

complained to eBay of the practice in 2003, and eBay told Tiffany that it had ceased buying

sponsored links. The district court found, however, that eBay continued to do so indirectly

through a third party….

DISCUSSION…

I. Direct Trademark Infringement

Tiffany alleges that eBay infringed its trademark in violation of section 32 of the Lanham

Act. The district court described this as a claim of “direct trademark infringement,” and we

adopt that terminology. Under section 32, “the owner of a mark registered with the Patent

and Trademark Office can bring a civil action against a person alleged to have used the

mark without the owner’s consent.” We analyze such a claim “under a familiar two-prong

test. The test looks first to whether the plaintiff’s mark is entitled to protection, and second

to whether the defendant’s use of the mark is likely to cause consumers confusion as to the

origin or sponsorship of the defendant’s goods.”

In the district court, Tiffany argued that eBay had directly infringed its mark by using it on

eBay’s website and by purchasing sponsored links containing the mark on Google and

Yahoo! Tiffany also argued that eBay and the sellers of the counterfeit goods using its site

were jointly and severally liable. The district court rejected these arguments on the ground

that eBay’s use of Tiffany’s mark was protected by the doctrine of nominative fair use.

241.

The doctrine of nominative fair use allows “[a] defendant [to] use a plaintiff’s trademark to

identify the plaintiff’s goods so long as there is no likelihood of confusion about the source of

[the] defendant’s product or the mark-holder’s sponsorship or affiliation.” The doctrine

apparently originated in the Court of Appeals for the Ninth Circuit. To fall within the

protection, according to that court: “First, the product or service in question must be one

not readily identifiable without use of the trademark; second, only so much of the mark or

marks may be used as is reasonably necessary to identify the product or service; and third,

the user must do nothing that would, in conjunction with the mark, suggest sponsorship or

endorsement by the trademark holder.”

The Court of Appeals for the Third Circuit has endorsed these principles. We have referred

to the doctrine, albeit without adopting or rejecting it. Other circuits have done similarly.

We need not address the viability of the doctrine to resolve Tiffany’s claim, however. We

have recognized that a defendant may lawfully use a plaintiff’s trademark where doing so is

necessary to describe the plaintiff’s product and does not imply a false affiliation or

endorsement by the plaintiff of the defendant. “While a trademark conveys an exclusive

right to the use of a mark in commerce in the area reserved, that right generally does not

prevent one who trades a branded product from accurately describing it by its brand name,

so long as the trader does not create confusion by implying an affiliation with the owner of

the product.”

We agree with the district court that eBay’s use of Tiffany’s mark on its website and in

sponsored links was lawful. eBay used the mark to describe accurately the genuine Tiffany

goods offered for sale on its website. And none of eBay’s uses of the mark suggested that

Tiffany affiliated itself with eBay or endorsed the sale of its products through eBay’s

website.

In addition, the “About Me” page that Tiffany has maintained on eBay’s website since 2004

states that “[m]ost of the purported ‘TIFFANY & CO.’ silver jewelry and packaging

available on eBay is counterfeit.” The page further explained that Tiffany itself sells its

products only through its own stores, catalogues, and website.

Tiffany argues, however, that even if eBay had the right to use its mark with respect to the

resale of genuine Tiffany merchandise, eBay infringed the mark because it knew or had

reason to know that there was “a substantial problem with the sale of counterfeit [Tiffany]

silver jewelry” on the eBay website. As we discuss below, eBay’s knowledge vel non that

counterfeit Tiffany wares were offered through its website is relevant to the issue of

whether eBay contributed to the direct infringement of Tiffany’s mark by the counterfeiting

vendors themselves, or whether eBay bears liability for false advertising. But it is not a

basis for a claim of direct trademark infringement against eBay, especially inasmuch as it

is undisputed that eBay promptly removed all listings that Tiffany challenged as

counterfeit and took affirmative steps to identify and remove illegitimate Tiffany goods. To

impose liability because eBay cannot guarantee the genuineness of all of the purported

Tiffany products offered on its website would unduly inhibit the lawful resale of genuine

Tiffany goods.

We conclude that eBay’s use of Tiffany’s mark in the described manner did not constitute

direct trademark infringement.

242.

II. Contributory Trademark Infringement

The more difficult issue, and the one that the parties have properly focused our attention

on, is whether eBay is liable for contributory trademark infringement—i.e., for culpably

facilitating the infringing conduct of the counterfeiting vendors. Acknowledging the paucity

of case law to guide us, we conclude that the district court correctly granted judgment on

this issue in favor of eBay.

A. Principles

Contributory trademark infringement is a judicially created doctrine that derives from the

common law of torts. The Supreme Court most recently dealt with the subject in Inwood

Laboratories, Inc. v. Ives Laboratories, Inc., 456 U.S. 844 (1982). There, the plaintiff, Ives,

asserted that several drug manufacturers had induced pharmacists to mislabel a drug the

defendants produced to pass it off as Ives’. According to the Court, “if a manufacturer or

distributor intentionally induces another to infringe a trademark, or if it continues to

supply its product to one whom it knows or has reason to know is engaging in trademark

infringement, the manufacturer or distributor is contributorially responsible for any harm

done as a result of the deceit.” The Court ultimately decided to remand the case to the

Court of Appeals after concluding it had improperly rejected factual findings of the district

court favoring the defendant manufacturers.

Inwood’s test for contributory trademark infringement applies on its face to manufacturers

and distributors of goods. Courts have, however, extended the test to providers of services.

The Seventh Circuit applied Inwood to a lawsuit against the owner of a swap meet, or “flea

market,” whose vendors were alleged to have sold infringing Hard Rock Café T-shirts. The

court “treated trademark infringement as a species of tort,” and analogized the swap meet

owner to a landlord or licensor, on whom the common law “imposes the same duty ... [as

Inwood] impose[s] on manufacturers and distributors.”

Speaking more generally, the Ninth Circuit concluded that Inwood’s test for contributory

trademark infringement applies to a service provider if he or she exercises sufficient control

over the infringing conduct. Lockheed Martin Corp. v. Network Solutions, Inc., 194 F.3d

980, 984 (9th Cir. 1999); see also id. (“Direct control and monitoring of the instrumentality

used by a third party to infringe the plaintiff’s mark permits the expansion of Inwood Lab.’s

‘supplies a product’ requirement for contributory infringement.”).

We have apparently addressed contributory trademark infringement in only two related

decisions, and even then in little detail. Citing Inwood, we said that “[a] distributor who

intentionally induces another to infringe a trademark, or continues to supply its product to

one whom it knows or has reason to know is engaging in trademark infringement, is

contributorially liable for any injury.”

243.

The limited case law leaves the law of contributory trademark infringement ill-defined.

Although we are not the first court to consider the application of Inwood to the Internet, we

are apparently the first to consider its application to an online marketplace.9

B. Discussion

1. Does Inwood Apply?

In the district court, the parties disputed whether eBay was subject to the Inwood test.

eBay argued that it was not because it supplies a service while Inwood governs only

manufacturers and distributors of products. The district court rejected that distinction. It

adopted instead the reasoning of the Ninth Circuit in Lockheed to conclude that Inwood

applies to a service provider who exercises sufficient control over the means of the

infringing conduct. Looking “to the extent of the control exercised by eBay over its sellers’

means of infringement,” the district court concluded that Inwood applied in light of the

“significant control” eBay retained over the transactions and listings facilitated by and

conducted through its website.

On appeal, eBay no longer maintains that it is not subject to Inwood. We therefore assume

without deciding that Inwood’s test for contributory trademark infringement governs.

2. Is eBay Liable Under Inwood?

The question that remains, then, is whether eBay is liable under the Inwood test on the

basis of the services it provided to those who used its website to sell counterfeit Tiffany

products. As noted, when applying Inwood to service providers, there are two ways in which

a defendant may become contributorially liable for the infringing conduct of another: first,

if the service provider “intentionally induces another to infringe a trademark,” and second,

if the service provider “continues to supply its [service] to one whom it knows or has reason

to know is engaging in trademark infringement.” Inwood, 456 U.S. at 854. Tiffany does not

argue that eBay induced the sale of counterfeit Tiffany goods on its website—the

circumstances addressed by the first part of the Inwood test. It argues instead, under the

second part of the Inwood test, that eBay continued to supply its services to the sellers of

counterfeit Tiffany goods while knowing or having reason to know that such sellers were

infringing Tiffany’s mark.

The district court rejected this argument. First, it concluded that to the extent the NOCIs

that Tiffany submitted gave eBay reason to know that particular listings were for

counterfeit goods, eBay did not continue to carry those listings once it learned that they

were specious. The court found that eBay’s practice was promptly to remove the challenged

listing from its website, warn sellers and buyers, cancel fees it earned from that listing, and

direct buyers not to consummate the sale of the disputed item. The court therefore declined

to hold eBay contributorially liable for the infringing conduct of those sellers. On appeal,

Tiffany does not appear to challenge this conclusion. In any event, we agree with the

district court that no liability arises with respect to those terminated listings.

9 European courts have done so. A Belgian court declined to hold eBay liable for counterfeit cosmetic products

sold through its website. French courts, by contrast, have concluded that eBay violated applicable trademark

laws.

244.

Tiffany disagrees vigorously, however, with the district court’s further determination that

eBay lacked sufficient knowledge of trademark infringement by sellers behind other, non-

terminated listings to provide a basis for Inwood liability. Tiffany argued in the district

court that eBay knew, or at least had reason to know, that counterfeit Tiffany goods were

being sold ubiquitously on its website. As evidence, it pointed to, inter alia, the demand

letters it sent to eBay in 2003 and 2004, the results of its Buying Programs that it shared

with eBay, the thousands of NOCIs it filed with eBay alleging its good faith belief that

certain listings were counterfeit, and the various complaints eBay received from buyers

claiming that they had purchased one or more counterfeit Tiffany items through eBay’s

website. Tiffany argued that taken together, this evidence established eBay’s knowledge of

the widespread sale of counterfeit Tiffany products on its website. Tiffany urged that eBay

be held contributorially liable on the basis that despite that knowledge, it continued to

make its services available to infringing sellers.

The district court rejected this argument. It acknowledged that “[t]he evidence produced at

trial demonstrated that eBay had generalized notice that some portion of the Tiffany goods

sold on its website might be counterfeit.” The court characterized the issue before it as

“whether eBay’s generalized knowledge of trademark infringement on its website was

sufficient to meet the ‘knowledge or reason to know’ prong of the Inwood test.” eBay had

argued that “such generalized knowledge is insufficient, and that the law demands more

specific knowledge of individual instances of infringement and infringing sellers before

imposing a burden upon eBay to remedy the problem.”

The district court concluded that “while eBay clearly possessed general knowledge as to

counterfeiting on its website, such generalized knowledge is insufficient under the Inwood

test to impose upon eBay an affirmative duty to remedy the problem.” The court reasoned

that Inwood’s language explicitly imposes contributory liability on a defendant who

“continues to supply its product [—in eBay’s case, its service—] to one whom it knows or

has reason to know is engaging in trademark infringement.” The court also noted that

plaintiffs “bear a high burden in establishing ‘knowledge’ of contributory infringement,” and

that courts have

been reluctant to extend contributory trademark liability to defendants

where there is some uncertainty as to the extent or the nature of the

infringement. In Inwood, Justice White emphasized in his concurring opinion

that a defendant is not “require[d] ... to refuse to sell to dealers who merely

might pass off its goods.”

Accordingly, the district court concluded that for Tiffany to establish eBay’s contributory

liability, Tiffany would have to show that eBay “knew or had reason to know of specific

instances of actual infringement” beyond those that it addressed upon learning of them.

Tiffany failed to make such a showing.

On appeal, Tiffany argues that the distinction drawn by the district court between eBay’s

general knowledge of the sale of counterfeit Tiffany goods through its website, and its

specific knowledge as to which particular sellers were making such sales, is a “false” one

not required by the law. Tiffany posits that the only relevant question is “whether all of the

knowledge, when taken together, puts [eBay] on notice that there is a substantial problem

245.

of trademark infringement. If so and if it fails to act, [eBay] is liable for contributory

trademark infringement.”

We agree with the district court. For contributory trademark infringement liability to lie, a

service provider must have more than a general knowledge or reason to know that its

service is being used to sell counterfeit goods. Some contemporary knowledge of which

particular listings are infringing or will infringe in the future is necessary.

We are not persuaded by Tiffany’s proposed interpretation of Inwood. Tiffany understands

the “lesson of Inwood” to be that an action for contributory trademark infringement lies

where “the evidence [of infringing activity]—direct or circumstantial, taken as a whole—...

provide[s] a basis for finding that the defendant knew or should have known that its

product or service was being used to further illegal counterfeiting activity.” We think that

Tiffany reads Inwood too broadly. Although the Inwood Court articulated a “knows or has

reason to know” prong in setting out its contributory liability test, the Court explicitly

declined to apply that prong to the facts then before it. The Court applied only the

inducement prong of the test.

We therefore do not think that Inwood establishes the contours of the “knows or has reason

to know” prong. Insofar as it speaks to the issue, though, the particular phrasing that the

Court used—that a defendant will be liable if it “continues to supply its product to one

whom it knows or has reason to know is engaging in trademark infringement” (emphasis

added)—supports the district court’s interpretation of Inwood, not Tiffany’s.

We find helpful the Supreme Court’s discussion of Inwood in a subsequent copyright case,

Sony Corp. of America v. Universal City Studios, Inc., 464 U.S. 417 (1984). There,

defendant Sony manufactured and sold home video tape recorders. Plaintiffs Universal

Studios and Walt Disney Productions held copyrights on various television programs that

individual television-viewers had taped using the defendant’s recorders. The plaintiffs

contended that this use of the recorders constituted copyright infringement for which the

defendants should be held contributorily liable. In ruling for the defendants, the Court

discussed Inwood and the differences between contributory liability in trademark versus

copyright law.

If Inwood’s narrow standard for contributory trademark infringement

governed here, [the plaintiffs’] claim of contributory infringement would

merit little discussion. Sony certainly does not ‘intentionally induce[]’ its

customers to make infringing uses of [the plaintiffs’] copyrights, nor does it

supply its products to identified individuals known by it to be engaging in

continuing infringement of [the plaintiffs’] copyrights.

(emphases added).

Thus, the Court suggested, had the Inwood standard applied in Sony, the fact that Sony

might have known that some portion of the purchasers of its product used it to violate the

copyrights of others would not have provided a sufficient basis for contributory liability.

Inwood’s “narrow standard” would have required knowledge by Sony of “identified

246.

individuals” engaging in infringing conduct. Tiffany’s reading of Inwood is therefore

contrary to the interpretation of that case set forth in Sony.

Although the Supreme Court’s observations in Sony, a copyright case, about the “knows or

has reason to know” prong of the contributory trademark infringement test set forth in

Inwood were dicta, they constitute the only discussion of that prong by the Supreme Court

of which we are aware. We think them to be persuasive authority here.

Applying Sony’s interpretation of Inwood, we agree with the district court that “Tiffany’s

general allegations of counterfeiting failed to provide eBay with the knowledge required

under Inwood.” Tiffany’s demand letters and Buying Programs did not identify particular

sellers who Tiffany thought were then offering or would offer counterfeit goods.13 And

although the NOCIs and buyer complaints gave eBay reason to know that certain sellers

had been selling counterfeits, those sellers’ listings were removed and repeat offenders were

suspended from the eBay site. Thus Tiffany failed to demonstrate that eBay was supplying

its service to individuals who it knew or had reason to know were selling counterfeit Tiffany

goods.

Accordingly, we affirm the judgment of the district court insofar as it holds that eBay is not

contributorially liable for trademark infringement.

3. Willful Blindness.

Tiffany and its amici express their concern that if eBay is not held liable except when

specific counterfeit listings are brought to its attention, eBay will have no incentive to root

out such listings from its website. They argue that this will effectively require Tiffany and

similarly situated retailers to police eBay’s website—and many others like it—“24 hours a

day, and 365 days a year.” They urge that this is a burden that most mark holders cannot

afford to bear.

First, and most obviously, we are interpreting the law and applying it to the facts of this

case. We could not, even if we thought it wise, revise the existing law in order to better

serve one party’s interests at the expense of the other’s.

But we are also disposed to think, and the record suggests, that private market forces give

eBay and those operating similar businesses a strong incentive to minimize the counterfeit

goods sold on their websites. eBay received many complaints from users claiming to have

been duped into buying counterfeit Tiffany products sold on eBay. The risk of alienating

these users gives eBay a reason to identify and remove counterfeit listings.14 Indeed, it has

spent millions of dollars in that effort.

Moreover, we agree with the district court that if eBay had reason to suspect that

counterfeit Tiffany goods were being sold through its website, and intentionally shielded

13 The demand letters did say that eBay should presume that sellers offering five or more Tiffany goods were

selling counterfeits, but we agree with the district court that this presumption was factually unfounded. 14 At the same time, we appreciate the argument that insofar as eBay receives revenue from undetected

counterfeit listings and sales through the fees it charges, it has an incentive to permit such listings and sales to

continue.

247.

itself from discovering the offending listings or the identity of the sellers behind them, eBay

might very well have been charged with knowledge of those sales sufficient to satisfy

Inwood’s “knows or has reason to know” prong. A service provider is not, we think,

permitted willful blindness. When it has reason to suspect that users of its service are

infringing a protected mark, it may not shield itself from learning of the particular

infringing transactions by looking the other way.15 In the words of the Seventh Circuit,

“willful blindness is equivalent to actual knowledge for purposes of the Lanham Act.”

eBay appears to concede that it knew as a general matter that counterfeit Tiffany products

were listed and sold through its website. Without more, however, this knowledge is

insufficient to trigger liability under Inwood. The district court found, after careful

consideration, that eBay was not willfully blind to the counterfeit sales. That finding is not

clearly erroneous.17 eBay did not ignore the information it was given about counterfeit sales

on its website.

III. Trademark Dilution…

The district court rejected Tiffany’s dilution by blurring claim on the ground that “eBay

never used the TIFFANY Marks in an effort to create an association with its own product,

but instead, used the marks directly to advertise and identify the availability of authentic

Tiffany merchandise on the eBay website.” The court concluded that “just as the dilution by

blurring claim fails because eBay has never used the [Tiffany] Marks to refer to eBay’s own

product, the dilution by tarnishment claim also fails.”

We agree. There is no second mark or product at issue here to blur with or to tarnish

“Tiffany.”

Tiffany argues that counterfeiting dilutes the value of its product. Perhaps. But insofar as

eBay did not itself sell the goods at issue, it did not itself engage in dilution….

IV. False Advertising

Finally, Tiffany claims that eBay engaged in false advertising in violation of federal law.

15 To be clear, a service provider is not contributorially liable under Inwood merely for failing to anticipate that

others would use its service to infringe a protected mark. But contributory liability may arise where a defendant

is (as was eBay here) made aware that there was infringement on its site but (unlike eBay here) ignored that

fact. 17 Tiffany’s reliance on the “flea market” cases, Hard Rock Café and Fonovisa, is unavailing. eBay’s efforts to

combat counterfeiting far exceeded the efforts made by the defendants in those cases. See Hard Rock Café, 955

F.2d at 1146 (defendant did not investigate any of the seizures of counterfeit products at its swap meet, even

though it knew they had occurred); Fonovisa, 76 F.3d at 265 (concluding that plaintiff stated a claim for

contributory trademark infringement based on allegation that swap meet “disregard[ed] its vendors’ blatant

trademark infringements with impunity”). Moreover, neither case concluded that the defendant was willfully

blind. The court in Hard Rock Café remanded so that the district court could apply the correct definition of

“willful blindness,” and the court in Fonovisa merely sustained the plaintiff’s complaint against a motion to

dismiss.

248.

A. Principles

Section 43(a) of the Lanham Act prohibits any person from, “in commercial advertising or

promotion, misrepresent[ing] the nature, characteristics, qualities, or geographic origin of

his or her or another person’s goods, services, or commercial activities.” A claim of false

advertising may be based on at least one of two theories: “that the challenged

advertisement is literally false, i.e., false on its face,” or “that the advertisement, while not

literally false, is nevertheless likely to mislead or confuse consumers.”

In either case, the “injuries redressed in false advertising cases are the result of public

deception.” And “[u]nder either theory, the plaintiff must also demonstrate that the false or

misleading representation involved an inherent or material quality of the product.”

Where an advertising claim is literally false, “the court may enjoin the use of the claim

without reference to the advertisement’s impact on the buying public.” To succeed in a

likelihood-of-confusion case where the statement at issue is not literally false, however, a

plaintiff “must demonstrate, by extrinsic evidence, that the challenged commercials tend to

mislead or confuse consumers,” and must “demonstrate that a statistically significant part

of the commercial audience holds the false belief allegedly communicated by the challenged

advertisement.”

B. Discussion

eBay advertised the sale of Tiffany goods on its website in various ways. Among other

things, eBay provided hyperlinks to “Tiffany,” “Tiffany & Co. under $150,” “Tiffany & Co.,”

“Tiffany Rings,” and “Tiffany & Co. under $50.” eBay also purchased advertising space on

search engines, in some instances providing a link to eBay’s site and exhorting the reader

to “Find tiffany items at low prices.” Yet the district court found, and eBay does not deny,

that “eBay certainly had generalized knowledge that Tiffany products sold on eBay were

often counterfeit.” Tiffany argues that because eBay advertised the sale of Tiffany goods on

its website, and because many of those goods were in fact counterfeit, eBay should be liable

for false advertising.

The district court rejected this argument. The court first concluded that the advertisements

at issue were not literally false “[b]ecause authentic Tiffany merchandise is sold on eBay’s

website,” even if counterfeit Tiffany products are sold there, too.

The court then considered whether the advertisements, though not literally false, were

nonetheless misleading. It concluded they were not for three reasons. First, the court found

that eBay’s use of Tiffany’s mark in its advertising was “protected, nominative fair use.”

Second, the court found that “Tiffany has not proven that eBay had specific knowledge as to

the illicit nature of individual listings,” implying that such knowledge would be necessary

to sustain a false advertising claim. Finally, the court reasoned that “to the extent that the

advertising was false, the falsity was the responsibility of third party sellers, not eBay.”

We agree with the district court that eBay’s advertisements were not literally false

inasmuch as genuine Tiffany merchandise was offered for sale through eBay’s website. But

we are unable to affirm on the record before us the district court’s further conclusion that

eBay’s advertisements were not “likely to mislead or confuse consumers.”

249.

As noted, to evaluate Tiffany’s claim that eBay’s advertisements misled consumers, a court

must determine whether extrinsic evidence indicates that the challenged advertisements

were misleading or confusing. The reasons the district court gave for rejecting Tiffany’s

claim do not seem to reflect this determination, though. The court’s first rationale was that

eBay’s advertisements were nominative fair use of Tiffany’s mark.

But, even if that is so, it does not follow that eBay did not use the mark in a misleading

advertisement. It may, after all, constitute fair use for Brand X Coffee to use the trademark

of its competitor, Brand Y Coffee, in an advertisement stating that “In a blind taste test, 9

out of 10 New Yorkers said they preferred Brand X Coffee to Brand Y Coffee.” But if 9 out of

10 New Yorkers in a statistically significant sample did not say they preferred X to Y, or if

they were paid to say that they did, then the advertisement would nonetheless be literally

false in the first example, or misleading in the second.

There is a similar difficulty with the district court’s reliance on the fact that eBay did not

know which particular listings on its website offered counterfeit Tiffany goods. That is

relevant, as we have said, to whether eBay committed contributory trademark

infringement. But it sheds little light on whether the advertisements were misleading

insofar as they implied the genuineness of Tiffany goods on eBay’s site.

Finally, the district court reasoned that if eBay’s advertisements were misleading, that was

only because the sellers of counterfeits made them so by offering inauthentic Tiffany goods.

Again, this consideration is relevant to Tiffany’s direct infringement claim, but less

relevant, if relevant at all, here. It is true that eBay did not itself sell counterfeit Tiffany

goods; only the fraudulent vendors did, and that is in part why we conclude that eBay did

not infringe Tiffany’s mark. But eBay did affirmatively advertise the goods sold through its

site as Tiffany merchandise. The law requires us to hold eBay accountable for the words

that it chose insofar as they misled or confused consumers.

eBay and its amici warn of the deterrent effect that will grip online advertisers who are

unable to confirm the authenticity of all of the goods they advertise for sale. We rather

doubt that the consequences will be so dire. An online advertiser such as eBay need not

cease its advertisements for a kind of goods only because it knows that not all of those

goods are authentic. A disclaimer might suffice. But the law prohibits an advertisement

that implies that all of the goods offered on a defendant’s website are genuine when in fact,

as here, a sizeable proportion of them are not.

Rather than vacate the judgment of the district court as to Tiffany’s false advertising claim,

we think it prudent to remand the cause so that the district court, with its greater

familiarity with the evidence, can reconsider the claim in light of what we have said. The

case is therefore remanded…for further proceedings for the limited purpose of the district

court’s re-examination of the false advertising claim in accordance with this opinion….

NOTES AND QUESTIONS

Tre Milano, LLC v. Amazon.com, Inc., 2012 WL 3594380 (Cal. App. Ct. 2012), upheld

Amazon’s anti-counterfeiting practices for its marketplace sellers, even though Amazon’s

procedures were arguably less stringent than eBay’s, and even though Amazon rejected

250.

some takedown demands sent by the trademark owner (when the trademark owner hadn’t

done a “test buy” to determine if the item was, in fact, counterfeit).

For an example of how the Tiffany opinion helped protect a domain name registrar from

secondary trademark infringement, see Academy of Motion Picture Arts and Sciences v.

GoDaddy.com, Inc., 2015 WL 5311085 (C.D. Cal. 2015).

Some courts have held that online marketplace operators do not make a “sale” that would

trigger strict liability under IP law because the vendors, not the operators, transfer title to

the goods to buyers. Milo & Gabby LLC v. Amazon.com, Inc., 693 Fed. Appx. 879 (Fed. Cir.

2017) (copyright); The Ohio State University v. Redbubble, Inc., 369 F. Supp. 3d 840 (S.D.

Ohio 2019) (trademark); Blazer v. eBay, Inc., 2017 WL 1047572 (N.D. Ala. 2017) (utility

patents). In the latter case, the court blessed eBay’s practice of removing allegedly patent-

infringing items only in response to court orders.

In contrast to the favorable legal conditions for online marketplaces, trademark law is less

hospitable to print-on-demand services that manufacture physical items based on user-

uploaded designs. See, e.g., H-D USA, LLC v. SunFrog LLC, 311 F. Supp. 3d 1000 (E.D.

Wis. 2018) (holding print-on-demand service SunFrog liable for trademark counterfeiting

and issuing $19.2M in damages plus a strong permanent injunction).

In addition, as discussed in the notes after the Zeran Section 230 opinion, some courts are

questioning if the definition of “seller” is limited to those who transfer title. See, e.g.,

Oberdorf v. Amazon.com, Inc., 930 F.3d 136 (3d Cir. 2019) (an en banc review is now

pending with the Third Circuit).

251.

VII. Pornography

Pornography Glossary

Obscenity is: “(a) whether the average person, applying contemporary community

standards, would find that the work, taken as a whole, appeals to the prurient interest; (b)

whether the work depicts or describes, in a patently offensive way, sexual conduct

specifically defined by the applicable state law; and (c) whether the work, taken as a whole,

lacks serious literary, artistic, political or scientific value.” [Miller v. California, 413 U.S. 15

(1973)]

Indecency is: “language that describes, in terms patently offensive as measured by

contemporary community standards for the broadcast medium, sexual or excretory

activities and organs, at times of the day when there is a reasonable risk that children may

be in the audience.” [FCC definition, quoted in Federal Communications Commission v.

Pacifica Foundation, 438 U.S. 726 (1978)]

Compare the Communications Decency Act (CDA): “any comment, request,

suggestion, proposal, image or other communication that, in context, depicts or

describes, in terms patently offensive as measured by contemporary community

standards, sexual or excretory activities or organs.”

Harmful to minor material is: “(a) patently offensive to prevailing standards in the adult

community as a whole with respect to what is suitable for minors; (b) appeals to the

prurient interests of minors; and (c) is utterly without redeeming social importance for

minors.” [Ginsberg v. New York, 390 U.S. 629 (1968)]

Compare the Child Online Protection Act (COPA): “any communication, picture,

image, graphic image file, article, recording, writing, or other matter of any kind

that is obscene or that (A) the average person, applying contemporary community

standards, would find, taking the material as a whole and with respect to minors, is

designed to appeal to, or is designed to pander to, the prurient interest; (B) depicts,

describes, or represents, in a manner patently offensive with respect to minors, an

actual or simulated sexual act or sexual contact, an actual or simulated normal or

perverted sexual act, or a lewd exhibition of the genitals or post-pubescent female

breast; and (C) taken as a whole, lacks serious literary, artistic, political, or scientific

value for minors.”

Child pornography is: “works that visually depict sexual conduct by children below a

specified age, where the category of “sexual conduct” proscribed is suitably limited and

described.” [New York v. Ferber, 458 U.S. 747 (1982)] In the New York statute’s case,

“sexual conduct” was defined as “actual or simulated sexual intercourse, deviate sexual

intercourse, sexual bestiality, masturbation, sado-masochistic abuse, or lewd exhibition of

the genitals.”

Pornography is: ?????

252.

As you read the next two opinions, think about our three branches of government. Do the

cases illustrate a healthy dialogue between the legislative and judicial branches? Or do they

reinforce the stereotypes that legislative bodies sometimes act irrationally, and level-

headed judges must be the voice of reason in curbing legislative excesses?

The next opinion is the Supreme Court’s first-ever Internet law ruling, and it remains a

flagship ruling applying the First Amendment to the Internet. Do you think the current

Supreme Court would reach the same conclusion?

Reno v. American Civil Liberties Union, 521 U.S. 844 (1997).

Stevens, Justice.

At issue is the constitutionality of two statutory provisions enacted to protect minors from

“indecent” and “patently offensive” communications on the Internet. Notwithstanding the

legitimacy and importance of the congressional goal of protecting children from harmful

materials, we agree with the three-judge District Court that the statute abridges “the

freedom of speech” protected by the First Amendment….

II

The Telecommunications Act of 1996 was an unusually important legislative enactment. As

stated on the first of its 103 pages, its primary purpose was to reduce regulation and

encourage “the rapid deployment of new telecommunications technologies.” The major

components of the statute have nothing to do with the Internet; they were designed to

promote competition in the local telephone service market, the multichannel video market,

and the market for over-the-air broadcasting. The Act includes seven Titles, six of which

are the product of extensive committee hearings and the subject of discussion in Reports

prepared by Committees of the Senate and the House of Representatives. By contrast, Title

V—known as the “Communications Decency Act of 1996” (CDA)—contains provisions that

were either added in executive committee after the hearings were concluded or as

amendments offered during floor debate on the legislation. An amendment offered in the

Senate was the source of the two statutory provisions challenged in this case. They are

informally described as the “indecent transmission” provision and the “patently offensive

display” provision.

The first, 47 U.S.C. § 223(a) (1994 ed., Supp. II), prohibits the knowing transmission of

obscene or indecent messages to any recipient under 18 years of age. It provides in

pertinent part:

“(a) Whoever-

“(1) in interstate or foreign communications-

. . . . .

“(B) by means of a telecommunications device knowingly-

“(i) makes, creates, or solicits, and

“(ii) initiates the transmission of,

“any comment, request, suggestion, proposal, image, or other communication

which is obscene or indecent, knowing that the recipient of the

communication is under 18 years of age, regardless of whether the maker of

such communication placed the call or initiated the communication;

253.

. . . . .

“(2) knowingly permits any telecommunications facility under his control to

be used for any activity prohibited by paragraph (1) with the intent that it be

used for such activity,

“shall be fined under Title 18, or imprisoned not more than two years, or

both.”

The second provision, § 223(d), prohibits the knowing sending or displaying of patently

offensive messages in a manner that is available to a person under 18 years of age. It

provides:

“(d) Whoever-

“(1) in interstate or foreign communications knowingly-

“(A) uses an interactive computer service to send to a specific person or

persons under 18 years of age, or

“(B) uses any interactive computer service to display in a manner available to

a person under 18 years of age,

“any comment, request, suggestion, proposal, image, or other communication

that, in context, depicts or describes, in terms patently offensive as measured

by contemporary community standards, sexual or excretory activities or

organs, regardless of whether the user of such service placed the call or

initiated the communication; or

“(2) knowingly permits any telecommunications facility under such person’s

control to be used for an activity prohibited by paragraph (1) with the intent

that it be used for such activity,

“shall be fined under Title 18, or imprisoned not more than two years, or

both.”

The breadth of these prohibitions is qualified by two affirmative defenses. One covers those

who take “good faith, reasonable, effective, and appropriate actions” to restrict access by

minors to the prohibited communications. § 223(e)(5)(A). The other covers those who

restrict access to covered material by requiring certain designated forms of age proof, such

as a verified credit card or an adult identification number or code. § 223(e)(5)(B)….

IV

In arguing for reversal, the Government contends that the CDA is plainly constitutional

under three of our prior decisions: (1) Ginsberg v. New York, 390 U.S. 629 (1968); (2) FCC v.

Pacifica Foundation, 438 U.S. 726, (1978); and (3) Renton v. Playtime Theatres, Inc., 475

U.S. 41 (1986). A close look at these cases, however, raises—rather than relieves—doubts

concerning the constitutionality of the CDA.

In Ginsberg, we upheld the constitutionality of a New York statute that prohibited selling

to minors under 17 years of age material that was considered obscene as to them even if not

obscene as to adults. We rejected the defendant’s broad submission that “the scope of the

constitutional freedom of expression secured to a citizen to read or see material concerned

with sex cannot be made to depend on whether the citizen is an adult or a minor.” In

rejecting that contention, we relied not only on the State’s independent interest in the well-

being of its youth, but also on our consistent recognition of the principle that “the parents’

254.

claim to authority in their own household to direct the rearing of their children is basic in

the structure of our society.”

In four important respects, the statute upheld in Ginsberg was narrower than the CDA.

First, we noted in Ginsberg that “the prohibition against sales to minors does not bar

parents who so desire from purchasing the magazines for their children.” Under the CDA,

by contrast, neither the parents’ consent—nor even their participation—in the

communication would avoid the application of the statute. Second, the New York statute

applied only to commercial transactions, whereas the CDA contains no such limitation.

Third, the New York statute cabined its definition of material that is harmful to minors

with the requirement that it be “utterly without redeeming social importance for minors.”

The CDA fails to provide us with any definition of the term “indecent” as used in § 223(a)(1)

and, importantly, omits any requirement that the “patently offensive” material covered by §

223(d) lack serious literary, artistic, political, or scientific value. Fourth, the New York

statute defined a minor as a person under the age of 17, whereas the CDA, in applying to

all those under 18 years, includes an additional year of those nearest majority.

In Pacifica, we upheld a declaratory order of the Federal Communications Commission,

holding that the broadcast of a recording of a 12-minute monologue entitled “Filthy Words”

that had previously been delivered to a live audience “could have been the subject of

administrative sanctions.” The Commission had found that the repetitive use of certain

words referring to excretory or sexual activities or organs “in an afternoon broadcast when

children are in the audience was patently offensive” and concluded that the monologue was

indecent “as broadcast.” The respondent did not quarrel with the finding that the afternoon

broadcast was patently offensive, but contended that it was not “indecent” within the

meaning of the relevant statutes because it contained no prurient appeal. After rejecting

respondent’s statutory arguments, we confronted its two constitutional arguments: (1) that

the Commission’s construction of its authority to ban indecent speech was so broad that its

order had to be set aside even if the broadcast at issue was unprotected; and (2) that since

the recording was not obscene, the First Amendment forbade any abridgment of the right to

broadcast it on the radio.

In the portion of the lead opinion not joined by Justices Powell and Blackmun, the plurality

stated that the First Amendment does not prohibit all governmental regulation that

depends on the content of speech. Accordingly, the availability of constitutional protection

for a vulgar and offensive monologue that was not obscene depended on the context of the

broadcast. Relying on the premise that “of all forms of communication” broadcasting had

received the most limited First Amendment protection, the Court concluded that the ease

with which children may obtain access to broadcasts, “coupled with the concerns recognized

in Ginsberg,” justified special treatment of indecent broadcasting.

As with the New York statute at issue in Ginsberg, there are significant differences

between the order upheld in Pacifica and the CDA. First, the order in Pacifica, issued by an

agency that had been regulating radio stations for decades, targeted a specific broadcast

that represented a rather dramatic departure from traditional program content in order to

designate when—rather than whether—it would be permissible to air such a program in

that particular medium. The CDA’s broad categorical prohibitions are not limited to

particular times and are not dependent on any evaluation by an agency familiar with the

unique characteristics of the Internet. Second, unlike the CDA, the Commission’s

255.

declaratory order was not punitive; we expressly refused to decide whether the indecent

broadcast “would justify a criminal prosecution.” Finally, the Commission’s order applied to

a medium which as a matter of history had “received the most limited First Amendment

protection,” in large part because warnings could not adequately protect the listener from

unexpected program content. The Internet, however, has no comparable history. Moreover,

the District Court found that the risk of encountering indecent material by accident is

remote because a series of affirmative steps is required to access specific material.

In Renton, we upheld a zoning ordinance that kept adult movie theaters out of residential

neighborhoods. The ordinance was aimed, not at the content of the films shown in the

theaters, but rather at the “secondary effects”—such as crime and deteriorating property

values—that these theaters fostered: “‘It is th[e] secondary effect which these zoning

ordinances attempt to avoid, not the dissemination of “offensive” speech.’” According to the

Government, the CDA is constitutional because it constitutes a sort of “cyberzoning” on the

Internet. But the CDA applies broadly to the entire universe of cyberspace. And the

purpose of the CDA is to protect children from the primary effects of “indecent” and

“patently offensive” speech, rather than any “secondary” effect of such speech. Thus, the

CDA is a content-based blanket restriction on speech, and, as such, cannot be “properly

analyzed as a form of time, place, and manner regulation.”

These precedents, then, surely do not require us to uphold the CDA and are fully consistent

with the application of the most stringent review of its provisions.

V

In Southeastern Promotions, Ltd. v. Conrad, 420 U.S. 546, 557 (1975), we observed that

“[e]ach medium of expression ... may present its own problems.” Thus, some of our cases

have recognized special justifications for regulation of the broadcast media that are not

applicable to other speakers. In these cases, the Court relied on the history of extensive

Government regulation of the broadcast medium; the scarcity of available frequencies at its

inception; and its “invasive” nature.

Those factors are not present in cyberspace. Neither before nor after the enactment of the

CDA have the vast democratic forums of the Internet been subject to the type of

government supervision and regulation that has attended the broadcast industry.

Moreover, the Internet is not as “invasive” as radio or television. The District Court

specifically found that “[c]ommunications over the Internet do not ‘invade’ an individual’s

home or appear on one’s computer screen unbidden. Users seldom encounter content ‘by

accident.’” It also found that “[a]lmost all sexually explicit images are preceded by warnings

as to the content,” and cited testimony that “‘odds are slim’ that a user would come across a

sexually explicit sight by accident.”

We distinguished Pacifica in Sable, 492 U.S., at 128, on just this basis. In Sable, a company

engaged in the business of offering sexually oriented prerecorded telephone messages

(popularly known as “dial-a-porn”) challenged the constitutionality of an amendment to the

Communications Act of 1934 that imposed a blanket prohibition on indecent as well as

obscene interstate commercial telephone messages. We held that the statute was

constitutional insofar as it applied to obscene messages but invalid as applied to indecent

messages. In attempting to justify the complete ban and criminalization of indecent

256.

commercial telephone messages, the Government relied on Pacifica, arguing that the ban

was necessary to prevent children from gaining access to such messages. We agreed that

“there is a compelling interest in protecting the physical and psychological well-being of

minors” which extended to shielding them from indecent messages that are not obscene by

adult standards, but distinguished our “emphatically narrow holding” in Pacifica because it

did not involve a complete ban and because it involved a different medium of

communication. We explained that “the dial-it medium requires the listener to take

affirmative steps to receive the communication.” “Placing a telephone call,” we continued,

“is not the same as turning on a radio and being taken by surprise by an indecent message.”

Finally, unlike the conditions that prevailed when Congress first authorized regulation of

the broadcast spectrum, the Internet can hardly be considered a “scarce” expressive

commodity. It provides relatively unlimited, low-cost capacity for communication of all

kinds. The Government estimates that “[a]s many as 40 million people use the Internet

today, and that figure is expected to grow to 200 million by 1999.” This dynamic,

multifaceted category of communication includes not only traditional print and news

services, but also audio, video, and still images, as well as interactive, real-time dialogue.

Through the use of chat rooms, any person with a phone line can become a town crier with

a voice that resonates farther than it could from any soapbox. Through the use of Web

pages, mail exploders, and newsgroups, the same individual can become a pamphleteer. As

the District Court found, “the content on the Internet is as diverse as human thought.” We

agree with its conclusion that our cases provide no basis for qualifying the level of First

Amendment scrutiny that should be applied to this medium.

VI

Regardless of whether the CDA is so vague that it violates the Fifth Amendment, the many

ambiguities concerning the scope of its coverage render it problematic for purposes of the

First Amendment. For instance, each of the two parts of the CDA uses a different linguistic

form. The first uses the word “indecent,” while the second speaks of material that “in

context, depicts or describes, in terms patently offensive as measured by contemporary

community standards, sexual or excretory activities or organs.” Given the absence of a

definition of either term, this difference in language will provoke uncertainty among

speakers about how the two standards relate to each other and just what they mean. Could

a speaker confidently assume that a serious discussion about birth control practices,

homosexuality, the First Amendment issues raised by the Appendix to our Pacifica opinion,

or the consequences of prison rape would not violate the CDA? This uncertainty

undermines the likelihood that the CDA has been carefully tailored to the congressional

goal of protecting minors from potentially harmful materials.

The vagueness of the CDA is a matter of special concern for two reasons. First, the CDA is a

content-based regulation of speech. The vagueness of such a regulation raises special First

Amendment concerns because of its obvious chilling effect on free speech. Second, the CDA

is a criminal statute. In addition to the opprobrium and stigma of a criminal conviction, the

CDA threatens violators with penalties including up to two years in prison for each act of

violation. The severity of criminal sanctions may well cause speakers to remain silent

rather than communicate even arguably unlawful words, ideas, and images. As a practical

matter, this increased deterrent effect, coupled with the “risk of discriminatory

enforcement” of vague regulations, poses greater First Amendment concerns than those

257.

implicated by the civil regulation reviewed in Denver Area Ed. Telecommunications

Consortium, Inc. v. FCC, 518 U.S. 727 (1996).

The Government argues that the statute is no more vague than the obscenity standard this

Court established in Miller v. California, 413 U.S. 15 (1973). But that is not so. In Miller,

this Court reviewed a criminal conviction against a commercial vendor who mailed

brochures containing pictures of sexually explicit activities to individuals who had not

requested such materials. Having struggled for some time to establish a definition of

obscenity, we set forth in Miller the test for obscenity that controls to this day:

“(a) whether the average person, applying contemporary community

standards would find that the work, taken as a whole, appeals to the prurient

interest; (b) whether the work depicts or describes, in a patently offensive

way, sexual conduct specifically defined by the applicable state law; and (c)

whether the work, taken as a whole, lacks serious literary, artistic, political,

or scientific value.”

Because the CDA’s “patently offensive” standard (and, we assume, arguendo, its

synonymous “indecent” standard) is one part of the three-prong Miller test, the Government

reasons, it cannot be unconstitutionally vague.

The Government’s assertion is incorrect as a matter of fact. The second prong of the Miller

test—the purportedly analogous standard—contains a critical requirement that is omitted

from the CDA: that the proscribed material be “specifically defined by the applicable state

law.” This requirement reduces the vagueness inherent in the open-ended term “patently

offensive” as used in the CDA. Moreover, the Miller definition is limited to “sexual conduct,”

whereas the CDA extends also to include (1) “excretory activities” as well as (2) “organs” of

both a sexual and excretory nature.

The Government’s reasoning is also flawed. Just because a definition including three

limitations is not vague, it does not follow that one of those limitations, standing by itself, is

not vague. Each of Miller’s additional two prongs—(1) that, taken as a whole, the material

appeal to the “prurient” interest, and (2) that it “lac[k] serious literary, artistic, political, or

scientific value”—critically limits the uncertain sweep of the obscenity definition. The

second requirement is particularly important because, unlike the “patently offensive” and

“prurient interest” criteria, it is not judged by contemporary community standards. This

“societal value” requirement, absent in the CDA, allows appellate courts to impose some

limitations and regularity on the definition by setting, as a matter of law, a national floor

for socially redeeming value. The Government’s contention that courts will be able to give

such legal limitations to the CDA’s standards is belied by Miller’s own rationale for having

juries determine whether material is “patently offensive” according to community

standards: that such questions are essentially ones of fact.

In contrast to Miller and our other previous cases, the CDA thus presents a greater threat

of censoring speech that, in fact, falls outside the statute’s scope. Given the vague contours

of the coverage of the statute, it unquestionably silences some speakers whose messages

would be entitled to constitutional protection. That danger provides further reason for

insisting that the statute not be overly broad. The CDA’s burden on protected speech cannot

be justified if it could be avoided by a more carefully drafted statute.

258.

VII

We are persuaded that the CDA lacks the precision that the First Amendment requires

when a statute regulates the content of speech. In order to deny minors access to

potentially harmful speech, the CDA effectively suppresses a large amount of speech that

adults have a constitutional right to receive and to address to one another. That burden on

adult speech is unacceptable if less restrictive alternatives would be at least as effective in

achieving the legitimate purpose that the statute was enacted to serve.

In evaluating the free speech rights of adults, we have made it perfectly clear that “[s]exual

expression which is indecent but not obscene is protected by the First Amendment.” Indeed,

Pacifica itself admonished that “the fact that society may find speech offensive is not a

sufficient reason for suppressing it.”

It is true that we have repeatedly recognized the governmental interest in protecting

children from harmful materials. But that interest does not justify an unnecessarily broad

suppression of speech addressed to adults. As we have explained, the Government may not

“reduc[e] the adult population ... to ... only what is fit for children.” “[R]egardless of the

strength of the government’s interest” in protecting children, “[t]he level of discourse

reaching a mailbox simply cannot be limited to that which would be suitable for a sandbox.”

The District Court was correct to conclude that the CDA effectively resembles the ban on

“dial-a-porn” invalidated in Sable. In Sable, this Court rejected the argument that we

should defer to the congressional judgment that nothing less than a total ban would be

effective in preventing enterprising youngsters from gaining access to indecent

communications. Sable thus made clear that the mere fact that a statutory regulation of

speech was enacted for the important purpose of protecting children from exposure to

sexually explicit material does not foreclose inquiry into its validity. As we pointed out last

Term, that inquiry embodies an “overarching commitment” to make sure that Congress has

designed its statute to accomplish its purpose “without imposing an unnecessarily great

restriction on speech.”

In arguing that the CDA does not so diminish adult communication, the Government relies

on the incorrect factual premise that prohibiting a transmission whenever it is known that

one of its recipients is a minor would not interfere with adult-to-adult communication. The

findings of the District Court make clear that this premise is untenable. Given the size of

the potential audience for most messages, in the absence of a viable age verification

process, the sender must be charged with knowing that one or more minors will likely view

it. Knowledge that, for instance, one or more members of a 100-person chat group will be a

minor—and therefore that it would be a crime to send the group an indecent message—

would surely burden communication among adults.

The District Court found that at the time of trial existing technology did not include any

effective method for a sender to prevent minors from obtaining access to its communications

on the Internet without also denying access to adults. The Court found no effective way to

determine the age of a user who is accessing material through e-mail, mail exploders,

newsgroups, or chat rooms. As a practical matter, the Court also found that it would be

prohibitively expensive for noncommercial—as well as some commercial—speakers who

259.

have Web sites to verify that their users are adults. These limitations must inevitably

curtail a significant amount of adult communication on the Internet. By contrast, the

District Court found that “[d]espite its limitations, currently available user-based software

suggests that a reasonably effective method by which parents can prevent their children

from accessing sexually explicit and other material which parents may believe is

inappropriate for their children will soon be widely available.” (emphases added).

The breadth of the CDA’s coverage is wholly unprecedented. Unlike the regulations upheld

in Ginsberg and Pacifica, the scope of the CDA is not limited to commercial speech or

commercial entities. Its open-ended prohibitions embrace all nonprofit entities and

individuals posting indecent messages or displaying them on their own computers in the

presence of minors. The general, undefined terms “indecent” and “patently offensive” cover

large amounts of nonpornographic material with serious educational or other value.

Moreover, the “community standards” criterion as applied to the Internet means that any

communication available to a nation wide audience will be judged by the standards of the

community most likely to be offended by the message. The regulated subject matter

includes any of the seven “dirty words” used in the Pacifica monologue, the use of which the

Government’s expert acknowledged could constitute a felony. It may also extend to

discussions about prison rape or safe sexual practices, artistic images that include nude

subjects, and arguably the card catalog of the Carnegie Library.

For the purposes of our decision, we need neither accept nor reject the Government’s

submission that the First Amendment does not forbid a blanket prohibition on all

“indecent” and “patently offensive” messages communicated to a 17-year-old—no matter

how much value the message may contain and regardless of parental approval. It is at least

clear that the strength of the Government’s interest in protecting minors is not equally

strong throughout the coverage of this broad statute. Under the CDA, a parent allowing her

17-year-old to use the family computer to obtain information on the Internet that she, in

her parental judgment, deems appropriate could face a lengthy prison term. Similarly, a

parent who sent his 17-year-old college freshman information on birth control via e-mail

could be incarcerated even though neither he, his child, nor anyone in their home

community found the material “indecent” or “patently offensive,” if the college town’s

community thought otherwise.

The breadth of this content-based restriction of speech imposes an especially heavy burden

on the Government to explain why a less restrictive provision would not be as effective as

the CDA. It has not done so. The arguments in this Court have referred to possible

alternatives such as requiring that indecent material be “tagged” in a way that facilitates

parental control of material coming into their homes, making exceptions for messages with

artistic or educational value, providing some tolerance for parental choice, and regulating

some portions of the Internet—such as commercial Web sites—differently from others, such

as chat rooms. Particularly in the light of the absence of any detailed findings by the

Congress, or even hearings addressing the special problems of the CDA, we are persuaded

that the CDA is not narrowly tailored if that requirement has any meaning at all.

VIII

In an attempt to curtail the CDA’s facial overbreadth, the Government advances three

additional arguments for sustaining the Act’s affirmative prohibitions: (1) that the CDA is

260.

constitutional because it leaves open ample “alternative channels” of communication; (2)

that the plain meaning of the CDA’s “knowledge” and “specific person” requirement

significantly restricts its permissible applications; and (3) that the CDA’s prohibitions are

“almost always” limited to material lacking redeeming social value.

The Government first contends that, even though the CDA effectively censors discourse on

many of the Internet’s modalities—such as chat groups, newsgroups, and mail exploders—

it is nonetheless constitutional because it provides a “reasonable opportunity” for speakers

to engage in the restricted speech on the World Wide Web. This argument is unpersuasive

because the CDA regulates speech on the basis of its content. A “time, place, and manner”

analysis is therefore inapplicable. It is thus immaterial whether such speech would be

feasible on the Web (which, as the Government’s own expert acknowledged, would cost up

to $10,000 if the speaker’s interests were not accommodated by an existing Web site, not

including costs for data base management and age verification). The Government’s position

is equivalent to arguing that a statute could ban leaflets on certain subjects as long as

individuals are free to publish books. In invalidating a number of laws that banned

leafletting on the streets regardless of their content, we explained that “one is not to have

the exercise of his liberty of expression in appropriate places abridged on the plea that it

may be exercised in some other place.”

The Government also asserts that the “knowledge” requirement of both §§ 223(a) and (d),

especially when coupled with the “specific child” element found in § 223(d), saves the CDA

from overbreadth. Because both sections prohibit the dissemination of indecent messages

only to persons known to be under 18, the Government argues, it does not require

transmitters to “refrain from communicating indecent material to adults; they need only

refrain from disseminating such materials to persons they know to be under 18.” This

argument ignores the fact that most Internet forums—including chat rooms, newsgroups,

mail exploders, and the Web—are open to all comers. The Government’s assertion that the

knowledge requirement somehow protects the communications of adults is therefore

untenable. Even the strongest reading of the “specific person” requirement of § 223(d)

cannot save the statute. It would confer broad powers of censorship, in the form of a

“heckler’s veto,” upon any opponent of indecent speech who might simply log on and inform

the would-be discoursers that his 17-year-old child—a “specific person ... under 18 years of

age”—would be present.

Finally, we find no textual support for the Government’s submission that material having

scientific, educational, or other redeeming social value will necessarily fall outside the

CDA’s “patently offensive” and “indecent” prohibitions.

IX

The Government’s three remaining arguments focus on the defenses provided in § 223(e)(5).

First, relying on the “good faith, reasonable, effective, and appropriate actions” provision,

the Government suggests that “tagging” provides a defense that saves the constitutionality

of the CDA. The suggestion assumes that transmitters may encode their indecent

communications in a way that would indicate their contents, thus permitting recipients to

block their reception with appropriate software. It is the requirement that the good-faith

action must be “effective” that makes this defense illusory. The Government recognizes that

its proposed screening software does not currently exist. Even if it did, there is no way to

261.

know whether a potential recipient will actually block the encoded material. Without the

impossible knowledge that every guardian in America is screening for the “tag,” the

transmitter could not reasonably rely on its action to be “effective.”

For its second and third arguments concerning defenses—which we can consider together—

the Government relies on the latter half of § 223(e)(5), which applies when the transmitter

has restricted access by requiring use of a verified credit card or adult identification. Such

verification is not only technologically available but actually is used by commercial

providers of sexually explicit material. These providers, therefore, would be protected by

the defense. Under the findings of the District Court, however, it is not economically

feasible for most noncommercial speakers to employ such verification. Accordingly, this

defense would not significantly narrow the statute’s burden on noncommercial speech. Even

with respect to the commercial pornographers that would be protected by the defense, the

Government failed to adduce any evidence that these verification techniques actually

preclude minors from posing as adults. Given that the risk of criminal sanctions “hovers

over each content provider, like the proverbial sword of Damocles,” the District Court

correctly refused to rely on unproven future technology to save the statute. The

Government thus failed to prove that the proffered defense would significantly reduce the

heavy burden on adult speech produced by the prohibition on offensive displays.

We agree with the District Court’s conclusion that the CDA places an unacceptably heavy

burden on protected speech, and that the defenses do not constitute the sort of “narrow

tailoring” that will save an otherwise patently invalid unconstitutional provision. In Sable,

492 U.S., at 127, we remarked that the speech restriction at issue there amounted to

“‘burn[ing] the house to roast the pig.’” The CDA, casting a far darker shadow over free

speech, threatens to torch a large segment of the Internet community.

X

At oral argument, the Government relied heavily on its ultimate fall-back position: If this

Court should conclude that the CDA is insufficiently tailored, it urged, we should save the

statute’s constitutionality by honoring the severability clause, and construing nonseverable

terms narrowly. In only one respect is this argument acceptable.

A severability clause requires textual provisions that can be severed. We will follow § 608’s

guidance by leaving constitutional textual elements of the statute intact in the one place

where they are, in fact, severable. The “indecency” provision, applies to “any comment,

request, suggestion, proposal, image, or other communication which is obscene or indecent.”

(Emphasis added.) Appellees do not challenge the application of the statute to obscene

speech, which, they acknowledge, can be banned totally because it enjoys no First

Amendment protection. As set forth by the statute, the restriction of “obscene” material

enjoys a textual manifestation separate from that for “indecent” material, which we have

held unconstitutional. Therefore, we will sever the term “or indecent” from the statute,

leaving the rest of § 223(a) standing. In no other respect, however, can § 223(a) or § 223(d)

be saved by such a textual surgery….

262.

XI

In this Court, though not in the District Court, the Government asserts that—in addition to

its interest in protecting children—its “[e]qually significant” interest in fostering the

growth of the Internet provides an independent basis for upholding the constitutionality of

the CDA. The Government apparently assumes that the unregulated availability of

“indecent” and “patently offensive” material on the Internet is driving countless citizens

away from the medium because of the risk of exposing themselves or their children to

harmful material.

We find this argument singularly unpersuasive. The dramatic expansion of this new

marketplace of ideas contradicts the factual basis of this contention. The record

demonstrates that the growth of the Internet has been and continues to be phenomenal. As

a matter of constitutional tradition, in the absence of evidence to the contrary, we presume

that governmental regulation of the content of speech is more likely to interfere with the

free exchange of ideas than to encourage it. The interest in encouraging freedom of

expression in a democratic society outweighs any theoretical but unproven benefit of

censorship.

For the foregoing reasons, the judgment of the District Court is affirmed.

Justice O’CONNOR, with whom THE CHIEF JUSTICE joins, concurring in the judgment

in part and dissenting in part.

I write separately to explain why I view the Communications Decency Act of 1996 (CDA) as

little more than an attempt by Congress to create “adult zones” on the Internet. Our

precedent indicates that the creation of such zones can be constitutionally sound. Despite

the soundness of its purpose, however, portions of the CDA are unconstitutional because

they stray from the blueprint our prior cases have developed for constructing a “zoning law”

that passes constitutional muster.

Appellees bring a facial challenge to three provisions of the CDA. The first, which the Court

describes as the “indecency transmission” provision, makes it a crime to knowingly

transmit an obscene or indecent message or image to a person the sender knows is under 18

years old. What the Court classifies as a single “‘patently offensive display’” provision is in

reality two separate provisions. The first of these makes it a crime to knowingly send a

patently offensive message or image to a specific person under the age of 18 (“specific

person” provision). The second criminalizes the display of patently offensive messages or

images “in a[ny] manner available” to minors (“display” provision). None of these provisions

purports to keep indecent (or patently offensive) material away from adults, who have a

First Amendment right to obtain this speech. Thus, the undeniable purpose of the CDA is

to segregate indecent material on the Internet into certain areas that minors cannot access.

See S. Conf. Rep. No. 104-230, p. 189 (1996) (CDA imposes “access restrictions ... to protect

minors from exposure to indecent material”).

The creation of “adult zones” is by no means a novel concept. States have long denied

minors access to certain establishments frequented by adults. States have also denied

minors access to speech deemed to be “harmful to minors.” The Court has previously

sustained such zoning laws, but only if they respect the First Amendment rights of adults

263.

and minors. That is to say, a zoning law is valid if (i) it does not unduly restrict adult access

to the material; and (ii) minors have no First Amendment right to read or view the banned

material. As applied to the Internet as it exists in 1997, the “display” provision and some

applications of the “indecency transmission” and “specific person” provisions fail to adhere

to the first of these limiting principles by restricting adults’ access to protected materials in

certain circumstances. Unlike the Court, however, I would invalidate the provisions only in

those circumstances.

I

Our cases make clear that a “zoning” law is valid only if adults are still able to obtain the

regulated speech. If they cannot, the law does more than simply keep children away from

speech they have no right to obtain—it interferes with the rights of adults to obtain

constitutionally protected speech and effectively “reduce[s] the adult population ... to

reading only what is fit for children.” The First Amendment does not tolerate such

interference. If the law does not unduly restrict adults’ access to constitutionally protected

speech, however, it may be valid. In Ginsberg v. New York, 390 U.S. 629, 634 (1968), for

example, the Court sustained a New York law that barred store owners from selling

pornographic magazines to minors in part because adults could still buy those magazines.

The Court in Ginsberg concluded that the New York law created a constitutionally

adequate adult zone simply because, on its face, it denied access only to minors. The Court

did not question—and therefore necessarily assumed—that an adult zone, once created,

would succeed in preserving adults’ access while denying minors’ access to the regulated

speech. Before today, there was no reason to question this assumption, for the Court has

previously only considered laws that operated in the physical world, a world that with two

characteristics that make it possible to create “adult zones”: geography and identity. A

minor can see an adult dance show only if he enters an establishment that provides such

entertainment. And should he attempt to do so, the minor will not be able to conceal

completely his identity (or, consequently, his age). Thus, the twin characteristics of

geography and identity enable the establishment’s proprietor to prevent children from

entering the establishment, but to let adults inside.

The electronic world is fundamentally different. Because it is no more than the

interconnection of electronic pathways, cyberspace allows speakers and listeners to mask

their identities. Cyberspace undeniably reflects some form of geography; chat rooms and

Web sites, for example, exist at fixed “locations” on the Internet. Since users can transmit

and receive messages on the Internet without revealing anything about their identities or

ages, however, it is not currently possible to exclude persons from accessing certain

messages on the basis of their identity.

Cyberspace differs from the physical world in another basic way: Cyberspace is malleable.

Thus, it is possible to construct barriers in cyberspace and use them to screen for identity,

making cyberspace more like the physical world and, consequently, more amenable to

zoning laws. This transformation of cyberspace is already underway. Internet speakers

(users who post material on the Internet) have begun to zone cyberspace itself through the

use of “gateway” technology. Such technology requires Internet users to enter information

about themselves—perhaps an adult identification number or a credit card number—before

they can access certain areas of cyberspace, much like a bouncer checks a person’s driver’s

264.

license before admitting him to a nightclub. Internet users who access information have not

attempted to zone cyberspace itself, but have tried to limit their own power to access

information in cyberspace, much as a parent controls what her children watch on television

by installing a lock box. This user-based zoning is accomplished through the use of

screening software (such as Cyber Patrol or SurfWatch) or browsers with screening

capabilities, both of which search addresses and text for keywords that are associated with

“adult” sites and, if the user wishes, blocks access to such sites. The Platform for Internet

Content Selection project is designed to facilitate user-based zoning by encouraging

Internet speakers to rate the content of their speech using codes recognized by all screening

programs.

Despite this progress, the transformation of cyberspace is not complete. Although gateway

technology has been available on the World Wide Web for some time now, it is not available

to all Web speakers, and is just now becoming technologically feasible for chat rooms and

USENET newsgroups. Gateway technology is not ubiquitous in cyberspace, and because

without it “there is no means of age verification,” cyberspace still remains largely

unzoned—and unzoneable. User-based zoning is also in its infancy. For it to be effective, (i)

an agreed-upon code (or “tag”) would have to exist; (ii) screening software or browsers with

screening capabilities would have to be able to recognize the “tag”; and (iii) those programs

would have to be widely available—and widely used—by Internet users. At present, none of

these conditions is true. Screening software “is not in wide use today” and “only a handful

of browsers have screening capabilities.” There is, moreover, no agreed-upon “tag” for those

programs to recognize.

Although the prospects for the eventual zoning of the Internet appear promising, I agree

with the Court that we must evaluate the constitutionality of the CDA as it applies to the

Internet as it exists today. Given the present state of cyberspace, I agree with the Court

that the “display” provision cannot pass muster. Until gateway technology is available

throughout cyberspace, and it is not in 1997, a speaker cannot be reasonably assured that

the speech he displays will reach only adults because it is impossible to confine speech to an

“adult zone.” Thus, the only way for a speaker to avoid liability under the CDA is to refrain

completely from using indecent speech. But this forced silence impinges on the First

Amendment right of adults to make and obtain this speech and, for all intents and

purposes, “reduce[s] the adult population [on the Internet] to reading only what is fit for

children.” As a result, the “display” provision cannot withstand scrutiny.

The “indecency transmission” and “specific person” provisions present a closer issue, for

they are not unconstitutional in all of their applications. As discussed above, the “indecency

transmission” provision makes it a crime to transmit knowingly an indecent message to a

person the sender knows is under 18 years of age. The “specific person” provision proscribes

the same conduct, although it does not as explicitly require the sender to know that the

intended recipient of his indecent message is a minor. The Government urges the Court to

construe the provision to impose such a knowledge requirement, and I would do so.

So construed, both provisions are constitutional as applied to a conversation involving only

an adult and one or more minors—e.g., when an adult speaker sends an e-mail knowing the

addressee is a minor, or when an adult and minor converse by themselves or with other

minors in a chat room. In this context, these provisions are no different from the law we

sustained in Ginsberg. Restricting what the adult may say to the minors in no way restricts

265.

the adult’s ability to communicate with other adults. He is not prevented from speaking

indecently to other adults in a chat room (because there are no other adults participating in

the conversation) and he remains free to send indecent e-mails to other adults. The relevant

universe contains only one adult, and the adult in that universe has the power to refrain

from using indecent speech and consequently to keep all such speech within the room in an

“adult” zone.

The analogy to Ginsberg breaks down, however, when more than one adult is a party to the

conversation. If a minor enters a chat room otherwise occupied by adults, the CDA

effectively requires the adults in the room to stop using indecent speech. If they did not,

they could be prosecuted under the “indecency transmission” and “specific person”

provisions for any indecent statements they make to the group, since they would be

transmitting an indecent message to specific persons, one of whom is a minor. The CDA is

therefore akin to a law that makes it a crime for a bookstore owner to sell pornographic

magazines to anyone once a minor enters his store. Even assuming such a law might be

constitutional in the physical world as a reasonable alternative to excluding minors

completely from the store, the absence of any means of excluding minors from chat rooms in

cyberspace restricts the rights of adults to engage in indecent speech in those rooms. The

“indecency transmission” and “specific person” provisions share this defect.

But these two provisions do not infringe on adults’ speech in all situations. And as

discussed below, I do not find that the provisions are overbroad in the sense that they

restrict minors’ access to a substantial amount of speech that minors have the right to read

and view. Accordingly, the CDA can be applied constitutionally in some situations.

Normally, this fact would require the Court to reject a direct facial challenge. Appellees’

claim arises under the First Amendment, however, and they argue that the CDA is facially

invalid because it is “substantially overbroad”—that is, it “sweeps too broadly ... [and]

penaliz[es] a substantial amount of speech that is constitutionally protected.” I agree with

the Court that the provisions are overbroad in that they cover any and all communications

between adults and minors, regardless of how many adults might be part of the audience to

the communication.

This conclusion does not end the matter, however. Where, as here, “the parties challenging

the statute are those who desire to engage in protected speech that the overbroad statute

purports to punish, ... [t]he statute may forthwith be declared invalid to the extent that it

reaches too far, but otherwise left intact.” There is no question that Congress intended to

prohibit certain communications between one adult and one or more minors. There is also

no question that Congress would have enacted a narrower version of these provisions had it

known a broader version would be declared unconstitutional. I would therefore sustain the

“indecency transmission” and “specific person” provisions to the extent they apply to the

transmission of Internet communications where the party initiating the communication

knows that all of the recipients are minors.

II

Whether the CDA substantially interferes with the First Amendment rights of minors, and

thereby runs afoul of the second characteristic of valid zoning laws, presents a closer

question. In Ginsberg, the New York law we sustained prohibited the sale to minors of

magazines that were “harmful to minors.” Under that law, a magazine was “harmful to

266.

minors” only if it was obscene as to minors. Noting that obscene speech is not protected by

the First Amendment, and that New York was constitutionally free to adjust the definition

of obscenity for minors, the Court concluded that the law did not “invad[e] the area of

freedom of expression constitutionally secured to minors.” New York therefore did not

infringe upon the First Amendment rights of minors.

The Court neither “accept[s] nor reject[s]” the argument that the CDA is facially overbroad

because it substantially interferes with the First Amendment rights of minors. I would

reject it. Ginsberg established that minors may constitutionally be denied access to material

that is obscene as to minors. As Ginsberg explained, material is obscene as to minors if it (i)

is “patently offensive to prevailing standards in the adult community as a whole with

respect to what is suitable ... for minors”; (ii) appeals to the prurient interest of minors; and

(iii) is “utterly without redeeming social importance for minors.” Because the CDA denies

minors the right to obtain material that is “patently offensive”—even if it has some

redeeming value for minors and even if it does not appeal to their prurient interests—

Congress’ rejection of the Ginsberg “harmful to minors” standard means that the CDA could

ban some speech that is “indecent” (i.e., “patently offensive”) but that is not obscene as to

minors.

I do not deny this possibility, but to prevail in a facial challenge, it is not enough for a

plaintiff to show “some” overbreadth. Our cases require a proof of “real” and “substantial”

overbreadth, and appellees have not carried their burden in this case. In my view, the

universe of speech constitutionally protected as to minors but banned by the CDA—i.e., the

universe of material that is “patently offensive,” but which nonetheless has some redeeming

value for minors or does not appeal to their prurient interest—is a very small one.

Appellees cite no examples of speech falling within this universe and do not attempt to

explain why that universe is substantial “in relation to the statute’s plainly legitimate

sweep.” That the CDA might deny minors the right to obtain material that has some

“value” is largely beside the point. While discussions about prison rape or nude art may

have some redeeming educational value for adults, they do not necessarily have any such

value for minors, and under Ginsberg, minors only have a First Amendment right to obtain

patently offensive material that has “redeeming social importance for minors.” There is also

no evidence in the record to support the contention that “many e-mail transmissions from

an adult to a minor are conversations between family members,” and no support for the

legal proposition that such speech is absolutely immune from regulation. Accordingly, in my

view, the CDA does not burden a substantial amount of minors’ constitutionally protected

speech.

Thus, the constitutionality of the CDA as a zoning law hinges on the extent to which it

substantially interferes with the First Amendment rights of adults. Because the rights of

adults are infringed only by the “display” provision and by the “indecency transmission”

and “specific person” provisions as applied to communications involving more than one

adult, I would invalidate the CDA only to that extent. Insofar as the “indecency

transmission” and “specific person” provisions prohibit the use of indecent speech in

communications between an adult and one or more minors, however, they can and should

be sustained. The Court reaches a contrary conclusion, and from that holding that I

respectfully dissent.

267.

After the Reno v. ACLU opinion struck down the main operative provision of the

Communications Decency Act, Congress promptly tried again with a new law, the Child

Online Protection Act (COPA). The constitutional challenge to that law made its way back

to the Supreme Court…

Ashcroft v. American Civil Liberties Union, 542 U.S. 656 (2004).

Kennedy, Justice.

This case presents a challenge to a statute enacted by Congress to protect minors from

exposure to sexually explicit materials on the Internet, the Child Online Protection Act

(COPA). We must decide whether the Court of Appeals was correct to affirm a ruling by the

District Court that enforcement of COPA should be enjoined because the statute likely

violates the First Amendment.

In enacting COPA, Congress gave consideration to our earlier decisions on this subject, in

particular the decision in Reno v. American Civil Liberties Union, 521 U.S. 844 (1997). For

that reason, “the Judiciary must proceed with caution and ... with care before invalidating

the Act.” The imperative of according respect to the Congress, however, does not permit us

to depart from well-established First Amendment principles. Instead, we must hold the

Government to its constitutional burden of proof.

Content-based prohibitions, enforced by severe criminal penalties, have the constant

potential to be a repressive force in the lives and thoughts of a free people. To guard against

that threat the Constitution demands that content-based restrictions on speech be

presumed invalid, and that the Government bear the burden of showing their

constitutionality. This is true even when Congress twice has attempted to find a

constitutional means to restrict, and punish, the speech in question….

I

A

COPA is the second attempt by Congress to make the Internet safe for minors by

criminalizing certain Internet speech. The first attempt was the Communications Decency

Act of 1996. The Court held the CDA unconstitutional because it was not narrowly tailored

to serve a compelling governmental interest and because less restrictive alternatives were

available.

In response to the Court’s decision in Reno, Congress passed COPA. COPA imposes

criminal penalties of a $50,000 fine and six months in prison for the knowing posting, for

“commercial purposes,” of World Wide Web content that is “harmful to minors.” Material

that is “harmful to minors” is defined as:

“any communication, picture, image, graphic image file, article, recording,

writing, or other matter of any kind that is obscene or that-

“(A) the average person, applying contemporary community standards, would

find, taking the material as a whole and with respect to minors, is designed

to appeal to, or is designed to pander to, the prurient interest;

268.

“(B) depicts, describes, or represents, in a manner patently offensive with

respect to minors, an actual or simulated sexual act or sexual contact, an

actual or simulated normal or perverted sexual act, or a lewd exhibition of

the genitals or post-pubescent female breast; and

“(C) taken as a whole, lacks serious literary, artistic, political, or scientific

value for minors.”

“Minor[s]” are defined as “any person under 17 years of age.” A person acts for “commercial

purposes only if such person is engaged in the business of making such communications.”

“Engaged in the business,” in turn,

“means that the person who makes a communication, or offers to make a

communication, by means of the World Wide Web, that includes any material

that is harmful to minors, devotes time, attention, or labor to such activities,

as a regular course of such person’s trade or business, with the objective of

earning a profit as a result of such activities (although it is not necessary that

the person make a profit or that the making or offering to make such

communications be the person’s sole or principal business or source of

income).”

While the statute labels all speech that falls within these definitions as criminal speech, it

also provides an affirmative defense to those who employ specified means to prevent minors

from gaining access to the prohibited materials on their Web site. A person may escape

conviction under the statute by demonstrating that he

“has restricted access by minors to material that is harmful to minors-

“(A) by requiring use of a credit card, debit account, adult access code, or

adult personal identification number;

“(B) by accepting a digital certificate that verifies age; or

“(C) by any other reasonable measures that are feasible under available

technology.”

Since the passage of COPA, Congress has enacted additional laws regulating the Internet

in an attempt to protect minors. For example, it has enacted a prohibition on misleading

Internet domain names, 18 U.S.C. § 2252B, in order to prevent Web site owners from

disguising pornographic Web sites in a way likely to cause uninterested persons to visit

them. It has also passed a statute creating a “Dot Kids” second-level Internet domain, the

content of which is restricted to that which is fit for minors under the age of 13.

B

Respondents, Internet content providers and others concerned with protecting the freedom

of speech, filed suit in the United States District Court for the Eastern District of

Pennsylvania. They sought a preliminary injunction against enforcement of the statute.

269.

After considering testimony from witnesses presented by both respondents and the

Government, the District Court issued an order granting the preliminary injunction….

The Government appealed the District Court’s decision to the United States Court of

Appeals for the Third Circuit. The Court of Appeals affirmed the preliminary injunction,

but on a different ground. The court concluded that the “community standards” language in

COPA by itself rendered the statute unconstitutionally overbroad. We granted certiorari

and reversed, holding that the community-standards language did not, standing alone,

make the statute unconstitutionally overbroad. We emphasized, however, that our decision

was limited to that narrow issue. We remanded the case to the Court of Appeals to

reconsider whether the District Court had been correct to grant the preliminary injunction.

On remand, the Court of Appeals again affirmed the District Court….

II

A…

The District Court, in deciding to grant the preliminary injunction, concentrated primarily

on the argument that there are plausible, less restrictive alternatives to COPA. A statute

that “effectively suppresses a large amount of speech that adults have a constitutional right

to receive and to address to one another ... is unacceptable if less restrictive alternatives

would be at least as effective in achieving the legitimate purpose that the statute was

enacted to serve.” When plaintiffs challenge a content-based speech restriction, the burden

is on the Government to prove that the proposed alternatives will not be as effective as the

challenged statute.

In considering this question, a court assumes that certain protected speech may be

regulated, and then asks what is the least restrictive alternative that can be used to

achieve that goal. The purpose of the test is not to consider whether the challenged

restriction has some effect in achieving Congress’ goal, regardless of the restriction it

imposes. The purpose of the test is to ensure that speech is restricted no further than

necessary to achieve the goal, for it is important to ensure that legitimate speech is not

chilled or punished. For that reason, the test does not begin with the status quo of existing

regulations, then ask whether the challenged restriction has some additional ability to

achieve Congress’ legitimate interest. Any restriction on speech could be justified under

that analysis. Instead, the court should ask whether the challenged regulation is the least

restrictive means among available, effective alternatives.

…As the Government bears the burden of proof on the ultimate question of COPA’s

constitutionality, respondents must be deemed likely to prevail unless the Government has

shown that respondents’ proposed less restrictive alternatives are less effective than COPA.

Applying that analysis, the District Court concluded that respondents were likely to

prevail. That conclusion was not an abuse of discretion, because on this record there are a

number of plausible, less restrictive alternatives to the statute.

The primary alternative considered by the District Court was blocking and filtering

software. Blocking and filtering software is an alternative that is less restrictive than

COPA, and, in addition, likely more effective as a means of restricting children’s access to

materials harmful to them. The District Court, in granting the preliminary injunction, did

so primarily because the plaintiffs had proposed that filters are a less restrictive alternative

270.

to COPA and the Government had not shown it would be likely to disprove the plaintiffs’

contention at trial.

Filters are less restrictive than COPA. They impose selective restrictions on speech at the

receiving end, not universal restrictions at the source. Under a filtering regime, adults

without children may gain access to speech they have a right to see without having to

identify themselves or provide their credit card information. Even adults with children may

obtain access to the same speech on the same terms simply by turning off the filter on their

home computers. Above all, promoting the use of filters does not condemn as criminal any

category of speech, and so the potential chilling effect is eliminated, or at least much

diminished. All of these things are true, moreover, regardless of how broadly or narrowly

the definitions in COPA are construed.

Filters also may well be more effective than COPA. First, a filter can prevent minors from

seeing all pornography, not just pornography posted to the Web from America. The District

Court noted in its factfindings that one witness estimated that 40% of harmful-to-minors

content comes from overseas. COPA does not prevent minors from having access to those

foreign harmful materials. That alone makes it possible that filtering software might be

more effective in serving Congress’ goals. Effectiveness is likely to diminish even further if

COPA is upheld, because the providers of the materials that would be covered by the

statute simply can move their operations overseas. It is not an answer to say that COPA

reaches some amount of materials that are harmful to minors; the question is whether it

would reach more of them than less restrictive alternatives. In addition, the District Court

found that verification systems may be subject to evasion and circumvention, for example,

by minors who have their own credit cards. Finally, filters also may be more effective

because they can be applied to all forms of Internet communication, including e-mail, not

just communications available via the World Wide Web.

That filtering software may well be more effective than COPA is confirmed by the findings

of the Commission on Child Online Protection, a blue-ribbon Commission created by

Congress in COPA itself. Congress directed the Commission to evaluate the relative merits

of different means of restricting minors’ ability to gain access to harmful materials on the

Internet. It unambiguously found that filters are more effective than age-verification

requirements. See Commission on Child Online Protection (COPA), Report to Congress, 19-

21, 23-25, 27 (Oct. 20, 2000) (assigning a score for “Effectiveness” of 7.4 for server-based

filters and 6.5 for client-based filters, as compared to 5.9 for independent adult-ID

verification, and 5.5 for credit card verification). Thus, not only has the Government failed

to carry its burden of showing the District Court that the proposed alternative is less

effective, but also a Government Commission appointed to consider the question has

concluded just the opposite. That finding supports our conclusion that the District Court

did not abuse its discretion in enjoining the statute.

Filtering software, of course, is not a perfect solution to the problem of children gaining

access to harmful-to-minors materials. It may block some materials that are not harmful to

minors and fail to catch some that are. Whatever the deficiencies of filters, however, the

Government failed to introduce specific evidence proving that existing technologies are less

effective than the restrictions in COPA. The District Court made a specific factfinding that

“[n]o evidence was presented to the Court as to the percentage of time that blocking and

filtering technology is over- or underinclusive.” In the absence of a showing as to the

271.

relative effectiveness of COPA and the alternatives proposed by respondents, it was not an

abuse of discretion for the District Court to grant the preliminary injunction. The

Government’s burden is not merely to show that a proposed less restrictive alternative has

some flaws; its burden is to show that it is less effective. It is not enough for the

Government to show that COPA has some effect. Nor do respondents bear a burden to

introduce, or offer to introduce, evidence that their proposed alternatives are more effective.

The Government has the burden to show they are less so. The Government having failed to

carry its burden, it was not an abuse of discretion for the District Court to grant the

preliminary injunction.

One argument to the contrary is worth mentioning—the argument that filtering software is

not an available alternative because Congress may not require it to be used. That argument

carries little weight, because Congress undoubtedly may act to encourage the use of filters.

We have held that Congress can give strong incentives to schools and libraries to use them.

United States v. American Library Assn., Inc., 539 U.S. 194 (2003). It could also take steps

to promote their development by industry, and their use by parents. It is incorrect, for that

reason, to say that filters are part of the current regulatory status quo. The need for

parental cooperation does not automatically disqualify a proposed less restrictive

alternative. In enacting COPA, Congress said its goal was to prevent the “widespread

availability of the Internet” from providing “opportunities for minors to access materials

through the World Wide Web in a manner that can frustrate parental supervision or

control.” COPA presumes that parents lack the ability, not the will, to monitor what their

children see. By enacting programs to promote use of filtering software, Congress could give

parents that ability without subjecting protected speech to severe penalties….

B

There are also important practical reasons to let the injunction stand pending a full trial on

the merits. First, the potential harms from reversing the injunction outweigh those of

leaving it in place by mistake. Where a prosecution is a likely possibility, yet only an

affirmative defense is available, speakers may self-censor rather than risk the perils of

trial. There is a potential for extraordinary harm and a serious chill upon protected speech.

The harm done from letting the injunction stand pending a trial on the merits, in contrast,

will not be extensive. No prosecutions have yet been undertaken under the law, so none will

be disrupted if the injunction stands. Further, if the injunction is upheld, the Government

in the interim can enforce obscenity laws already on the books.

Second, there are substantial factual disputes remaining in the case. As mentioned above,

there is a serious gap in the evidence as to the effectiveness of filtering software. For us to

assume, without proof, that filters are less effective than COPA would usurp the District

Court’s factfinding role. By allowing the preliminary injunction to stand and remanding for

trial, we require the Government to shoulder its full constitutional burden of proof

respecting the less restrictive alternative argument, rather than excuse it from doing so.

Third, and on a related point, the factual record does not reflect current technological

reality—a serious flaw in any case involving the Internet. The technology of the Internet

evolves at a rapid pace. Yet the factfindings of the District Court were entered in February

1999, over five years ago. Since then, certain facts about the Internet are known to have

changed. It is reasonable to assume that other technological developments important to the

272.

First Amendment analysis have also occurred during that time. More and better filtering

alternatives may exist than when the District Court entered its findings. Indeed, we know

that after the District Court entered its factfindings, a congressionally appointed

commission issued a report that found that filters are more effective than verification

screens.

Delay between the time that a district court makes factfindings and the time that a case

reaches this Court is inevitable, with the necessary consequence that there will be some

discrepancy between the facts as found and the facts at the time the appellate court takes

up the question. We do not mean, therefore, to set up an insuperable obstacle to fair review.

Here, however, the usual gap has doubled because the case has been through the Court of

Appeals twice. The additional two years might make a difference. By affirming the

preliminary injunction and remanding for trial, we allow the parties to update and

supplement the factual record to reflect current technological realities.

Remand will also permit the District Court to take account of a changed legal landscape.

Since the District Court made its factfindings, Congress has passed at least two further

statutes that might qualify as less restrictive alternatives to COPA—a prohibition on

misleading domain names, and a statute creating a minors-safe “Dot Kids” domain.

Remanding for trial will allow the District Court to take into account those additional

potential alternatives.

On a final point, it is important to note that this opinion does not hold that Congress is

incapable of enacting any regulation of the Internet designed to prevent minors from

gaining access to harmful materials. The parties, because of the conclusion of the Court of

Appeals that the statute’s definitions rendered it unconstitutional, did not devote their

attention to the question whether further evidence might be introduced on the relative

restrictiveness and effectiveness of alternatives to the statute. On remand, however, the

parties will be able to introduce further evidence on this point. This opinion does not

foreclose the District Court from concluding, upon a proper showing by the Government

that meets the Government’s constitutional burden as defined in this opinion, that COPA is

the least restrictive alternative available to accomplish Congress’ goal….

[Justice Stevens’ concurrence and Justice Scalia’s dissent omitted].

Justice BREYER, with whom THE CHIEF JUSTICE and Justice O’CONNOR join,

dissenting.

The Child Online Protection Act (Act) seeks to protect children from exposure to commercial

pornography placed on the Internet. It does so by requiring commercial providers to place

pornographic material behind Internet “screens” readily accessible to adults who produce

age verification. The Court recognizes that we should “‘proceed ... with care before

invalidating the Act,’” while pointing out that the “imperative of according respect to the

Congress ... does not permit us to depart from well-established First Amendment

principles.” I agree with these generalities. Like the Court, I would subject the Act to “the

most exacting scrutiny,” requiring the Government to show that any restriction of

nonobscene expression is “narrowly drawn” to further a “compelling interest” and that the

restriction amounts to the “least restrictive means” available to further that interest.

273.

Nonetheless, my examination of (1) the burdens the Act imposes on protected expression,

(2) the Act’s ability to further a compelling interest, and (3) the proposed “less restrictive

alternatives” convinces me that the Court is wrong. I cannot accept its conclusion that

Congress could have accomplished its statutory objective—protecting children from

commercial pornography on the Internet—in other, less restrictive ways.

I

Although the Court rests its conclusion upon the existence of less restrictive alternatives, I

must first examine the burdens that the Act imposes upon protected speech. That is

because the term “less restrictive alternative” is a comparative term. An “alternative” is

“less restrictive” only if it will work less First Amendment harm than the statute itself,

while at the same time similarly furthering the “compelling” interest that prompted

Congress to enact the statute. Unlike the majority, I do not see how it is possible to make

this comparative determination without examining both the extent to which the Act

regulates protected expression and the nature of the burdens it imposes on that expression.

That examination suggests that the Act, properly interpreted, imposes a burden on

protected speech that is no more than modest.

A

The Act’s definitions limit the material it regulates to material that does not enjoy First

Amendment protection, namely, legally obscene material, and very little more. A

comparison of this Court’s definition of unprotected, “legally obscene,” material with the

Act’s definitions makes this clear.

Material is legally obscene if

“(a) ... ‘the average person, applying contemporary community standards’

would find that the work, taken as a whole, appeals to the prurient interest

...; (b) ... the work depicts or describes, in a patently offensive way, sexual

conduct specifically defined by the applicable state law; and (c) ... the work,

taken as a whole, lacks serious literary, artistic, political, or scientific value.”

The present statute defines the material that it regulates as material that meets all of the

following criteria:

“(A) the average person, applying contemporary community standards, would

find, taking the material as a whole and with respect to minors, [that the

material] is designed to appeal to, or is designed to pander to, the prurient

interest;

“(B) [the material] depicts, describes, or represents, in a manner patently

offensive with respect to minors, an actual or simulated sexual act or sexual

contact, an actual or simulated normal or perverted sexual act, or a lewd

exhibition of the genitals or post-pubescent female breast; and

“(C) [the material] taken as a whole, lacks serious literary, artistic, political,

or scientific value for minors.” (emphasis added).

274.

Both definitions define the relevant material through use of the critical terms “prurient

interest” and “lacks serious literary, artistic, political, or scientific value.” Insofar as

material appeals to, or panders to, “the prurient interest,” it simply seeks a sexual

response. Insofar as “patently offensive” material with “no serious value” simply seeks that

response, it does not seek to educate, it does not seek to elucidate views about sex, it is not

artistic, and it is not literary. That is why this Court, in Miller, held that the First

Amendment did not protect material that fit its definition.

The only significant difference between the present statute and Miller’s definition consists

of the addition of the words “with respect to minors” and “for minors.” But the addition of

these words to a definition that would otherwise cover only obscenity expands the statute’s

scope only slightly. That is because the material in question (while potentially harmful to

young children) must, first, appeal to the “prurient interest” of, i.e., seek a sexual response

from, some group of adolescents or postadolescents (since young children normally do not so

respond). And material that appeals to the “prurient interest[s]” of some group of

adolescents or postadolescents will almost inevitably appeal to the “prurient interest[s]” of

some group of adults as well.

The “lack of serious value” requirement narrows the statute yet further—despite the

presence of the qualification “for minors.” That is because one cannot easily imagine

material that has serious literary, artistic, political, or scientific value for a significant

group of adults, but lacks such value for any significant group of minors. Thus, the statute,

read literally, insofar as it extends beyond the legally obscene, could reach only borderline

cases. And to take the words of the statute literally is consistent with Congress’ avowed

objective in enacting this law; namely, putting material produced by professional

pornographers behind screens that will verify the age of the viewer. See S. Rep. No. 105-

225, p. 3 (1998) (hereinafter S. Rep.) (“The bill seeks to restrict access to commercial

pornography on the Web by requiring those engaged in the business of the commercial

distribution of material that is harmful to minors to take certain prescribed steps to restrict

access to such material by minors ...”); H.R. Rep. No. 105-775, pp. 5, 14 (1998) (hereinafter

H.R. Rep.) (explaining that the bill is aimed at the sale of pornographic materials and

provides a defense for the “commercial purveyors of pornography” that the bill seeks to

regulate).

These limitations on the statute’s scope answer many of the concerns raised by those who

attack its constitutionality. Respondents fear prosecution for the Internet posting of

material that does not fall within the statute’s ambit as limited by the “prurient interest”

and “no serious value” requirements; for example: an essay about a young man’s experience

with masturbation and sexual shame; “a serious discussion about birth control practices,

homosexuality, ... or the consequences of prison rape”; an account by a 15-year-old, written

for therapeutic purposes, of being raped when she was 13; a guide to self-examination for

testicular cancer; a graphic illustration of how to use a condom; or any of the other postings

of modern literary or artistic works or discussions of sexual identity, homosexuality,

sexually transmitted diseases, sex education, or safe sex, let alone Aldous Huxley’s Brave

New World, J.D. Salinger’s Catcher in the Rye, or, as the complaint would have it, “Ken

Starr’s report on the Clinton-Lewinsky scandal.”

275.

These materials are not both (1) “designed to appeal to, or ... pander to, the prurient

interest” of significant groups of minors and (2) lacking in “serious literary, artistic,

political, or scientific value” for significant groups of minors. Thus, they fall outside the

statute’s definition of the material that it restricts, a fact the Government acknowledged at

oral argument.

I have found nothing elsewhere in the statute’s language that broadens its scope. Other

qualifying phrases, such as “taking the material as a whole,” and “for commercial

purposes,” limit the statute’s scope still more, requiring, for example, that individual

images be considered in context. In sum, the Act’s definitions limit the statute’s scope to

commercial pornography. It affects unprotected obscene material. Given the inevitable

uncertainty about how to characterize close-to-obscene material, it could apply to (or chill

the production of) a limited class of borderline material that courts might ultimately find is

protected. But the examples I have just given fall outside that class.

B

The Act does not censor the material it covers. Rather, it requires providers of the “harmful

to minors” material to restrict minors’ access to it by verifying age. They can do so by

inserting screens that verify age using a credit card, adult personal identification number,

or other similar technology. In this way, the Act requires creation of an Internet screen that

minors, but not adults, will find difficult to bypass.

I recognize that the screening requirement imposes some burden on adults who seek access

to the regulated material, as well as on its providers. The cost is, in part, monetary. The

parties agreed that a Web site could store card numbers or passwords at between 15 and 20

cents per number. And verification services provide free verification to Web site operators,

while charging users less than $20 per year. According to the trade association for the

commercial pornographers who are the statute’s target, use of such verification procedures

is “standard practice” in their online operations.

In addition to the monetary cost, and despite strict requirements that identifying

information be kept confidential, the identification requirements inherent in age screening

may lead some users to fear embarrassment. Both monetary costs and potential

embarrassment can deter potential viewers and, in that sense, the statute’s requirements

may restrict access to a site. But this Court has held that in the context of congressional

efforts to protect children, restrictions of this kind do not automatically violate the

Constitution. And the Court has approved their use.

In sum, the Act at most imposes a modest additional burden on adult access to legally

obscene material, perhaps imposing a similar burden on access to some protected borderline

obscene material as well.

II

I turn next to the question of “compelling interest,” that of protecting minors from exposure

to commercial pornography. No one denies that such an interest is “compelling.” Rather, the

question here is whether the Act, given its restrictions on adult access, significantly

advances that interest. In other words, is the game worth the candle?

276.

The majority argues that it is not, because of the existence of “blocking and filtering

software.” The majority refers to the presence of that software as a “less restrictive

alternative.” But that is a misnomer—a misnomer that may lead the reader to believe that

all we need do is look to see if the blocking and filtering software is less restrictive; and to

believe that, because in one sense it is (one can turn off the software), that is the end of the

constitutional matter.

But such reasoning has no place here. Conceptually speaking, the presence of filtering

software is not an alternative legislative approach to the problem of protecting children

from exposure to commercial pornography. Rather, it is part of the status quo, i.e., the

backdrop against which Congress enacted the present statute. It is always true, by

definition, that the status quo is less restrictive than a new regulatory law. It is always less

restrictive to do nothing than to do something. But “doing nothing” does not address the

problem Congress sought to address—namely, that, despite the availability of filtering

software, children were still being exposed to harmful material on the Internet.

Thus, the relevant constitutional question is not the question the Court asks: Would it be

less restrictive to do nothing? Of course it would be. Rather, the relevant question posits a

comparison of (a) a status quo that includes filtering software with (b) a change in that

status quo that adds to it an age-verification screen requirement. Given the existence of

filtering software, does the problem Congress identified remain significant? Does the Act

help to address it? These are questions about the relation of the Act to the compelling

interest. Does the Act, compared to the status quo, significantly advance the ball? (An

affirmative answer to these questions will not justify “[a]ny restriction on speech,” as the

Court claims, for a final answer in respect to constitutionality must take account of burdens

and alternatives as well.)

The answers to these intermediate questions are clear: Filtering software, as presently

available, does not solve the “child protection” problem. It suffers from four serious

inadequacies that prompted Congress to pass legislation instead of relying on its voluntary

use. First, its filtering is faulty, allowing some pornographic material to pass through

without hindrance. Just last year, in American Library Assn., Justice STEVENS described

“fundamental defects in the filtering software that is now available or that will be available

in the foreseeable future.” He pointed to the problem of underblocking: “Because the

software relies on key words or phrases to block undesirable sites, it does not have the

capacity to exclude a precisely defined category of images.” That is to say, in the absence of

words, the software alone cannot distinguish between the most obscene pictorial image and

the Venus de Milo. No Member of this Court disagreed.

Second, filtering software costs money. Not every family has the $40 or so necessary to

install it. By way of contrast, age screening costs less. See supra, at 2800 (citing costs of up

to 20 cents per password or $20 per user for an identification number).

Third, filtering software depends upon parents willing to decide where their children will

surf the Web and able to enforce that decision. As to millions of American families, that is

not a reasonable possibility. More than 28 million school age children have both parents or

their sole parent in the work force, at least 5 million children are left alone at home without

277.

supervision each week, and many of those children will spend afternoons and evenings with

friends who may well have access to computers and more lenient parents.

Fourth, software blocking lacks precision, with the result that those who wish to use it to

screen out pornography find that it blocks a great deal of material that is valuable. As

Justice STEVENS pointed out, “the software’s reliance on words to identify undesirable

sites necessarily results in the blocking of thousands of pages that contain content that is

completely innocuous for both adults and minors, and that no rational person could

conclude matches the filtering companies’ category definitions, such as pornography or sex.”

Indeed, the American Civil Liberties Union (ACLU), one of the respondents here, told

Congress that filtering software “block[s] out valuable and protected information, such as

information about the Quaker religion, and web sites including those of the American

Association of University Women, the AIDS Quilt, the Town Hall Political Site (run by the

Family Resource Center, Christian Coalition and other conservative groups).” The software

“is simply incapable of discerning between constitutionally protected and unprotected

speech.” It “inappropriately blocks valuable, protected speech, and does not effectively block

the sites [it is] intended to block.”

Nothing in the District Court record suggests the contrary. No respondent has offered to

produce evidence at trial to the contrary. No party has suggested, for example, that

technology allowing filters to interpret and discern among images has suddenly become, or

is about to become, widely available. Indeed, the Court concedes that “[f]iltering software, of

course, is not a perfect solution to the problem.”

In sum, a “filtering software status quo” means filtering that underblocks, imposes a cost

upon each family that uses it, fails to screen outside the home, and lacks precision. Thus,

Congress could reasonably conclude that a system that relies entirely upon the use of such

software is not an effective system. And a law that adds to that system an age-verification

screen requirement significantly increases the system’s efficacy. That is to say, at a modest

additional cost to those adults who wish to obtain access to a screened program, that law

will bring about better, more precise blocking, both inside and outside the home.

The Court’s response—that 40% of all pornographic material may be of foreign origin—is

beside the point. Even assuming (I believe unrealistically) that all foreign originators will

refuse to use screening, the Act would make a difference in respect to 60% of the Internet’s

commercial pornography. I cannot call that difference insignificant.

The upshot is that Congress could reasonably conclude that, despite the current availability

of filtering software, a child protection problem exists. It also could conclude that a

precisely targeted regulatory statute, adding an age-verification requirement for a narrow

range of material, would more effectively shield children from commercial pornography.

Is this justification sufficient? The lower courts thought not. But that is because those

courts interpreted the Act as imposing far more than a modest burden. They assumed an

interpretation of the statute in which it reached far beyond legally obscene and borderline

obscene material, affecting material that, given the interpretation set forth above, would

fall well outside the Act’s scope. But we must interpret the Act to save it, not to destroy it.

So interpreted, the Act imposes a far lesser burden on access to protected material. Given

the modest nature of that burden and the likelihood that the Act will significantly further

278.

Congress’ compelling objective, the Act may well satisfy the First Amendment’s stringent

tests. Indeed, it does satisfy the First Amendment unless, of course, there is a genuine

alternative, “less restrictive” way similarly to further that objective.

III

I turn, then, to the actual “less restrictive alternatives” that the Court proposes. The Court

proposes two real alternatives, i.e., two potentially less restrictive ways in which Congress

might alter the status quo in order to achieve its “compelling” objective.

First, the Government might “act to encourage” the use of blocking and filtering software.

The problem is that any argument that rests upon this alternative proves too much. If one

imagines enough Government resources devoted to the problem and perhaps additional

scientific advances, then, of course, the use of software might become as effective and less

restrictive. Obviously, the Government could give all parents, schools, and Internet cafes

free computers with filtering programs already installed, hire federal employees to train

parents and teachers on their use, and devote millions of dollars to the development of

better software. The result might be an alternative that is extremely effective.

But the Constitution does not, because it cannot, require the Government to disprove the

existence of magic solutions, i.e., solutions that, put in general terms, will solve any

problem less restrictively but with equal effectiveness. Otherwise, “the undoubted ability of

lawyers and judges,” who are not constrained by the budgetary worries and other practical

parameters within which Congress must operate, “to imagine some kind of slightly less

drastic or restrictive an approach would make it impossible to write laws that deal with the

harm that called the statute into being.” As Justice Blackmun recognized, a “judge would be

unimaginative indeed if he could not come up with something a little less ‘drastic’ or a little

less ‘restrictive’ in almost any situation, and thereby enable himself to vote to strike

legislation down.” Perhaps that is why no party has argued seriously that additional

expenditure of government funds to encourage the use of screening is a “less restrictive

alternative.”

Second, the majority suggests decriminalizing the statute, noting the “chilling effect” of

criminalizing a category of speech. To remove a major sanction, however, would make the

statute less effective, virtually by definition.

IV

My conclusion is that the Act, as properly interpreted, risks imposition of minor burdens on

some protected material—burdens that adults wishing to view the material may overcome

at modest cost. At the same time, it significantly helps to achieve a compelling

congressional goal, protecting children from exposure to commercial pornography. There is

no serious, practically available “less restrictive” way similarly to further this compelling

interest. Hence the Act is constitutional.

V

The Court’s holding raises two more general questions. First, what has happened to the

“constructive discourse between our courts and our legislatures” that “is an integral and

279.

admirable part of the constitutional design”? After eight years of legislative effort, two

statutes, and three Supreme Court cases the Court sends this case back to the District

Court for further proceedings. What proceedings? I have found no offer by either party to

present more relevant evidence. What remains to be litigated? I know the Court says that

the parties may “introduce further evidence” as to the “relative restrictiveness and

effectiveness of alternatives to the statute.” But I do not understand what that new

evidence might consist of.

Moreover, Congress passed the current statute “[i]n response to the Court’s decision in

Reno” striking down an earlier statutory effort to deal with the same problem. Congress

read Reno with care. It dedicated itself to the task of drafting a statute that would meet

each and every criticism of the predecessor statute that this Court set forth in Reno. It

incorporated language from the Court’s precedents, particularly the Miller standard,

virtually verbatim. And it created what it believed was a statute that would protect

children from exposure to obscene professional pornography without obstructing adult

access to material that the First Amendment protects. See H.R. Rep., at 5 (explaining that

the bill was “carefully drafted to respond to the Supreme Court’s decision in Reno”); S. Rep.,

at 2 (same). What else was Congress supposed to do?

I recognize that some Members of the Court, now or in the past, have taken the view that

the First Amendment simply does not permit Congress to legislate in this area. Others

believe that the Amendment does not permit Congress to legislate in certain ways, e.g.,

through the imposition of criminal penalties for obscenity. There are strong constitutional

arguments favoring these views. But the Court itself does not adopt those views. Instead, it

finds that the Government has not proved the nonexistence of “less restrictive alternatives.”

That finding, if appropriate here, is universally appropriate. And if universally appropriate,

it denies to Congress, in practice, the legislative leeway that the Court’s language seems to

promise. If this statute does not pass the Court’s “less restrictive alternative” test, what

does? If nothing does, then the Court should say so clearly.

As I have explained, I believe the First Amendment permits an alternative holding. We

could construe the statute narrowly—as I have tried to do—removing nearly all protected

material from its scope. By doing so, we could reconcile its language with the First

Amendment’s demands. We would “save” the statute, “not ... destroy” it. And in the process,

we would permit Congress to achieve its basic child-protecting objectives.

Second, will the majority’s holding in practice mean greater or lesser protection for

expression? I do not find the answer to this question obvious. The Court’s decision removes

an important weapon from the prosecutorial arsenal. That weapon would have given the

Government a choice—a choice other than “ban totally or do nothing at all.” The Act tells

the Government that, instead of prosecuting bans on obscenity to the maximum extent

possible (as respondents have urged as yet another “alternative”), it can insist that those

who make available material that is obscene or close to obscene keep that material under

wraps, making it readily available to adults who wish to see it, while restricting access to

children. By providing this third option—a “middle way”—the Act avoids the need for

potentially speech-suppressing prosecutions.

That matters in a world where the obscene and the nonobscene do not come tied neatly into

separate, easily distinguishable, packages. In that real world, this middle way might well

280.

have furthered First Amendment interests by tempering the prosecutorial instinct in

borderline cases. At least, Congress might have so believed. And this likelihood, from a

First Amendment perspective, might ultimately have proved more protective of the rights

of viewers to retain access to expression than the all-or-nothing choice available to

prosecutors in the wake of the majority’s opinion.

For these reasons, I dissent.

NOTES AND QUESTIONS

Following this ruling, the case proceeded to a month-long trial, after which the district

court reaffirmed the statute’s deficiencies and issued a permanent injunction. American

Civil Liberties Union v. Gonzales, 478 F. Supp. 2d 775 (E.D. Pa. 2007), aff’d, American Civil

Liberties Union v. Mukasey, 534 F.3d 181 (3d Cir. 2008). In 2009, the case reached the

Supreme Court a third time. It denied certiorari and finally ended the decade-long

litigation. The case ran so long that four different Attorneys General were named in the

case captions (Reno, Ashcroft, Gonzales, and Mukasey). Does the slow pace of

Constitutional litigation provide any insights into the challenges of regulating the Internet?

If a court ruling had resurrected a 1990s-era content regulation statute on the Internet

circa 2010s, it would have shocked everyone.

As Chapter 1 indicated, online age verification remains a challenge even today. Does that

affect your assessment of the dissent’s analysis?

When you were a minor, did your parents or your school install blocking/filtering software

on your computers? Was it effective?

The majority cites the “Dot Kids” domain as an effort by Congress to create a kid-safe zone

on the Internet. If you’ve never heard of that effort, don’t feel bad. The Dot Kids domain

was a complete failure. See https://www.about.us/policies/ustld-stakeholder-

council/suspension-of-kids-us-namespace:

the kids.us namespace saw few and declining registrations and active

websites, despite discounts on registrations and efforts to promote the

namespace to children’s content providers. By 2011, the number of

registrations was down to 651, with only six active websites, all of which were

by providers with a more robust presence on another top-level domain. In

aggregate, these sites garnered only 470 unique visitors per year.

In light of these conditions, in 2012 Neustar requested and was granted by

the Department of Commerce a temporary suspension of the namespace; new

registrations were halted, and existing registrations were either allowed to

lapse or terminated with refund.

The majority cites 18 U.S.C. § 2252B as another law that protects children online. I am

aware of only one prosecution of this crime. John Zuccarini, a well-known “typosquatter”

who registered thousands of typographical error versions of domain names hoping to

capture the attention of bad spellers and folks with fat fingers, was convicted for

typosquatting on names like Disneyland, Teletubbies, and Britney Spears and sending the

281.

traffic to pornographic websites. If, in fact, there has been only one prosecution, would that

have any relevance to the majority’s analysis?

How should we respond when minors produce their own pornography and share it with

their peers? See Hanna Rosin, Why Kids Sext, THE ATLANTIC, Nov. 2014,

http://www.theatlantic.com/magazine/archive/2014/11/why-kids-

sext/380798/?single_page=true.

282.

VIII. Defamation and Information Torts

47 U.S.C. § 230. Protection for private blocking and screening of offensive

material.

(a) Findings. The Congress finds the following:

(1) The rapidly developing array of Internet and other interactive computer

services available to individual Americans represent an extraordinary

advance in the availability of educational and informational resources to our

citizens.

(2) These services offer users a great degree of control over the information

that they receive, as well as the potential for even greater control in the

future as technology develops.

(3) The Internet and other interactive computer services offer a forum for a

true diversity of political discourse, unique opportunities for cultural

development, and myriad avenues for intellectual activity.

(4) The Internet and other interactive computer services have flourished, to

the benefit of all Americans, with a minimum of government regulation.

(5) Increasingly Americans are relying on interactive media for a variety of

political, educational, cultural, and entertainment services.

(b) Policy. It is the policy of the United States—

(1) to promote the continued development of the Internet and other

interactive computer services and other interactive media;

(2) to preserve the vibrant and competitive free market that presently exists

for the Internet and other interactive computer services, unfettered by

Federal or State regulation;

(3) to encourage the development of technologies which maximize user control

over what information is received by individuals, families, and schools who

use the Internet and other interactive computer services;

(4) to remove disincentives for the development and utilization of blocking

and filtering technologies that empower parents to restrict their children’s

access to objectionable or inappropriate online material; and

(5) to ensure vigorous enforcement of Federal criminal laws to deter and

punish trafficking in obscenity, stalking, and harassment by means of

computer.

(c) Protection for “Good Samaritan” blocking and screening of offensive material

(1) Treatment of publisher or speaker

No provider or user of an interactive computer service shall be treated as the

publisher or speaker of any information provided by another information

content provider.

(2) Civil liability

No provider or user of an interactive computer service shall be held liable on

account of—

283.

(A) any action voluntarily taken in good faith to restrict access

to or availability of material that the provider or user considers

to be obscene, lewd, lascivious, filthy, excessively violent,

harassing, or otherwise objectionable, whether or not such

material is constitutionally protected; or

(B) any action taken to enable or make available to information

content providers or others the technical means to restrict

access to material described in paragraph (A).

(d) Obligations of interactive computer service

A provider of interactive computer service shall, at the time of entering an agreement with

a customer for the provision of interactive computer service and in a manner deemed

appropriate by the provider, notify such customer that parental control protections (such as

computer hardware, software, or filtering services) are commercially available that may

assist the customer in limiting access to material that is harmful to minors. Such notice

shall identify, or provide the customer with access to information identifying, current

providers of such protections.

(e) Effect on other laws

(1) No effect on criminal law. Nothing in this section shall be construed to

impair the enforcement of section 223 or 231 of this title, chapter 71 (relating

to obscenity) or 110 (relating to sexual exploitation of children) of title 18, or

any other Federal criminal statute.

(2) No effect on intellectual property law. Nothing in this section shall be

construed to limit or expand any law pertaining to intellectual property.

(3) State law. Nothing in this section shall be construed to prevent any State

from enforcing any State law that is consistent with this section. No cause of

action may be brought and no liability may be imposed under any State or

local law that is inconsistent with this section.

(4) No effect on communications privacy law. Nothing in this section shall be

construed to limit the application of the Electronic Communications Privacy

Act of 1986 or any of the amendments made by such Act, or any similar State

law.

(5) No effect on sex trafficking law. Nothing in this section (other than

subsection (c)(2)(A)) shall be construed to impair or limit—

(A) any claim in a civil action brought under section 1595 of

title 18, United States Code, if the conduct underlying the

claim constitutes a violation of section 1591 of that title;

(B) any charge in a criminal prosecution brought under State

law if the conduct underlying the charge would constitute a

violation of section 1591 of title 18, United States Code; or

(C) any charge in a criminal prosecution brought under State

law if the conduct underlying the charge would constitute a

violation of section 2421A of title 18, United States Code, and

promotion or facilitation of prostitution is illegal in the

jurisdiction where the defendant’s promotion or facilitation of

prostitution was targeted.

284.

(f) Definitions. As used in this section:

(1) Internet. The term “Internet” means the international computer network

of both Federal and non-Federal interoperable packet switched data

networks.

(2) Interactive computer service. The term “interactive computer service”

means any information service, system, or access software provider that

provides or enables computer access by multiple users to a computer server,

including specifically a service or system that provides access to the Internet

and such systems operated or services offered by libraries or educational

institutions.

(3) Information content provider. The term “information content provider”

means any person or entity that is responsible, in whole or in part, for the

creation or development of information provided through the Internet or any

other interactive computer service.

(4) Access software provider. The term “access software provider” means a

provider of software (including client or server software), or enabling tools

that do any one or more of the following:

(A) filter, screen, allow, or disallow content;

(B) pick, choose, analyze, or digest content; or

(C) transmit, receive, display, forward, cache, search, subset,

organize, reorganize, or translate content.

285.

An Introduction to Section 230

47 U.S.C. § 230 says that websites and other online services aren’t liable for third party

content. This legal policy is simple and elegant, but it’s hardly intuitive, and it has had

extraordinary consequences for the Internet and our society. This note provides the

background behind Section 230, an overview of the law, and some thoughts about its

importance.

Pre-Section 230 Law

In general, liability for third party content attaches where the disseminator has the

discretion to publish it or not. Where a disseminator cannot exercise editorial control—such

as telephone service providers functioning in their legal status as common carriers—the

disseminator isn’t legally responsible for third party content it had to disseminate. In

contrast, where the disseminator can exercise editorial control over what to disseminate—

such as traditional publishers—the disseminator accepts legal liability for the decisions it

makes. Thus, generally, traditional publishers are liable for all of the content they, in their

editorial discretion, choose to publish.

When it comes to third party content, many online intermediaries don’t neatly fit into

either the common carrier or traditional publisher models. It is often difficult or impossible

to have humans prescreen content before disseminating it. In some cases, the volume of

content makes prescreening too expensive or too slow. Where content is meant for real-time

dissemination, such as live-streaming video or chatrooms, prescreening is effectively

impossible. At the same time, most online intermediaries aren’t legally defined as common

carriers, and indeed society benefits when these intermediaries refuse service to customers

that engage in abusive, objectionable, or criminal activities.

Before Congress enacted Section 230, two cases addressed this issue.

The first was Cubby v. CompuServe, a 1991 case from the Southern District of New York.

At the time, CompuServe provided its subscribers dial-up connectivity to its network plus

“walled garden” access to content resources and databases that they could browse.

CompuServe charged subscribers per-minute they were online, and CompuServe shared a

portion of those subscriber charges as license fees to content publishers.

CompuServe had a licensing arrangement to carry a third party newsletter called

Rumorville. Rumorville periodically uploaded its content electronically to CompuServe’s

servers. CompuServe employees did not prescreen these uploads.

Perhaps not surprisingly (given its name), Rumorville was accused of defamation. The

plaintiff sued CompuServe and others. The court dismissed CompuServe, holding that for

defamation purposes, CompuServe acted as the “distributor” of Rumorville, not the

publisher, and therefore could be liable only if it knew or had reason to know of the

defamatory content. Due to Rumorville’s automated uploads, CompuServe lacked such

scienter.

Though CompuServe won the ruling, the court’s legal standard was not a clear win for the

industry. Following the judge’s approach, liability for third party content could attach

286.

whenever the online intermediary knew, or should have known, of the defamation. At

minimum, this created a notice-and-takedown standard for defamation; and the possibility

of a “heckler’s veto” where it would be easy to get content removed by submitting

illegitimate allegations of defamation. This ruling also didn’t address liability for claims

other than defamation, nor did it address services where humans prescreened third party

content before publication.

Nevertheless, the Cubby ruling provided some guidance to the nascent industry. Many

online intermediaries took a light-handed approach to moderating or removing third party

content with the hopes that they would characterized, like CompuServe, as not having

reason to know of problematic third party content.

The second pre-Section 230 ruling shook up that practice. The 1995 New York state court

case of Stratton Oakmont v. Prodigy involved the online message boards of Prodigy, a

CompuServe competitor. A user allegedly posted defamatory remarks about Stratton

Oakmont, an investment bank that was depicted unfavorably in the movie Wolf of Wall

Street. The investment bank sued Prodigy for $100 million. The court held that Prodigy

could be liable for the user’s defamatory message board posts because Prodigy had

marketed itself as a family-friendly service and had taken steps to remove objectionable

content from its message board. The court said that collectively, these efforts had turned

Prodigy into a “publisher” of the user-supplied message board content and exposed it to

liability.

The Moderator’s Dilemma

As you recall from the Reno v. ACLU case, 1995 was also the time of a techno-panic about

children having access to online pornography. Congress wanted and expected online

intermediaries to aggressively screen out pornography and other objectionable content. It

would be counterproductive if a legal rule deterred online intermediaries from taking these

socially valuable steps.

Arguably, the Stratton Oakmont ruling did exactly that. According to Stratton Oakmont,

trying to remove objectionable content, but failing to do that job perfectly, left the online

intermediary legally exposed for everything it missed—with potentially business-ending

legal exposure for each and every missed item.

This dynamic creates “The Moderator’s Dilemma.” The moderator/online intermediary must

choose between two principal options: (1) moderate or remove user content to promote a

safe or family-friendly environment and accept legal responsibility for anything it misses,

in which case the moderator will aggressively screen/remove third party content to reduce

that liability (or not permit third party content at all), or (2) do as little as possible to

manage user content, in which case it can argue that it does not “know or have reason to

know” about any legally problematic content, which may allow it to escape legal exposure

for that content. The second strategy is exactly what Congress didn’t want online

intermediaries to do, because weak moderation would lead to more children being exposed

to pornography online. However, following the Cubby and Stratton Oakmont cases, many

online intermediaries were likely to pursue the second strategy and reduce their efforts to

screen out objectionable content.

287.

Section 230 was designed to eliminate the Moderator’s Dilemma. As the legislative history

explains, Section 230 was intended to overrule Stratton Oakmont “and any other similar

decisions which have treated providers and users as publishers or speakers of content that

is not their own because they have restricted access to objectionable material.”

Section 230’s Protections for Defendants

Section 230(c)(1) says: “No provider or user of an interactive computer service shall be

treated as the publisher or speaker of any information provided by another information

content provider.” Typically, courts require defendants to establish three prima facie

elements to obtain the immunity:

(1) The immunity applies to a “provider or user of an interactive computer service.” The

statutory definition of “interactive computer service” describes how CompuServe, Prodigy,

America Online, and other mid-1990 services offered customers a subscription to dial-up

Internet/server access plus walled-garden content. However, courts have interpreted

“providers” expansively to include virtually any software or service available through the

Internet. Furthermore, “users” of interactive computer services should, in theory, describe

everyone with Internet access. This means, in practice, that everyone online should satisfy

this first element. It is not just limited to websites.

(2) The immunity applies to any claims that treat the defendant as a “publisher or

speaker.” This standard makes sense in the context of defamation, where “publication” is an

express element of the plaintiff’s prima facie case. However, courts usually read this

element more broadly to apply when a claim’s prima facie elements do not contain the term

“publisher” or “speaker.” Typically, courts find this element satisfied whenever the plaintiff

seeks to hold the defendant responsible for third party content—unless the claim fits into

one of the statutory exceptions (discussed below).

(3) The immunity applies when the plaintiff’s claim is based on information “provided by

another information content provider.” This element seeks to distinguish first-party content

from third-party content; defendants are immunized only for the latter. Sometimes, the

division between first-party and third-party content is obvious. Employee-authored content

should normally qualify as first-party content; user-submitted content should normally

qualify as third-party content. However, plaintiffs have deployed a vast array of legal

theories—some more successful than others—to muddy the distinction and hold defendants

liable for what is otherwise fairly obviously third party content.

To recap these three prima facie elements: typically, Section 230(c)(1) applies to anyone

connected to the Internet for any claim (other than the statutorily excluded claims) that is

based on third party content. In other words, websites and online services aren’t liable for

third party content.

Notice that Section 230(c)(1) says nothing about the defendant’s scienter. As a result, a

defendant can have scienter about problematic content—for example, they can “know” that

they are publishing tortious or illegal third-party content—and still avoid liability for that

content. E.g., Marshall’s Locksmith Service Inc. v. Google LLC, 925 F.3d 1263 (D.C. Cir.

2019) (“it is ‘well established that notice of the unlawful nature of the information provided

is not enough to make it the service provider’s own speech’”). For that reason, we have not

288.

seen the same tendentious philosophical inquiries into when an online service “knows”

about user content that we’ve seen in the copyright context with the DMCA’s online safe

harbor. Furthermore, Section 230(c)(1) applies even if the defendant does human

prescreening, or post-hoc reviews of, third-party content. Section 230(c)(1) is equally

available to a service that exercises the same level of editorial control as a traditional

publisher or exercises zero editorial control.

Thus, Section 230 remarkably collapses the legal distinctions between traditional

publishers and common carriers. Section 230(c)(1) says that online intermediaries can

function like traditional publishers but receive the favorable legal treatment of common

carriers. As you can imagine, this is a counterintuitive result that frequently baffles

plaintiffs and occasionally baffles judges.

Section 230(c)(2) provides two additional protections for online intermediaries. Section

230(c)(2)(A) protects good faith decisions to block or remove content the intermediary

considers “to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise

objectionable.” Section 230(c)(2)(B) protects providing the “technical means to restrict

access to [objectionable] material,” such as the filtering instructions provided by anti-spam

or anti-spyware software.

Compared to Section 230(c)(1), Section 230(c)(2) comes up in litigation relatively rarely.

Section 230(c)(2)(B) applies mostly to the filtering software context, and a key Ninth Circuit

ruling in 2009 has largely eliminated lawsuits against anti-spam and anti-spyware vendors

from entities (though that may be in jeopardy due to a 2019 ruling, Enigma Software Group

USA, LLC v. Malwarebytes, Inc., 946 F.3d 1040 (9th Cir. 2019)).

Otherwise, the most likely plaintiffs that would implicate Section 230(c)(2)(A) are a

service’s content uploaders who are unhappy that the service removed their content. In

many cases, any particular content item won’t be significant enough for an aggrieved

uploader to sue, but there are exceptions. For example, if a record label puts a lot of money

behind marketing the URL of a YouTube video, and then YouTube removes the video, the

marketing investments may be wasted. We’re also seeing a spike of cases from

“conservatives” who believe that their content was removed due to the service’s bias against

them. However, these plaintiffs—the content uploaders—almost always agree to the

service’s user agreement, which will contain many protective provisions like termination for

convenience, a disclaimer of any obligation to publish (or a reservation of the service’s

unrestricted editorial discretion), limitations of liability, and more. Section 230(c)(2) can

supplement the contract protections, but it may merely reinforce the legal conclusion that

contract law would reach anyways.

In addition, courts are now resolving many cases by blocked/filtered users on Section

230(c)(1) grounds by treating the plaintiff-user’s removed content as third-party content to

the defendant-online service.

Defendants prefer relying on Section 230(c)(1) over Section 230(c)(1)(A) if possible because

Section 230(c)(2) depends on whether the defendant acted in “good faith.” Plaintiffs can

easily allege bad faith removal or blocking by the defendant, even when the plaintiff doesn’t

have evidence to back up the allegation. These unsupported allegations increase the odds

that the case will survive a motion to dismiss and advance to discovery and summary

289.

judgment—a more expensive and time-consuming proposition. If defendants can find a way

to defeat the lawsuit on a motion to dismiss using some other legal theory, Section

230(c)(2)’s delayed resolution isn’t that helpful.

Section 230(c)(1) provides substantial immunity for defendants, but its procedural benefits

are also critical to defendants. See Eric Goldman, Why Section 230 is Better than the First

Amendment, NOTRE DAME L. REV. ONLINE (forthcoming 2019),

https://ssrn.com/abstract=3351323. Many defendants win Section 230(c)(1) cases on a

motion to dismiss (recall, as just discussed, that Section 230(c)(2) lacks this feature in

practice). In those situations, the case is over quickly and at relatively no cost, without

expensive discovery or summary judgment motions. Furthermore, because of its broad

scope, plaintiffs’ attempts to plead around Section 230(c)(1) often doesn’t work, meaning

that creative plaintiffs can’t innovate a way past a motion to dismiss. Contrast the quick

and easy Section 230(c)(1) dismissals with the often-arduous defense wins in Section 512

cases like Veoh. The procedural benefits make a huge substantive difference to defendants.

Section 230’s Statutory Exclusions

Section 230 has four statutory exclusions, where Section 230 is categorically unavailable.

Due to these exceptions, it is blatantly wrong to characterize Section 230 as a “blanket”

immunity or a “get-out-of-jail-free card”—characterizations that are all-too-frequent in

court opinions and policy-making circles.

#1: ECPA/State Law Equivalents. Section 230 does not apply to plaintiffs’ claims based on

the Electronic Communications Privacy Act or state law equivalents. This exception has

been rarely litigated because it’s almost impossible for an ECPA prima facie claim to

implicate Section 230.

#2: Intellectual Property Claims. Section 230 does not apply to “intellectual property”

claims. “Intellectual property” isn’t defined in the statute, and this exception is more

complicated than it might appear.

In Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102 (9th Cir. 2007), the Ninth Circuit held that

Section 230’s IP exclusion only applied to federal intellectual property claims, so Section

230 preempted all state intellectual property claims. State IP claims can include state

trademark claims, state copyright claims, trade secret claims, publicity right claims and

possibly others. Thus, in the Ninth Circuit, the CCBill precedent has been used numerous

times in lawsuits predicated on third party state IP claims. Courts outside the Ninth

Circuit typically do not agree with the CCBill ruling, so state intellectual property claims

may be viable in those jurisdictions despite Section 230. But see Hepp v. Facebook, Inc.,

2020 WL 3034815 (E.D. Pa. June 5, 2020) (applying CCBill outside the Ninth Circuit to a

state publicity rights claim).

All courts agree that federal intellectual property claims, such as federal copyright and

federal trademark claims, based on third party content are clearly excluded from Section

230. However, Congress expressly said the Defend Trade Secrets Act, the federal trade

secret law, is not an intellectual property law, so any DTSA claims based on third party

content are immunized by Section 230. See Craft Beer Stellar, LLC v. Glassdoor, Inc., 2018

290.

WL 5084837 (D. Mass. 2018) (“The DTSA claim is thus subject to the immunity provisions

of § 230”); Eric Goldman, The Defend Trade Secrets Act Isn’t an Intellectual Property Law,

33 SANTA CLARA HIGH TECH. L.J. 541 (2017).

#3: Federal Criminal Prosecutions. Prosecutions of federal crimes are not immunized by

Section 230. The U.S. Department of Justice rarely pursues websites for third-party

content, but the exceptions are noteworthy. For example, in 2007, Google, Yahoo and

Microsoft paid a total of $31.5 million to settle complaints about running illegal gambling

ads. In 2011, Google paid $500 million to settle complaints about running ads for illegal

pharmacies. In the DOJ’s prosecution of the purported operator of the Silk Road

marketplace for illegal items, Ross Ulbricht got a lifetime sentence.

While federal criminal enforcement is excluded from Section 230, civil claims based on

federal criminal law are preempted. See Doe v. Bates, 2006 WL 3813758 (E.D. Tex. 2006);

Jane Doe No. 1 v. Backpage.com, LLC, 817 F.3d 12 (1st Cir. 2016). State criminal

prosecutions are also preempted, other than FOSTA. See Eric Goldman, The Implications of

Excluding State Crimes from 47 U.S.C. § 230’s Immunity, July 2013,

http://ssrn.com/abstract=2287622.

#4: FOSTA. In 2018, Congress created several new exceptions to Section 230 in the Fight

Online Sex Trafficking Act. We’ll discuss that law later.

Section 230’s Implications

Section 230 is an exceptionalist statute: it treats the Internet differently than other media.

Indeed, Section 230 is the quintessential exceptionalist statute from the Internet

exceptionalism peak in the mid-1990s. To demonstrate Section 230’s exceptionalist nature,

consider this example:

Scenario A: An author submits a “letter to the editor” to her local newspaper. The letter

contains defamatory statements. The newspaper publishes the letter in its “dead trees”

edition. The newspaper will be equally liable for defamation with the letter author.

Scenario B: The same author submits the same letter to her local newspaper, but the local

newspaper only publishes the letter in its online edition, not in its “dead trees” edition. The

author will still be liable, but Section 230 protects the newspaper from liability.

It’s counterintuitive that Scenarios A and B lead to different outcomes. It’s the exact same

content, by the exact same author, disseminated by the exact same publisher, yet the

liability results are completely opposite. As the maxim goes, the medium matters.

We could describe Section 230 as a type of legal privilege. Section 230 “privileges” online

publishers over offline publishers by giving online publishers more favorable legal

protection. This produces a financial benefit by reducing online publishers’ pre-publication

costs and post-publication financial exposure. These legal and financial benefits make sense

in the 1990s context, where most major newspapers were de facto monopolies in their local

communities and most online publishers of third-party content were small hobbyists. But in

the modern era, where Internet giants like Google and Facebook are among the most highly

291.

valued companies ever to exist and most newspapers are struggling to survive, this

allocation of privileges might seem even more counterintuitive.

However, focusing on Section 230’s benefit to the Internet giants fundamentally

misunderstands Section 230’s immunity. Section 230 allows companies to dial up or down

their level of editorial control to reflect the needs of their community. Other services can

adopt different editorial practices than Google or Facebook, so there can be a wider array of

options for authors and readers. More importantly, new marketplace entrants don’t need to

make the same upfront investments into content moderation that Google and Facebook

make. If new entrants had to develop industrial-grade content moderation procedures from

day one, we’d see far fewer new entrants. Thus, Section 230’s benefit to Google and

Facebook is a small piece of the equation. Section 230’s real payoff comes from enabling

new entrants that compete with—and perhaps ultimately dethrone—Google and Facebook.

Thus, Section 230 helps keep the Internet market open. In contrast, regulators often think

curtailing Section 230 will be a good way to hurt the Internet giants like Google and

Facebook. They are completely mistaken. Google and Facebook can afford to accommodate

new regulatory obligations in ways that new entrants cannot. Thus, reducing Section 230’s

immunity would reinforce Google and Facebook’s marketplace position by making it more

difficult for new entrants to emerge and compete. Sometimes people say that “the Internet”

no longer needs Section 230’s 1990s-style exceptionalist privilege, but this makes sense only

by equating “the Internet” with “Google and Facebook.” Unless we’re at the end of the

innovation curve for new Internet services based on third party content—and likely we’re

still closer to the beginning than to the end—Section 230’s immunity fosters and

encourages the yet-to-be-born services that we’ll all benefit from.

Another common complaint about Section 230 is that services can receive the legal

protection even if they do nothing to moderate content, and services will choose that option

to minimize their costs. Accordingly, the critics believe Section 230 facilitates the creation

of “cyber cesspools,” i.e., services that affirmatively want and intend to profit from anti-

social content.

It’s true that Section 230 protects all services from liability from third party content, even

services that do not moderate content and therefore become hotbeds of anti-social content.

However, there are two major problems with the arguments that Section 230 encourages

services to cut corners on content moderation.

First, cyber cesspools tend to quickly fail in the market, despite Section 230’s protection. In

the late 2000s, for example, there was a lot of angst about gossip-focused services like

JuicyCampus, People’s Dirt and AutoAdmit. All of them are gone. More recently, Yik Yak’s

anonymous local service garnered substantial criticism. It, too, is gone. It turns out that

“cyber cesspools” develop terrible reputations and become a poor business investment.

People will always keep trying to build them, but Section 230 won’t ensure their survival

for very long.

In contrast, every reputable service undertakes substantial and expensive content

moderation efforts as part of building trust with their users and (if applicable) keeping

advertisers happy. These services won’t just do the “minimum.” Accordingly, it is

292.

demonstrably false to claim that Section 230 means online services will “do nothing” about

bad content.

Second, Section 230 critics often assume that reducing the immunity will reduce the total

incidence of anti-social content, but this is almost certainly not true. All legitimate services

voluntarily undertake socially valuable policing work against anti-social content—just as

the designers of Section 230 had hoped they would. If revisions to Section 230 have the

effect of reinstating the moderator’s dilemma, some of those services will turn off or reduce

their voluntary policing efforts, and we could counterintuitively see a net society-wide

increase in anti-social behavior due to the services that opt for the do-nothing approach.

Stated differently, even if some rogue services temporarily abuse Section 230’s immunity,

Section 230’s immunity might still produce the lowest net level of anti-social content of any

policy option.

There is another alternative: we could restore the offline publishers’ liability rule to all

online services and hold online services liable for all third party content they publish. This

would likely force online services to prescreen all third party content.

Prescreening would dramatically reduce the level of anti-social content, but it also

eliminate many of the Internet’s best aspects. For example, imagine how Twitter might

work with human-prescreened tweets. If Twitter could even afford to stay in business due

to the labor costs, all tweets would have a delay of minutes, hours, or longer. There might

still be some social role for a time-delayed Twitter, but more likely, it would lose most of its

value. Can you think of other services you enjoy daily that wouldn’t make any sense

financially or functionally if humans had to prescreen each item of content, with a

substantial time delay to publication?

Section 230 creates winners and losers, but so does every other policy alternative. Section

230 strikes a balance between promoting innovation and motivating industry players to

voluntarily undertake socially valuable screening efforts. Its results are stunning: aided in

large part by Section 230, the Internet has grown into an integral part of our society,

companies have created trillions of dollars of economic wealth and millions of new jobs, and

we have benefited from the emergence of new services and content that never would have

emerged with a different liability regime. Think about your own online routines: you almost

certainly benefit from Section 230-protected Internet services on an hour-by-hour or even

minute-by-minute basis.

293.

A Note About FOSTA*

In 2018, Congress passed the first major reduction in the scope of Section 230’s immunity.

This note explains what happened.

Background on Online Commercial Sex Ads

People have advertised commercial sex online for a long time. In the 2000s, sex worker

advertising consolidated in Craigslist’s “erotic services” category. Not all “erotic services”

are illegal, but the bulk of the category’s listings were advertising for illegal prostitution.

This led to several lawsuits (and threats of lawsuits) against Craigslist, which it defeated

on Section 230 grounds, but the pressure grew so great that Craigslist finally abandoned

the category (which it had renamed “adult services”) in 2010.

After a short period of chaos, commercial sex advertising reconsolidated at another online

classified service, Backpage.com. Unlike Craigslist, which viewed such ads as an

unavoidable consequence of its open-door approach to classified ads, Backpage viewed these

advertisements as a profitable opportunity and made numerous moves to maximize its

profits. This naturally inflamed regulators, who viewed Backpage’s aggressiveness as

blatantly illegal and Section 230’s protection of Backpage as outrageous. Furthermore,

some ads for commercial sex promoted victims of sex trafficking. Backpage claimed it took

steps to find those ads and report them to law enforcement. However, many regulators felt

that Backpage wasn’t doing enough to protect sex trafficking victims and instead was

profiting from their victimization.

Nomenclature note: “sex trafficking” is a semantically confusing term, but legally, it means

paid sexual activity by (1) minors who cannot consent to such activity, or (2) someone

compelled to engage in such activity.

Despite Backpage’s encouragement of commercial sex advertising and possible complicity in

sex trafficking victimization, Backpage won a series of courtroom victories based on Section

* I testified against SESTA in the Senate Commerce Committee and against FOSTA in the House Commerce

Committee, and I blogged against SESTA/FOSTA about two dozen times, so it’s fair to say that I oppose FOSTA.

294.

230, the First Amendment and other grounds. This left regulators aghast—surely Section

230 did not make it impossible to shut down Backpage’s seemingly illegal activity?

Congress Responds to Backpage

Every session of Congress sees the introduction of an extensive list of legislative proposals

to fight sex trafficking. See, e.g., Cary Glynn, An Overview of Congress’ Pending Legislation

on Sex Trafficking (Guest Blog Post), TECH. & MKTG. L. BLOG, Oct. 2, 2017,

https://blog.ericgoldman.org/archives/2017/10/an-overview-of-congress-pending-legislation-

on-sex-trafficking-guest-blog-post.htm. As you can imagine, these legislative proposals

routinely garner substantial Congressional support given the horrors of sex trafficking.

Thus, the Backpage situation virtually ensured there would be a Congressional collision

between some anti-sex trafficking advocates and Section 230.

In 2015, Congress enacted the SAVE Act, expressly targeting Backpage. (It was passed as

part of a larger anti-sex trafficking bill, the Justice for Victims of Trafficking Act of 2015).

The law extended the existing federal sex trafficking crime to include knowingly

advertising sex trafficking victims. Though the SAVE Act didn’t amend Section 230

directly, it fit into Section 230’s exclusion for federal criminal prosecutions.

Backpage unsuccessfully challenged the law preemptively. The court dismissed the

challenge on procedural grounds, but along the way, it flatly declared that the First

Amendment does not protect ads for illegal sex trafficking. Backpage.com, LLC v. Lynch,

216 F. Supp. 3d 96 (D.D.C. 2016).

Despite the SAVE Act’s targeting of Backpage, it appears the new SAVE Act crime has

never been asserted against Backpage or anyone else.

In 2017, despite (or because of?) the SAVE Act’s apparent failure to eradicate Backpage,

Congress revisited the Backpage problem. In Spring, Rep. Wagner (who had sponsored the

SAVE Act) introduced a complex and harsh House bill acronymed FOSTA. In Summer, the

Senate introduced a similar, but slightly less harsh, bill acronymed SESTA.

The Senate moved more quickly than the House. After a Senate Commerce Committee

hearing in September 2017, SESTA’s sponsors introduced a slightly revised version. The

then-leading Internet trade association, the Internet Association, dropped its opposition

and endorsed the revised SESTA. Other Internet company advocates still objected, but the

bill passed the Senate Commerce Committee.

In the House, the House Judiciary Committee introduced and passed a substitute version of

FOSTA that focused on commercial sex advertising, not sex trafficking. The substitute

FOSTA version was intended as a policy alternative to SESTA, and SESTA opponents

viewed it as less harmful to the Internet. However, after some backroom negotiations, a

compromise was struck: instead of picking between SESTA and the substitute FOSTA, the

two disparate policy solutions were combined into a new version of FOSTA that I dubbed

“the worst of both worlds.” This “Worst of Both Worlds” FOSTA passed both chambers by

overwhelming margins—the House in February 2018, the Senate in March 2018. President

Trump signed the bill on April 11, 2018.

295.

What FOSTA Does

The combination of revised SESTA and substitute FOSTA into a single bill resulted in an

extremely complex bill with six main provisions (this is a very stylized summary; as usual,

there’s no substitute for reading the actual statute!):

1) FOSTA creates a new federal crime, 2421A, for anyone who “owns, manages, or operates

an interactive computer service” (or conspiring/attempting to do so) with the “intent to

promote or facilitate” prostitution. There are steep enhanced penalties if the prostitution

involves sex trafficking.

2) FOSTA also expands the existing federal sex trafficking crime, 1591, to include

“knowingly assisting, supporting, or facilitating” sex trafficking. Like the SAVE Act, both

the new 2421A and the revised 1591, as changes to federal criminal law, take advantage of

Section 230’s inapplicability to federal criminal prosecution.

3) FOSTA adds a new Section 230 exclusion for state criminal prosecutions of activity that

violates 1591. (In other words, state crimes that are coextensive with 1591 are now

prosecutable without a Section 230 defense).

4) FOSTA adds a new Section 230 exclusion for state criminal prosecutions of activity that

violates 2421A.

5) FOSTA adds a new Section 230 exclusion for civil causes of action based on behavior that

violates 1591. Note: as an artifact of the SESTA/FOSTA combination, civil causes of action

for behavior that violates 2421A apparently are not subject to this exclusion, even though

that seems inconsistent with FOSTA’s purposes.

6) FOSTA authorizes state attorneys general to bring “parens patriae” civil claim for

residents affected by violations of 1591.

Despite FOSTA’s addition of a new Section 230 exclusion, FOSTA retained Section

230(c)(2)(A) applicability to items #3-5. Section 230(c)(2)(A) protects good faith content

removals, but this defense doesn’t make sense because services principally face FOSTA-

related liability for content they publish, not content they remove. See Eric Goldman, How

SESTA Undermines Section 230’s Good Samaritan Provisions, TECH. & MKTG. L. BLOG,

Nov. 7, 2017, https://blog.ericgoldman.org/archives/2017/11/how-sesta-undermines-section-

230s-good-samaritan-provisions.htm. Defendants could try to argue that Section 230(c)(2)

protects them from FOSTA liability for items they missed so long as they made good faith

efforts to remove problematic content, but this argument is untested.

If you’re confused by all of this or what it means in practice, you definitely are not alone! At

best, only a small handful of legislators who voted for the Worst of Both Worlds FOSTA

fully understood its provisions or implications.

FOSTA’s Denouement

FOSTA’s story is still being written, but within the first few months of its enactment,

several developments of note took place.

296.

Backpage’s Seizure and Prosecution. On April 6, 2018—after Congress passed FOSTA but

before Pres. Trump signed it—the FBI raided Backpage, seized all of its assets, and shut

down the website.

Along with the seizure, the U.S. Department of Justice and several state attorneys general

filed criminal charges against Backpage and several principals, alleging Travel Act (18

U.S.C. §1952) violations (based on prostitution crimes) and money laundering. In

conjunction with the seizure—again, before Pres. Trump signed FOSTA on April 11—the

Backpage corporate entity and its CEO, Carl Ferrer, pleaded guilty to the charges. Ferrer

took a plea deal to testify against his collaborators in exchange for a more favorable jail

sentence, and both Ferrer and Backpage agreed to make restitution of up to $500 million.

Obviously the seizure and prosecution didn’t happen overnight. Indeed, a federal grand jury

in Phoenix had been investigating Backpage for about 18 months. Yet, the exact timing was

curious. Congress had passed the SAVE Act and FOSTA as anti-Backpage measures, yet

the DOJ and state AGs shut down Backpage and obtained a guilty plea from its CEO

297.

without using either of the new crimes that Congress had specially designed to target

Backpage. Instead, the successful seizure and prosecution was based on crimes that had

been on the books from the beginning. So why did Congress need to enact the SAVE Act or

FOSTA? And why didn’t the DOJ bring an enforcement action earlier? Had the enforcement

taken place a couple weeks earlier, the Senate might have decided not to pass FOSTA. And

with Backpage already out of the market by April 6, which mooted the proponents’

principal justification for FOSTA, why did Pres. Trump sign the law on April 11?*

All along, FOSTA’s opponents told Congress that FOSTA wasn’t needed because existing

crimes already covered Backpage, so Congress should wait until the FBI and DOJ had

completed their work. In a sense, the seizure and prosecution proved that the opponents

were 100% correct; Backpage was gone and its CEO destined for jail before FOSTA even

became law.

Now that understand the sequence of events, please don’t perpetuate the myth, frequently

advanced by the media and FOSTA’s supporters, that FOSTA eliminated Backpage. That

ahistorical assertion signals ignorance—or propaganda.

Civil Claims Against Backpage. FOSTA was also intended to provide financial justice for

sex trafficking victims. If Backpage had profited on their victimization, shouldn’t it pay for

this? However, Section 230 had made such lawsuits challenging, including the First

Circuit’s Doe v. Backpage ruling in 2016 that emphatically held Section 230 prevented the

victims’ civil claims. Thus, to FOSTA supporters, it seemed like Section 230 needed a

change to let victims obtain financial recourse.

(1591 has a mandatory victim restitution provision, so if the DOJ successfully prosecuted

Backpage pursuant to 1591, victims would be compensated. Also, the restitution promises

by Ferrer and Backpage.com—based on pre-FOSTA law—will provide victim compensation

without any further lawsuits by victims).

Throughout 2017, new evidence emerged about Backpage’s involvement with its

advertisements that raised increased doubts that Backpage could continue to rely on

Section 230 to avoid liability. Thus, FOSTA opponents argued that Section 230 didn’t need

amendment because victims were likely to use this evidence to get around Section 230 in

future litigation.

On March 29, 2018 and March 31, 2018—after the Senate’s passage of FOSTA and before

Pres. Trump’s signing—two different federal district courts issued opinions holding that

victim claims against Backpage survived Backpage’s Section 230-based motion to dismiss.

While these rulings don’t ensure financial judgments for the victims, they proved—before

FOSTA became law—that Section 230 did not prevent civil lawsuits against Backpage.

To recap: before Pres. Trump signed FOSTA, Backpage was gone, its CEO was convicted,

victim restitution was guaranteed, and two different courts held that Section 230 didn’t

prevent victims’ civil claims. Yet, FOSTA became law anyway.

* Proponents claimed also they wanted to reach “the next Backpage” that would emerge after Backpage’s

demise, though proponents could only speculate about what that service might look like, whether it would even

emerge, and whether the statutory changes would reach it.

298.

The Internet Shrank. Because FOSTA imposes criminal liability based on what online

services “know” about third party content, FOSTA effectively resurrects the “moderator’s

dilemma” discussed earlier that Section 230 had been designed to eliminate. Services that

might let third parties promote commercial sex now face the possibility that they will be

deemed to “know” of these promotions and face extreme criminal liability. As a result,

services have three primary options:

1) Perfectly implement content moderation efforts to ensure no such promotions appear on

the service, and if any slip through despite these efforts, hope that the service has done

enough to satisfy prosecutors and the courts that they didn’t “know” of the rogue

promotions.

2) Turn off content moderation efforts to negate the possibility of “knowing” about the

content.

3) Exit the industry.

Most of the brand-name players, such as Google, Facebook, and the major dating services,

apparently adopted the first strategy. They expanded their content moderation operations,

eliminate any content that looks dubious, and pray that they can convince prosecutors and

judges that they should not be liable for whatever they missed. For these services, FOSTA

increases their legal and business risk and their costs, but it will have only a modest effect

on their day-to-day operations.

In contrast, several smaller services chose the third option and shut down. The most

prominent was Craigslist, which turned off its personals section entirely.

Dozens of other services that enabled dating or catered to the sex worker community shut

down as well. In addition, there were reports that Microsoft and Google took a number of

steps to shut down more content on their services in response to FOSTA’s threat, including

deleting private files from Google Drive.

Will FOSTA Help Sex Trafficking Victims? FOSTA’s many flaws become less troubling if

the law actually helps ameliorate sex trafficking. Unfortunately, there are many good

reasons to believe that FOSTA doesn’t help anyone—and has hurt several communities.

299.

There have been numerous reports of how FOSTA has been devastating to voluntary sex

workers. By advertising on Backpage.com, sex workers were able to develop their own

customer base without relying on pimps (and the associated physical coercion and financial

control exercised by pimps), and sex workers could vet prospective customers for safety

concerns before agreeing to meet with them. Furthermore, making arrangements online

with customers allowed sex workers to pick safe venues for their meetings, which markedly

differs from the physical safety concerns posed by “walking the streets.” By eliminating

online advertising by sex workers, FOSTA pushed sex workers back to the streets, where

they once again become subject to the dominion of pimps, and where they lose some of the

physical safety protections they had gained through online negotiations.

Worse, post-FOSTA, there have been reports that arrests for sex trafficking have gone

down, while arrests for prostitution have increased. The likely explanation is that pursuing

sex trafficking cases have become harder because law enforcement cannot find potential

criminals or victims by perusing Backpage.com or setting up sting operations at

Backpage.com or Craigslist. Because they now lack the best evidence to help identify and

rescue sex trafficking victims, law enforcement has redirected its resources away from sex

trafficking enforcement and towards more traditional enforcement against sex workers and

their customers.

Sex trafficking is a horrific crime, and we should all support legislative efforts to combat it.

FOSTA was not that solution, however. Instead, the in-the-field outcomes of FOSTA include

increased physical violence against sex workers, fewer prosecutions against sex trafficking

criminals, and lower odds that law enforcement will rescue sex trafficking victims.

Especially in light of the fact that FOSTA wasn’t needed to “take down” Backpage.com

(assuming that was a good policy goal in the first place), FOSTA appears to have caused

more misery for sex workers and sex trafficking victims with zero offsetting policy benefits.

See Eric Goldman, Who Benefited from FOSTA? (Spoiler: Probably No One), TECH. & MKTG.

L. BLOG, Jan. 29, 2019, https://blog.ericgoldman.org/archives/2019/01/who-benefited-from-

fosta-spoiler-probably-no-one.htm. Accordingly, FOSTA may be one of Congress’ worst

achievements in Internet regulatory policy.

What’s Next for Section 230?

For its first twenty years, Section 230 seemed politically untouchable. Everyone loved the

Internet, no one wanted to undermine its potential, and Google and Facebook spent a lot on

lobbying and posed a formidable challenge to potential opponents.

In what felt like an instant, the political calculus changed completely. Some factions of the

anti-sex trafficking advocacy community proved to be far more effective at lobbying than

the Internet community, and lots of people have fallen out of love with the Internet—and

especially with Google and Facebook, who many regulators and consumers think have

acquired too much power and therefore require regulatory intervention.

So what happens to Section 230 post-FOSTA? One scenario is that some anti-sex trafficking

advocates were uniquely effective at lobbying due to the extreme sympathy they engender.

If so, other victim advocacy groups or anti-Google/Facebook lobbying efforts may find it

hard to achieve the same outcome.

300.

Another scenario is that FOSTA is just the first of a string of new statutory exceptions to

Section 230, as every victims’ group queues up to ask their exception, and every regulator

thinks that amending Section 230 is a good way to stick it to Google and Facebook. (In fact,

as discussed before, amendments to Section 230 are far more likely to hurt Google/Facebook

rivals and entrench the incumbents’ dominant position). If the latter scenario comes to

pass, the cumulative effect of the amendments could easily undermine Section 230’s

integrity, so that plaintiffs can maneuver into one of the amendments and Section 230 ends

up being functionally worthless.

It will be interesting to see if regulators, and the general population, can fall back in love

with the Internet. The Internet enables truly miraculous activity, along with acting as a

“mirror” for the anti-social elements that have always existed in our society. To the extent

we focus on the anti-social behavior, and ignore the Internet’s remarkable aspects, further

amendments to Section 230 seem inevitable. Or, if we keep in mind the Internet’s stunning

contributions to society, we might be more amenable to preserving Section 230. In that

sense, future battles over Section 230 will be a proxy for our overall optimism or cynicism

about the Internet’s impact on society generally.

301.

The next case, Zeran v. AOL, is one of the most influential and best-known Internet law

opinions, and it is the most important Section 230 opinion to date. For more about the

case’s background and implications, see Eric Goldman & Jeff Kosseff, Commemorating the

20th Anniversary of Internet Law’s Most Important Judicial Decision, LAW.COM, Nov. 10,

2017 and the 20+ associated essays. See

https://blog.ericgoldman.org/archives/2017/11/commemorating-the-20-year-anniversary-of-

zeran-v-aol.htm.

Zeran v. AOL was the first federal appellate ruling interpreting Section 230. It interpreted

the immunity quite broadly, laying the legal foundation for the modern Internet.

Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997).

Kenneth Zeran brought this action against America Online, Inc. (“AOL”), arguing that AOL

unreasonably delayed in removing defamatory messages posted by an unidentified third

party, refused to post retractions of those messages, and failed to screen for similar postings

thereafter. The district court granted judgment for AOL on the grounds that the

Communications Decency Act of 1996 (“CDA”)—47 U.S.C. § 230—bars Zeran’s claims.

Zeran appeals, arguing that § 230 leaves intact liability for interactive computer service

providers who possess notice of defamatory material posted through their services. He also

contends that § 230 does not apply here because his claims arise from AOL’s alleged

negligence prior to the CDA’s enactment. Section 230, however, plainly immunizes

computer service providers like AOL from liability for information that originates with

third parties….Accordingly, we affirm the judgment of the district court.

I.

“The Internet is an international network of interconnected computers,” currently used by

approximately 40 million people worldwide. One of the many means by which individuals

access the Internet is through an interactive computer service. These services offer not only

a connection to the Internet as a whole, but also allow their subscribers to access

information communicated and stored only on each computer service’s individual

proprietary network. AOL is just such an interactive computer service. Much of the

information transmitted over its network originates with the company’s millions of

subscribers. They may transmit information privately via electronic mail, or they may

communicate publicly by posting messages on AOL bulletin boards, where the messages

may be read by any AOL subscriber.

The instant case comes before us on a motion for judgment on the pleadings, so we accept

the facts alleged in the complaint as true. On April 25, 1995, an unidentified person posted

a message on an AOL bulletin board advertising “Naughty Oklahoma T-Shirts.” The

posting described the sale of shirts featuring offensive and tasteless slogans related to the

April 19, 1995, bombing of the Alfred P. Murrah Federal Building in Oklahoma City. Those

interested in purchasing the shirts were instructed to call “Ken” at Zeran’s home phone

number in Seattle, Washington. As a result of this anonymously perpetrated prank, Zeran

received a high volume of calls, comprised primarily of angry and derogatory messages, but

also including death threats. Zeran could not change his phone number because he relied on

its availability to the public in running his business out of his home. Later that day, Zeran

called AOL and informed a company representative of his predicament. The employee

302.

assured Zeran that the posting would be removed from AOL’s bulletin board but explained

that as a matter of policy AOL would not post a retraction. The parties dispute the date

that AOL removed this original posting from its bulletin board.

On April 26, the next day, an unknown person posted another message advertising

additional shirts with new tasteless slogans related to the Oklahoma City bombing. Again,

interested buyers were told to call Zeran’s phone number, to ask for “Ken,” and to “please

call back if busy” due to high demand. The angry, threatening phone calls intensified. Over

the next four days, an unidentified party continued to post messages on AOL’s bulletin

board, advertising additional items including bumper stickers and key chains with still

more offensive slogans. During this time period, Zeran called AOL repeatedly and was told

by company representatives that the individual account from which the messages were

posted would soon be closed. Zeran also reported his case to Seattle FBI agents. By April

30, Zeran was receiving an abusive phone call approximately every two minutes.

[editor’s note: a screenshot of the April 26 posting that wasn’t included in the opinion]

303.

Meanwhile, an announcer for Oklahoma City radio station KRXO received a copy of the

first AOL posting. On May 1, the announcer related the message’s contents on the air,

attributed them to “Ken” at Zeran’s phone number, and urged the listening audience to call

the number. After this radio broadcast, Zeran was inundated with death threats and other

violent calls from Oklahoma City residents. Over the next few days, Zeran talked to both

KRXO and AOL representatives. He also spoke to his local police, who subsequently

surveilled his home to protect his safety. By May 14, after an Oklahoma City newspaper

published a story exposing the shirt advertisements as a hoax and after KRXO made an on-

air apology, the number of calls to Zeran’s residence finally subsided to fifteen per day.

Zeran first filed suit on January 4, 1996, against radio station KRXO in the United States

District Court for the Western District of Oklahoma. On April 23, 1996, he filed this

separate suit against AOL in the same court. Zeran did not bring any action against the

party who posted the offensive messages.1 After Zeran’s suit against AOL was transferred

to the Eastern District of Virginia pursuant to 28 U.S.C. § 1404(a), AOL answered Zeran’s

complaint and interposed 47 U.S.C. § 230 as an affirmative defense. AOL then moved for

judgment on the pleadings pursuant to Fed. R. Civ. P. 12(c). The district court granted

AOL’s motion, and Zeran filed this appeal.

II.

A.

Because § 230 was successfully advanced by AOL in the district court as a defense to

Zeran’s claims, we shall briefly examine its operation here. Zeran seeks to hold AOL liable

for defamatory speech initiated by a third party. He argued to the district court that once

he notified AOL of the unidentified third party’s hoax, AOL had a duty to remove the

defamatory posting promptly, to notify its subscribers of the message’s false nature, and to

effectively screen future defamatory material. Section 230 entered this litigation as an

affirmative defense pled by AOL. The company claimed that Congress immunized

interactive computer service providers from claims based on information posted by a third

party.

The relevant portion of § 230 states: “No provider or user of an interactive computer service

shall be treated as the publisher or speaker of any information provided by another

information content provider.”2 By its plain language, § 230 creates a federal immunity to

any cause of action that would make service providers liable for information originating

with a third-party user of the service. Specifically, § 230 precludes courts from entertaining

claims that would place a computer service provider in a publisher’s role. Thus, lawsuits

seeking to hold a service provider liable for its exercise of a publisher’s traditional editorial

functions—such as deciding whether to publish, withdraw, postpone or alter content—are

barred.

1 Zeran maintains that AOL made it impossible to identify the original party by failing to maintain adequate

records of its users. The issue of AOL’s record keeping practices, however, is not presented by this appeal. 2 …The parties do not dispute that AOL falls within the CDA’s “interactive computer service” definition and

that the unidentified third party who posted the offensive messages here fits the definition of an “information

content provider.”

304.

The purpose of this statutory immunity is not difficult to discern. Congress recognized the

threat that tort-based lawsuits pose to freedom of speech in the new and burgeoning

Internet medium. The imposition of tort liability on service providers for the

communications of others represented, for Congress, simply another form of intrusive

government regulation of speech. Section 230 was enacted, in part, to maintain the robust

nature of Internet communication and, accordingly, to keep government interference in the

medium to a minimum. In specific statutory findings, Congress recognized the Internet and

interactive computer services as offering “a forum for a true diversity of political discourse,

unique opportunities for cultural development, and myriad avenues for intellectual

activity.” It also found that the Internet and interactive computer services “have flourished,

to the benefit of all Americans, with a minimum of government regulation.” (emphasis

added). Congress further stated that it is “the policy of the United States ... to preserve the

vibrant and competitive free market that presently exists for the Internet and other

interactive computer services, unfettered by Federal or State regulation.” (emphasis added).

None of this means, of course, that the original culpable party who posts defamatory

messages would escape accountability. While Congress acted to keep government

regulation of the Internet to a minimum, it also found it to be the policy of the United

States “to ensure vigorous enforcement of Federal criminal laws to deter and punish

trafficking in obscenity, stalking, and harassment by means of computer.” Congress made a

policy choice, however, not to deter harmful online speech through the separate route of

imposing tort liability on companies that serve as intermediaries for other parties’

potentially injurious messages.

Congress’ purpose in providing the § 230 immunity was thus evident. Interactive computer

services have millions of users. The amount of information communicated via interactive

computer services is therefore staggering. The specter of tort liability in an area of such

prolific speech would have an obvious chilling effect. It would be impossible for service

providers to screen each of their millions of postings for possible problems. Faced with

potential liability for each message republished by their services, interactive computer

service providers might choose to severely restrict the number and type of messages posted.

Congress considered the weight of the speech interests implicated and chose to immunize

service providers to avoid any such restrictive effect.

Another important purpose of § 230 was to encourage service providers to self-regulate the

dissemination of offensive material over their services. In this respect, § 230 responded to a

New York state court decision, Stratton Oakmont, Inc. v. Prodigy Servs. Co., 1995 WL

323710 (N.Y. Sup. Ct. May 24, 1995). There, the plaintiffs sued Prodigy—an interactive

computer service like AOL—for defamatory comments made by an unidentified party on

one of Prodigy’s bulletin boards. The court held Prodigy to the strict liability standard

normally applied to original publishers of defamatory statements, rejecting Prodigy’s claims

that it should be held only to the lower “knowledge” standard usually reserved for

distributors. The court reasoned that Prodigy acted more like an original publisher than a

distributor both because it advertised its practice of controlling content on its service and

because it actively screened and edited messages posted on its bulletin boards.

Congress enacted § 230 to remove the disincentives to self-regulation created by the

Stratton Oakmont decision. Under that court’s holding, computer service providers who

regulated the dissemination of offensive material on their services risked subjecting

305.

themselves to liability, because such regulation cast the service provider in the role of a

publisher. Fearing that the specter of liability would therefore deter service providers from

blocking and screening offensive material, Congress enacted § 230’s broad immunity “to

remove disincentives for the development and utilization of blocking and filtering

technologies that empower parents to restrict their children’s access to objectionable or

inappropriate online material.” In line with this purpose, § 230 forbids the imposition of

publisher liability on a service provider for the exercise of its editorial and self-regulatory

functions.

B.

Zeran argues, however, that the § 230 immunity eliminates only publisher liability, leaving

distributor liability intact. Publishers can be held liable for defamatory statements

contained in their works even absent proof that they had specific knowledge of the

statement’s inclusion. W. Page Keeton et al., Prosser and Keeton on the Law of Torts § 113,

at 810 (5th ed. 1984). According to Zeran, interactive computer service providers like AOL

are normally considered instead to be distributors, like traditional news vendors or book

sellers. Distributors cannot be held liable for defamatory statements contained in the

materials they distribute unless it is proven at a minimum that they have actual knowledge

of the defamatory statements upon which liability is predicated. Id. at 811 (explaining that

distributors are not liable “in the absence of proof that they knew or had reason to know of

the existence of defamatory matter contained in matter published”). Zeran contends that he

provided AOL with sufficient notice of the defamatory statements appearing on the

company’s bulletin board. This notice is significant, says Zeran, because AOL could be held

liable as a distributor only if it acquired knowledge of the defamatory statements’ existence.

Because of the difference between these two forms of liability, Zeran contends that the term

“distributor” carries a legally distinct meaning from the term “publisher.” Accordingly, he

asserts that Congress’ use of only the term “publisher” in § 230 indicates a purpose to

immunize service providers only from publisher liability. He argues that distributors are

left unprotected by § 230 and, therefore, his suit should be permitted to proceed against

AOL. We disagree. Assuming arguendo that Zeran has satisfied the requirements for

imposition of distributor liability, this theory of liability is merely a subset, or a species, of

publisher liability, and is therefore also foreclosed by § 230.

The terms “publisher” and “distributor” derive their legal significance from the context of

defamation law. Although Zeran attempts to artfully plead his claims as ones of negligence,

they are indistinguishable from a garden variety defamation action. Because the

publication of a statement is a necessary element in a defamation action, only one who

publishes can be subject to this form of tort liability. Restatement (Second) of Torts § 558(b)

(1977); Keeton et al., supra, § 113, at 802. Publication does not only describe the choice by

an author to include certain information. In addition, both the negligent communication of

a defamatory statement and the failure to remove such a statement when first

communicated by another party—each alleged by Zeran here under a negligence label—

constitute publication. Restatement (Second) of Torts § 577. In fact, every repetition of a

defamatory statement is considered a publication. Keeton et al., supra, § 113, at 799.

306.

In this case, AOL is legally considered to be a publisher. “[E]very one who takes part in the

publication ... is charged with publication.” Id. Even distributors are considered to be

publishers for purposes of defamation law:

Those who are in the business of making their facilities available to

disseminate the writings composed, the speeches made, and the information

gathered by others may also be regarded as participating to such an extent in

making the books, newspapers, magazines, and information available to

others as to be regarded as publishers. They are intentionally making the

contents available to others, sometimes without knowing all of the contents—

including the defamatory content—and sometimes without any opportunity

to ascertain, in advance, that any defamatory matter was to be included in

the matter published.

Id. at 803. AOL falls squarely within this traditional definition of a publisher and,

therefore, is clearly protected by § 230’s immunity.

Zeran contends that decisions like Stratton Oakmont and Cubby, Inc. v. CompuServe Inc.,

776 F. Supp. 135 (S.D.N.Y. 1991), recognize a legal distinction between publishers and

distributors. He misapprehends, however, the significance of that distinction for the legal

issue we consider here. It is undoubtedly true that mere conduits, or distributors, are

subject to a different standard of liability. As explained above, distributors must at a

minimum have knowledge of the existence of a defamatory statement as a prerequisite to

liability. But this distinction signifies only that different standards of liability may be

applied within the larger publisher category, depending on the specific type of publisher

concerned. See Keeton et al., supra, § 113, at 799-800 (explaining that every party involved

is charged with publication, although degrees of legal responsibility differ). To the extent

that decisions like Stratton and Cubby utilize the terms “publisher” and “distributor”

separately, the decisions correctly describe two different standards of liability. Stratton and

Cubby do not, however, suggest that distributors are not also a type of publisher for

purposes of defamation law.

Zeran simply attaches too much importance to the presence of the distinct notice element in

distributor liability. The simple fact of notice surely cannot transform one from an original

publisher to a distributor in the eyes of the law. To the contrary, once a computer service

provider receives notice of a potentially defamatory posting, it is thrust into the role of a

traditional publisher. The computer service provider must decide whether to publish, edit,

or withdraw the posting. In this respect, Zeran seeks to impose liability on AOL for

assuming the role for which § 230 specifically proscribes liability—the publisher role.

Our view that Zeran’s complaint treats AOL as a publisher is reinforced because AOL is

cast in the same position as the party who originally posted the offensive messages.

According to Zeran’s logic, AOL is legally at fault because it communicated to third parties

an allegedly defamatory statement. This is precisely the theory under which the original

poster of the offensive messages would be found liable. If the original party is considered a

publisher of the offensive messages, Zeran certainly cannot attach liability to AOL under

the same theory without conceding that AOL too must be treated as a publisher of the

statements.

307.

Zeran next contends that interpreting § 230 to impose liability on service providers with

knowledge of defamatory content on their services is consistent with the statutory purposes

outlined in Part IIA. Zeran fails, however, to understand the practical implications of notice

liability in the interactive computer service context. Liability upon notice would defeat the

dual purposes advanced by § 230 of the CDA. Like the strict liability imposed by the

Stratton Oakmont court, liability upon notice reinforces service providers’ incentives to

restrict speech and abstain from self-regulation.

If computer service providers were subject to distributor liability, they would face potential

liability each time they receive notice of a potentially defamatory statement—from any

party, concerning any message. Each notification would require a careful yet rapid

investigation of the circumstances surrounding the posted information, a legal judgment

concerning the information’s defamatory character, and an on-the-spot editorial decision

whether to risk liability by allowing the continued publication of that information.

Although this might be feasible for the traditional print publisher, the sheer number of

postings on interactive computer services would create an impossible burden in the

Internet context. Cf. Auvil v. CBS 60 Minutes, 800 F. Supp. 928, 931 (E.D. Wash. 1992)

(recognizing that it is unrealistic for network affiliates to “monitor incoming transmissions

and exercise on-the-spot discretionary calls”). Because service providers would be subject to

liability only for the publication of information, and not for its removal, they would have a

natural incentive simply to remove messages upon notification, whether the contents were

defamatory or not. Thus, like strict liability, liability upon notice has a chilling effect on the

freedom of Internet speech.

Similarly, notice-based liability would deter service providers from regulating the

dissemination of offensive material over their own services. Any efforts by a service

provider to investigate and screen material posted on its service would only lead to notice of

potentially defamatory material more frequently and thereby create a stronger basis for

liability. Instead of subjecting themselves to further possible lawsuits, service providers

would likely eschew any attempts at self-regulation.

More generally, notice-based liability for interactive computer service providers would

provide third parties with a no-cost means to create the basis for future lawsuits. Whenever

one was displeased with the speech of another party conducted over an interactive

computer service, the offended party could simply “notify” the relevant service provider,

claiming the information to be legally defamatory. In light of the vast amount of speech

communicated through interactive computer services, these notices could produce an

impossible burden for service providers, who would be faced with ceaseless choices of

suppressing controversial speech or sustaining prohibitive liability. Because the probable

effects of distributor liability on the vigor of Internet speech and on service provider self-

regulation are directly contrary to § 230’s statutory purposes, we will not assume that

Congress intended to leave liability upon notice intact….

NOTES AND QUESTIONS

Denouement. The U.S. Supreme Court denied certiorari.

Zeran also sued KRXO, the Oklahoma City radio station. That lawsuit failed because an

Oklahoma audience wouldn’t recognize that the name “Ken” and his Seattle phone number

308.

referenced Ken Zeran. Zeran v. Diamond Broadcasting, Inc., 203 F. 3d 714 (10th Cir. 2000);

see also Robert Nelon, Zeran’s Failed Lawsuit Against an Oklahoma Radio Station,

LAW.COM, Nov. 10, 2017,

http://www.law.com/therecorder/sites/therecorder/2017/11/10/zerans-failed-lawsuit-against-

an-oklahoma-radio-station/.

Whodunit? Although the vocabulary didn’t exist in 1997, we might now call the incident a

cyber-harassment attack or an “e-personation.” Who committed this attack on Zeran? In

one of the greatest unsolved mysteries of Internet Law, the perpetrator still has never been

found. Zeran repeatedly claimed that he was chosen to be a victim at random. Other

suspects include business competitors and former romantic partners. See Eric Goldman,

Who Cyber-Attacked Ken Zeran, and Why?, LAW.COM, Nov. 10, 2017,

https://ssrn.com/abstract=3079234.

Online Defamation Exceptionalism. Online defamation cases can differ doctrinally from

offline defamation cases in at least three ways:

1) Section 230 circumscribes the list of potential defendants.

2) When an author hyperlinks to sources, courts may treat fact-like statements as if they

are opinions characterizing the facts in the linked sources.

3) Courts routinely think Internet readers are more likely to evaluate fact-like statements

online as rhetorical hyperbole or venting and thus treat those statements as opinions, not

facts.

Speech-Enhancing Statutes. When most people think about the legal protection for “free

speech,” they usually think about the First Amendment. The Constitution does play an

important role in protecting free speech, but it only sets a limit on speech regulation.

Legislatures can, and do, enact laws that enhance free speech as a supplement to the First

Amendment. Section 230 is a good example of a speech-enhancing statute.

Anti-SLAPP laws are another example. “SLAPP” is an acronym for “strategic lawsuits

against public participation,” including lawsuits designed to suppress or discourage various

types of socially beneficial speech. If a lawsuit is deemed a SLAPP, an anti-SLAPP law

typically requires the court to dismiss the case early and award attorneys’ fees to the

defendant. About 30 states have passed an anti-SLAPP law, though they vary in scope

widely; and Congress has considered federal anti-SLAPP bills several times.

Where an anti-SLAPP law is available, defendants in Section 230 cases may choose to file

an anti-SLAPP motion to strike instead of a motion to dismiss or answer. Section 230 can

provide a legal basis for why the lawsuit against the defendant is meritless, which supports

a motion to strike. When available by applicable statute, anti-SLAPP motions are also

common in ordinary defamation cases not implicating Section 230.

Another set of speech-enhancing statutes are the Consumer Review Fairness Act and its

state law analogues, including laws passed in California (Civil Code § 1670.8), Illinois, and

Maryland (§ 14–1325), which prohibit businesses from using contract provisions to ban

their customers from writing online reviews about them. See Eric Goldman Understanding

the Consumer Review Fairness Act, 24 MICH. TELECOMM. & TECH. L. REV. 1 (2017).

309.

The “Streisand Effect.” Putting aside the legal merits of a plaintiff’s defamation or privacy

claims, a lawsuit may not be in the plaintiff’s best interest. If the goal is to suppress a

content item, a court case can counterproductively call greater attention to the item and

stoke public curiosity about what the content item contains. This counterproductive

consequence is called the “Streisand Effect” (for the singer Barbra Streisand after she tried

to suppress photos of her backyard), and it’s a major risk for any plaintiff considering a

defamation or privacy lawsuit.

One court wryly observed:

In most respects, O’Kroley didn’t accomplish much in suing Google and the

other defendants. He didn’t win. He didn’t collect a dime. And the search

result about “indecency with a child” remains publicly available. All is not

lost, however. Since filing the case, Google users searching for “Colin

O’Kroley” no longer see the objectionable search result at the top of the list.

Now the top hits all involve this case (there is even a Wikipedia entry on it).

So: Even assuming two premises of this lawsuit are true—that there are

Internet users other than Colin O’Kroley searching “Colin O’Kroley” and that

they look only at the Google previews rather than clicking on and exploring

the links—it’s not likely that anyone will ever see the offending listing at the

root of this lawsuit. Each age has its own form of self-help.

O’Kroley v. Fastcase Inc., 831 F.3d 352 (6th Cir. 2016).

Section 230 and Neutrality. Section 230 has drawn highly partisan attacks from both sides.

In general, Democrats often want online services to do more content moderation or lose

Section 230, and Republicans often want online services to do less content moderation or

lose Section 230. Both critiques routinely misunderstand Section 230’s subtle doctrinal

mechanics. As a result, any proposed fixes to Section 230 almost certainly won’t accomplish

the critics’ desired outcomes.

While I’m anti-partisan and registered as “decline to state” a political party preference, I

find the Republican attacks on Section 230 especially egregious. Republican demagogues

routinely and falsely claim that Section 230 is predicated on “neutrality,” i.e., if an Internet

service exhibits any bias in its content moderation decisions, it loses Section 230’s

immunity. This false claim effectively seeks to impose “must-carry” obligations on Internet

services, because refusing or removing content demonstrates “bias.”

These attacks on Section 230 are frequently based on the afactual and empirically

disproven assertion that Internet services are biased against conservative voices. Among

other problems with the claim, it assumes Internet services uniquely discriminate against

conservatives. They do not. Instead, every community believes that Internet services are

biased against them, pointing to anecdotes where their content was moderated in ways they

disagree with. This reflects a more structural problem with content moderation: it

necessarily is a zero-sum game where someone gets what they want and someone else

doesn’t. The losers of this zero-sum game always believe that the decisions were biased

against them.

310.

Furthermore, in the Trump era, “conservative” voices have become increasingly correlated

with speakers evangelizing hate, racism, misogyny, anti-Semitism, anti-Muslim views, and

other types of exclusionary politics. See Joseph Cox & Jason Koebler, Why Won’t Twitter

Treat White Supremacy Like ISIS? Because It Would Mean Banning Some Republican

Politicians Too., MOTHERBOARD TECH BY VICE, Apr. 25, 2019,

https://www.vice.com/en_us/article/a3xgq5/why-wont-twitter-treat-white-supremacy-like-

isis-because-it-would-mean-banning-some-republican-politicians-too. It would be bizarre

(and quite troubling) to think that screening out that content constitutes “bias” against

“conservatives.” Instead, society expects Internet services to screen out such objectionable

content—especially the Democrats.

More generally, neutrality advocates misunderstand how Section 320 resolved the

Moderator’s Dilemma. Before Section 230, Internet services tried to avoid liability by

moderating as little as possible. Section 230 was designed to encourage online services to

undertake expensive content moderation endeavors rather than doing the minimum. It’s

illogical to suggest that Section 230’s immunity was predicated on not moderating content.

Plus, every publication is biased in the sense that it prioritizes some content and

deprioritizes other content. For example, newspapers decide what stories to cover (and

ignore), how many column-inches to give the story, and whether to put the story on the

front page, the back page or somewhere in between. In fact, we read editorially curated

publications because of these choices. If it weren’t, then it would be useless to us. The exact

same dynamics apply to Internet services.

To the extent content moderation decisions represent “editorial” judgments, they are fully

protected by the First Amendment’s free speech and free press clauses. Efforts to control or

restrict how Internet services perform content moderation limit their editorial discretion

and are thus unconstitutional censorship. Undoubtedly, publishers of third-party content

(both online and off) cannot be forced to publish content they would editorially decide not to.

E.g., Miami Herald Publishing Co. v. Tornillo, 418 U.S. 241 (1974); Manhattan Community

Access Corp. v. Halleck, 587 U.S. ___ (2019); Eric Goldman, Of Course the First Amendment

Protects Google and Facebook (and It’s Not a Close Question), Knight First Amendment

Institute’s Emerging Threats Series, Feb. 2018, https://ssrn.com/abstract=3133496.

Finally, mandating “neutrality” would prevent Internet services from policing their

premises. For example, Internet services wouldn’t be neutral if they treated content

differently from the Democratic Party, the Republican Party, the Communist Party, and

the American Nazi Party. That creates a false equivalency because, in fact, those parties

are not equally credible or legitimate. With mandatory neutrality, Internet services would

be flooded with the worst types of content, with little or no recourse to sort the good from

the bad. In short order, trolls would overwhelm the system. Thus, mandatory “neutrality”

would accelerate the Internet’s demise.

The “Platform” vs. “Publisher” Distinction. Many people assert that Section 230 protects

only platforms, not “publishers.” Unfortunately, this is a pernicious myth:

1) The myth is often advanced by people who don’t know (or seek to destroy) Section 230’s

exceptionalist roots. They argue that it’s not possible for publishers to avoid liability under

311.

traditional common law principles, so Section 230 couldn’t possibly immunize publishing

liability. As an exceptionalist law, that’s exactly what Section 230 does.

2) Section 230 protects all Internet services for making editorial and publication decisions.

The Zeran opinion plainly says “§ 230 forbids the imposition of publisher liability on a

service provider for the exercise of its editorial and self-regulatory functions.” So

“publishers” of third party content qualify for Section 230 protection—and have done so for

over 2 decades.

3) It’s not possible for online “platforms” to provide their services without publishing

content. As an essential part of their services, social media “platforms” and online

marketplaces must publish third-party content. As a result, the entire platform/publisher

distinction is illusory. Instead, the dichotomy often is a rhetorical move to avoid

constitutional problems with desired regulation. In theory, “platforms” should be regulable

without Constitutional limits because, per the platform-publisher distinction, they aren’t

publishing content. Because every “platform” necessarily publishes content, this rhetorical

move hurts the discourse.

My suggestion: don’t use the term “platform.” It is imprecise and easily misunderstood. Try

“Internet service” instead.

Section 230 and Account Termination. Section 230(c)(1) was designed to protect decisions to

publish or “leave up” third-party content, while Section 230(c)(2)(A) was designed to protect

decisions to filter or remove third-party content. To that end, 230(c)(1) and (c)(2)(A) have

different doctrinal requirements—especially Section 230(c)(2)(A)’s requirement that the

filtering/removal decisions be made “in good faith,” which 230(c)(1) lacks. As a result,

defendants prefer handling 230(c)(2)(A)-style cases using 230(c)(1) if possible.

This issue comes up frequently with lawsuits by social media users who have their content

blocked or removed or their accounts terminated or suspended. These lawsuits are

invariably doomed; the only questions are what grounds will end the lawsuit and how

quickly? See generally Eric Goldman, Online User Account Termination and 47 U.S.C.

§230(c)(2), 2 U.C. IRVINE L. REV. 659 (2012), https://ssrn.com/abstract=1934310.

Courts increasingly have accepted a 230(c)(1) defense in these circumstances, under the

theory that the plaintiff’s own content constitutes the “content by another information

content provider” sufficient to satisfy the Section 230(c)(1) prima facie defense elements.

See, e.g., Sikhs for Justice "SFJ", Inc. v. Facebook, Inc., 144 F. Supp. 3d 1088 (N.D. Cal.

2015), aff’d 697 Fed. Appx. 526 (9th Cir. 2017).

To get around this, some plaintiffs have tried to position the social media defendants as

“state actors” who cannot engage in unconstitutional censorship. These workaround

arguments overcome Section 230, but they are still unmeritorious. The Internet giants may

be powerful and have a commanding presence in our media ecology, but they are private

entities making constitutionally protected editorial decisions. See, e.g., Prager University v.

Google LLC, 951 F.3d 991 (9th Cir. 2020); Federal Agency of News LLC v. Facebook, Inc.,

395 F. Supp. 3d 1295 (N.D. Cal. 2019).

312.

The following case is the best-known and most-cited example of a plaintiff working around

Section 230’s immunity. As a result, plaintiffs routinely characterize this opinion as

evidence that Section 230 has limits and therefore should not apply in their case. Despite

its frequent invocation, the Section 230’s exceptions relate to the doctrinal edges, not its

core. As the D.C. Circuit said, the Roommates.com decision “marks an outer limit of CDA

immunity.” Bennett v. Google, LLC, 882 F.3d 1163 (D.C. Cir. 2018). Attempts to use

Roommates.com to get around Section 230 routinely fail; and courts often cite the

Roommates.com opinion in ruling for defendants.

Fair Housing Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d

1157 (9th Cir. 2008) (en banc)

Kozinski, Chief Judge.

We plumb the depths of the immunity provided by section 230 of the Communications

Decency Act of 1996 (“CDA”).

Facts1

Defendant Roommate.com, LLC (“Roommate”) operates a website designed to match people

renting out spare rooms with people looking for a place to live.2 At the time of the district

court’s disposition, Roommate’s website featured approximately 150,000 active listings and

received around a million page views a day. Roommate seeks to profit by collecting revenue

from advertisers and subscribers.

Before subscribers can search listings or post housing opportunities on Roommate’s

website, they must create profiles, a process that requires them to answer a series of

questions. In addition to requesting basic information—such as name, location and email

address—Roommate requires each subscriber to disclose his sex, sexual orientation and

whether he would bring children to a household. Each subscriber must also describe his

preferences in roommates with respect to the same three criteria: sex, sexual orientation

and whether they will bring children to the household. The site also encourages subscribers

to provide “Additional Comments” describing themselves and their desired roommate in an

open-ended essay. After a new subscriber completes the application, Roommate assembles

his answers into a “profile page.” The profile page displays the subscriber’s pseudonym, his

description and his preferences, as divulged through answers to Roommate’s questions.

1 This appeal is taken from the district court’s order granting defendant’s motion for summary judgment, so we

view contested facts in the light most favorable to plaintiffs. 2 For unknown reasons, the company goes by the singular name “Roommate.com, LLC” but pluralizes its

website’s URL, www.roommates.com.

313.

[Editor’s note: three screenshots from the Roommates.com website in 2008:]

314.

315.

Subscribers can choose between two levels of service: Those using the site’s free service

level can create their own personal profile page, search the profiles of others and send

personal email messages. They can also receive periodic emails from Roommate, informing

them of available housing opportunities matching their preferences. Subscribers who pay a

monthly fee also gain the ability to read emails from other users, and to view other

subscribers’ “Additional Comments.”

The Fair Housing Councils of the San Fernando Valley and San Diego (“Councils”) sued

Roommate in federal court, alleging that Roommate’s business violates the federal Fair

Housing Act (“FHA”) and California housing discrimination laws. Councils claim that

Roommate is effectively a housing broker doing online what it may not lawfully do off-line.

The district court held that Roommate is immune under section 230 of the CDA and

dismissed the federal claims without considering whether Roommate’s actions violated the

FHA. The court then declined to exercise supplemental jurisdiction over the state law

claims. Councils appeal the dismissal of the FHA claim and Roommate cross-appeals the

denial of attorneys’ fees.

316.

Analysis

Section 230 of the CDA immunizes providers of interactive computer services6 against

liability arising from content created by third parties: “No provider ... of an interactive

computer service shall be treated as the publisher or speaker of any information provided

by another information content provider.” This grant of immunity applies only if the

interactive computer service provider is not also an “information content provider,” which is

defined as someone who is “responsible, in whole or in part, for the creation or development

of” the offending content.

A website operator can be both a service provider and a content provider: If it passively

displays content that is created entirely by third parties, then it is only a service provider

with respect to that content. But as to content that it creates itself, or is “responsible, in

whole or in part” for creating or developing, the website is also a content provider. Thus, a

website may be immune from liability for some of the content it displays to the public but

be subject to liability for other content.

Section 230 was prompted by a state court case holding Prodigy responsible for a libelous

message posted on one of its financial message boards. See Stratton Oakmont, Inc. v.

Prodigy Servs. Co., 1995 WL 323710 (N.Y. Sup. Ct. May 24, 1995) (unpublished). The court

there found that Prodigy had become a “publisher” under state law because it voluntarily

deleted some messages from its message boards “on the basis of offensiveness and ‘bad

taste,’” and was therefore legally responsible for the content of defamatory messages that it

failed to delete. The Stratton Oakmont court reasoned that Prodigy’s decision to perform

some voluntary self-policing made it akin to a newspaper publisher, and thus responsible

for messages on its bulletin board that defamed third parties. The court distinguished

Prodigy from CompuServe, which had been released from liability in a similar defamation

case because CompuServe “had no opportunity to review the contents of the publication at

issue before it was uploaded into CompuServe’s computer banks.” Id.; see Cubby, Inc. v.

CompuServe, Inc., 776 F. Supp. 135, 140 (S.D.N.Y. 1991). Under the reasoning of Stratton

Oakmont, online service providers that voluntarily filter some messages become liable for

all messages transmitted, whereas providers that bury their heads in the sand and ignore

problematic posts altogether escape liability. Prodigy claimed that the “sheer volume” of

message board postings it received—at the time, over 60,000 a day—made manual review

of every message impossible; thus, if it were forced to choose between taking responsibility

for all messages and deleting no messages at all, it would have to choose the latter course.

In passing section 230, Congress sought to spare interactive computer services this grim

choice by allowing them to perform some editing on user-generated content without thereby

becoming liable for all defamatory or otherwise unlawful messages that they didn’t edit or

delete. In other words, Congress sought to immunize the removal of user-generated content,

not the creation of content: “[S]ection [230] provides ‘Good Samaritan’ protections from civil

liability for providers ... of an interactive computer service for actions to restrict ... access to

objectionable online material. One of the specific purposes of this section is to overrule

Stratton-Oakmont [sic] v. Prodigy and any other similar decisions which have treated such

6 … Today, the most common interactive computer services are websites. Councils do not dispute that

Roommate’s website is an interactive computer service.

317.

providers ... as publishers or speakers of content that is not their own because they have

restricted access to objectionable material.” H.R. Rep. No. 104-458 (1996) (emphasis added).

Indeed, the section is titled “Protection for ‘good samaritan’ blocking and screening of

offensive material” and, as the Seventh Circuit recently held, the substance of section

230(c) can and should be interpreted consistent with its caption. Chicago Lawyers’

Committee for Civil Rights Under Law, Inc. v. craigslist, Inc., 519 F.3d 666 (7th Cir. 2008).

With this backdrop in mind, we examine three specific functions performed by Roommate

that are alleged to violate the Fair Housing Act and California law.

1. Councils first argue that the questions Roommate poses to prospective subscribers during

the registration process violate the Fair Housing Act and the analogous California law.

Councils allege that requiring subscribers to disclose their sex, family status and sexual

orientation “indicates” an intent to discriminate against them, and thus runs afoul of both

the FHA and state law.13

Roommate created the questions and choice of answers, and designed its website

registration process around them. Therefore, Roommate is undoubtedly the “information

content provider” as to the questions and can claim no immunity for posting them on its

website, or for forcing subscribers to answer them as a condition of using its services.

Here, we must determine whether Roommate has immunity under the CDA because

Councils have at least a plausible claim that Roommate violated state and federal law by

merely posing the questions. We need not decide whether any of Roommate’s questions

actually violate the Fair Housing Act or California law, or whether they are protected by

the First Amendment or other constitutional guarantees; we leave those issues for the

district court on remand. Rather, we examine the scope of plaintiffs’ substantive claims only

insofar as necessary to determine whether section 230 immunity applies. However, we note

that asking questions certainly can violate the Fair Housing Act and analogous laws in the

physical world. For example, a real estate broker may not inquire as to the race of a

prospective buyer, and an employer may not inquire as to the religion of a prospective

employee. If such questions are unlawful when posed face-to-face or by telephone, they

don’t magically become lawful when asked electronically online. The Communications

Decency Act was not meant to create a lawless no-man’s-land on the Internet.15

Councils also claim that requiring subscribers to answer the questions as a condition of

using Roommate’s services unlawfully “cause[s]” subscribers to make a “statement ... with

respect to the sale or rental of a dwelling that indicates [a] preference, limitation, or

13 The Fair Housing Act prohibits any “statement ... with respect to the sale or rental of a dwelling that

indicates ... an intention to make [a] preference, limitation, or discrimination” on the basis of a protected

category. 42 U.S.C. § 3604(c) (emphasis added). California law prohibits “any written or oral inquiry concerning

the” protected status of a housing seeker. Cal. Gov. Code § 12955(b). 15 The dissent stresses the importance of the Internet to modern life and commerce, and we, of course, agree:

The Internet is no longer a fragile new means of communication that could easily be smothered in the cradle by

overzealous enforcement of laws and regulations applicable to brick-and-mortar businesses. Rather, it has

become a dominant—perhaps the preeminent—means through which commerce is conducted. And its vast reach

into the lives of millions is exactly why we must be careful not to exceed the scope of the immunity provided by

Congress and thus give online businesses an unfair advantage over their real-world counterparts, which must

comply with laws of general applicability.

318.

discrimination,” in violation of 42 U.S.C. § 3604(c). The CDA does not grant immunity for

inducing third parties to express illegal preferences. Roommate’s own acts—posting the

questionnaire and requiring answers to it—are entirely its doing and thus section 230 of

the CDA does not apply to them. Roommate is entitled to no immunity.

2. Councils also charge that Roommate’s development and display of subscribers’

discriminatory preferences is unlawful. Roommate publishes a “profile page” for each

subscriber on its website. The page describes the client’s personal information—such as his

sex, sexual orientation and whether he has children—as well as the attributes of the

housing situation he seeks. The content of these pages is drawn directly from the

registration process: For example, Roommate requires subscribers to specify, using a drop-

down menu provided by Roommate, whether they are “Male” or “Female” and then displays

that information on the profile page. Roommate also requires subscribers who are listing

available housing to disclose whether there are currently “Straight male(s),” “Gay male(s),”

“Straight female(s)” or “Lesbian(s)” living in the dwelling. Subscribers who are seeking

housing must make a selection from a drop-down menu, again provided by Roommate, to

indicate whether they are willing to live with “Straight or gay” males, only with “Straight”

males, only with “Gay” males or with “No males.” Similarly, Roommate requires subscribers

listing housing to disclose whether there are “Children present” or “Children not present”

and requires housing seekers to say “I will live with children” or “I will not live with

children.” Roommate then displays these answers, along with other information, on the

subscriber’s profile page. This information is obviously included to help subscribers decide

which housing opportunities to pursue and which to bypass. In addition, Roommate itself

uses this information to channel subscribers away from listings where the individual

offering housing has expressed preferences that aren’t compatible with the subscriber’s

answers.

The dissent tilts at windmills when it shows, quite convincingly, that Roommate’s

subscribers are information content providers who create the profiles by picking among

options and providing their own answers. There is no disagreement on this point. But, the

fact that users are information content providers does not preclude Roommate from also

being an information content provider by helping “develop” at least “in part” the

information in the profiles. As we explained in Batzel, the party responsible for putting

information online may be subject to liability, even if the information originated with a

user. See Batzel v. Smith, 333 F.3d 1018, 1033 (9th Cir. 2003).

Here, the part of the profile that is alleged to offend the Fair Housing Act and state housing

discrimination laws—the information about sex, family status and sexual orientation—is

provided by subscribers in response to Roommate’s questions, which they cannot refuse to

answer if they want to use defendant’s services. By requiring subscribers to provide the

information as a condition of accessing its service, and by providing a limited set of pre-

populated answers, Roommate becomes much more than a passive transmitter of

information provided by others; it becomes the developer, at least in part, of that

information. And section 230 provides immunity only if the interactive computer service

does not “creat[e] or develop[]” the information “in whole or in part.”

Our dissenting colleague takes a much narrower view of what it means to “develop”

information online, and concludes that Roommate does not develop the information because

“[a]ll Roommate does is to provide a form with options for standardized answers.” But

319.

Roommate does much more than provide options. To begin with, it asks discriminatory

questions that even the dissent grudgingly admits are not entitled to CDA immunity. The

FHA makes it unlawful to ask certain discriminatory questions for a very good reason:

Unlawful questions solicit (a.k.a. “develop”) unlawful answers. Not only does Roommate ask

these questions, Roommate makes answering the discriminatory questions a condition of

doing business. This is no different from a real estate broker in real life saying, “Tell me

whether you’re Jewish or you can find yourself another broker.” When a business enterprise

extracts such information from potential customers as a condition of accepting them as

clients, it is no stretch to say that the enterprise is responsible, at least in part, for

developing that information. For the dissent to claim that the information in such

circumstances is “created solely by” the customer, and that the business has not helped in

the least to develop it, strains both credulity and English.19

Roommate also argues that it is not responsible for the information on the profile page

because it is each subscriber’s action that leads to publication of his particular profile—in

other words, the user pushes the last button or takes the last act before publication. We are

not convinced that this is even true, but don’t see why it matters anyway. The projectionist

in the theater may push the last button before a film is displayed on the screen, but surely

this doesn’t make him the sole producer of the movie. By any reasonable use of the English

language, Roommate is “responsible” at least “in part” for each subscriber’s profile page,

because every such page is a collaborative effort between Roommate and the subscriber.

Similarly, Roommate is not entitled to CDA immunity for the operation of its search

system, which filters listings, or of its email notification system, which directs emails to

subscribers according to discriminatory criteria. Roommate designed its search system so it

would steer users based on the preferences and personal characteristics that Roommate

itself forces subscribers to disclose. If Roommate has no immunity for asking the

discriminatory questions, as we concluded above, it can certainly have no immunity for

using the answers to the unlawful questions to limit who has access to housing.

For example, a subscriber who self-identifies as a “Gay male” will not receive email

notifications of new housing opportunities supplied by owners who limit the universe of

acceptable tenants to “Straight male(s),” “Straight female(s)” and “Lesbian(s).” Similarly,

subscribers with children will not be notified of new listings where the owner specifies “no

children.” Councils charge that limiting the information a subscriber can access based on

that subscriber’s protected status violates the Fair Housing Act and state housing

discrimination laws. It is, Councils allege, no different from a real estate broker saying to a

client: “Sorry, sir, but I can’t show you any listings on this block because you are

[gay/female/black/a parent].” If such screening is prohibited when practiced in person or by

telephone, we see no reason why Congress would have wanted to make it lawful to profit

from it online.

19 The dissent may be laboring under a misapprehension as to how the Roommate website is alleged to operate.

For example, the dissent spends some time explaining that certain portions of the user profile application are

voluntary. We do not discuss these because plaintiffs do not base their claims on the voluntary portions of the

application, except the “Additional Comments” portion, discussed below. The dissent also soft-pedals

Roommate’s influence on the mandatory portions of the applications by referring to it with such words as

“encourage” or “encouragement” or “solicitation.” Roommate, of course, does much more than encourage or

solicit; it forces users to answer certain questions and thereby provide information that other clients can use to

discriminate unlawfully.

320.

Roommate’s search function is similarly designed to steer users based on discriminatory

criteria. Roommate’s search engine thus differs materially from generic search engines such

as Google, Yahoo! and MSN Live Search, in that Roommate designed its system to use

allegedly unlawful criteria so as to limit the results of each search, and to force users to

participate in its discriminatory process. In other words, Councils allege that Roommate’s

search is designed to make it more difficult or impossible for individuals with certain

protected characteristics to find housing—something the law prohibits. By contrast,

ordinary search engines do not use unlawful criteria to limit the scope of searches

conducted on them, nor are they designed to achieve illegal ends—as Roommate’s search

function is alleged to do here. Therefore, such search engines play no part in the

“development” of any unlawful searches.

It’s true that the broadest sense of the term “develop” could include the functions of an

ordinary search engine—indeed, just about any function performed by a website. But to

read the term so broadly would defeat the purposes of section 230 by swallowing up every

bit of the immunity that the section otherwise provides. At the same time, reading the

exception for co-developers as applying only to content that originates entirely with the

website—as the dissent would seem to suggest—ignores the words “development ... in part”

in the statutory passage “creation or development in whole or in part.” (emphasis added).

We believe that both the immunity for passive conduits and the exception for co-developers

must be given their proper scope and, to that end, we interpret the term “development” as

referring not merely to augmenting the content generally, but to materially contributing to

its alleged unlawfulness. In other words, a website helps to develop unlawful content, and

thus falls within the exception to section 230, if it contributes materially to the alleged

illegality of the conduct.

The dissent accuses us of “rac[ing] past the plain language of the statute,” but we clearly do

pay close attention to the statutory language, particularly the word “develop,” which we

spend many pages exploring. The dissent may disagree with our definition of the term,

which is entirely fair, but surely our dissenting colleague is mistaken in suggesting we

ignore the term. Nor is the statutory language quite as plain as the dissent would have it.

Quoting selectively from the dictionary, the dissent comes up with an exceedingly narrow

definition of this rather complex and multi faceted term.22 Dissent at 1184 (defining

development as “gradual advance or growth through progressive changes”) (quoting

Webster’s Third New International Dictionary 618 (2002)). The dissent does not pause to

consider how such a definition could apply to website content at all, as it excludes the kinds

of swift and disorderly changes that are the hallmark of growth on the Internet. Had our

dissenting colleague looked just a few lines lower on the same page of the same edition of

the same dictionary, she would have found another definition of “development” that is far

more suitable to the context in which we operate: “making usable or available.” The dissent

does not explain why the definition it has chosen reflects the statute’s “plain meaning,”

while the ones it bypasses do not.

22 Development, it will be recalled, has many meanings, which differ materially depending on context. Thus,

“development” when used as part of the phrase “research and development” means something quite different

than when referring to “mental development,” and something else again when referring to “real estate

development,” “musical development” or “economic development.”

321.

More fundamentally, the dissent does nothing at all to grapple with the difficult statutory

problem posed by the fact that section 230(c) uses both “create” and “develop” as separate

bases for loss of immunity. Everything that the dissent includes within its cramped

definition of “development” fits just as easily within the definition of “creation”—which

renders the term “development” superfluous. The dissent makes no attempt to explain or

offer examples as to how its interpretation of the statute leaves room for “development” as a

separate basis for a website to lose its immunity, yet we are advised by the Supreme Court

that we must give meaning to all statutory terms, avoiding redundancy or duplication

wherever possible.

While content to pluck the “plain meaning” of the statute from a dictionary definition that

predates the Internet by decades, compare Webster’s Third New International Dictionary

618 (1963) with Webster’s Third New International Dictionary 618 (2002) (both containing

“gradual advance or growth through progressive changes”), the dissent overlooks the far

more relevant definition of “[web] content development” in Wikipedia: “the process of

researching, writing, gathering, organizing and editing information for publication on web

sites.” Our interpretation of “development” is entirely in line with the context-appropriate

meaning of the term, and easily fits the activities Roommate engages in.

In an abundance of caution, and to avoid the kind of misunderstanding the dissent seems to

encourage, we offer a few examples to elucidate what does and does not amount to

“development” under section 230 of the Communications Decency Act: If an individual uses

an ordinary search engine to query for a “white roommate,” the search engine has not

contributed to any alleged unlawfulness in the individual’s conduct; providing neutral tools

to carry out what may be unlawful or illicit searches does not amount to “development” for

purposes of the immunity exception. A dating website that requires users to enter their sex,

race, religion and marital status through drop-down menus, and that provides means for

users to search along the same lines, retains its CDA immunity insofar as it does not

contribute to any alleged illegality;23 this immunity is retained even if the website is sued

for libel based on these characteristics because the website would not have contributed

materially to any alleged defamation. Similarly, a housing website that allows users to

specify whether they will or will not receive emails by means of user-defined criteria might

help some users exclude email from other users of a particular race or sex. However, that

website would be immune, so long as it does not require the use of discriminatory criteria. A

website operator who edits user-created content—such as by correcting spelling, removing

obscenity or trimming for length—retains his immunity for any illegality in the user-

created content, provided that the edits are unrelated to the illegality. However, a website

operator who edits in a manner that contributes to the alleged illegality—such as by

removing the word “not” from a user’s message reading “[Name] did not steal the artwork”

in order to transform an innocent message into a libelous one—is directly involved in the

alleged illegality and thus not immune.24

23 It is perfectly legal to discriminate along those lines in dating, and thus there can be no claim based solely on

the content of these questions. 24 Requiring website owners to refrain from taking affirmative acts that are unlawful does not strike us as an

undue burden. These are, after all, businesses that are being held responsible only for their own conduct; there

is no vicarious liability for the misconduct of their customers. Compliance with laws of general applicability

seems like an entirely justified burden for all businesses, whether they operate online or through quaint brick-

and-mortar facilities. Insofar, however, as a plaintiff would bring a claim under state or federal law based on a

website operator’s passive acquiescence in the misconduct of its users, the website operator would likely be

322.

Here, Roommate’s connection to the discriminatory filtering process is direct and palpable:

Roommate designed its search and email systems to limit the listings available to

subscribers based on sex, sexual orientation and presence of children.25 Roommate selected

the criteria used to hide listings, and Councils allege that the act of hiding certain listings

is itself unlawful under the Fair Housing Act, which prohibits brokers from steering clients

in accordance with discriminatory preferences.26 We need not decide the merits of Councils’

claim to hold that Roommate is sufficiently involved with the design and operation of the

search and email systems—which are engineered to limit access to housing on the basis of

the protected characteristics elicited by the registration process—so as to forfeit any

immunity to which it was otherwise entitled under section 230.

Roommate’s situation stands in stark contrast to Stratton Oakmont, the case Congress

sought to reverse through passage of section 230. There, defendant Prodigy was held liable

for a user’s unsolicited message because it attempted to remove some problematic content

from its website, but didn’t remove enough. Here, Roommate is not being sued for removing

some harmful messages while failing to remove others; instead, it is being sued for the

predictable consequences of creating a website designed to solicit and enforce housing

preferences that are alleged to be illegal.

We take this opportunity to clarify two of our previous rulings regarding the scope of

section 230 immunity. Today’s holding sheds additional light on Batzel v. Smith, 333 F.3d

1018 (9th Cir. 2003). There, the editor of an email newsletter received a tip about some

artwork, which the tipster falsely alleged to be stolen. The newsletter editor incorporated

the tipster’s email into the next issue of his newsletter and added a short headnote, which

he then emailed to his subscribers.27 The art owner sued for libel and a split panel held the

newsletter editor to be immune under section 230 of the CDA.28

Our opinion is entirely consistent with that part of Batzel which holds that an editor’s

minor changes to the spelling, grammar and length of third-party content do not strip him

of section 230 immunity. None of those changes contributed to the libelousness of the

message, so they do not add up to “development” as we interpret the term. Batzel went on

to hold that the editor could be liable for selecting the tipster’s email for inclusion in the

entitled to CDA immunity. This is true even if the users committed their misconduct using electronic tools of

general applicability provided by the website operator. 25 Of course, the logic of Roommate’s argument is not limited to discrimination based on these particular

criteria. If Roommate were free to discriminate in providing housing services based on sex, there is no reason

another website could not discriminate based on race, religion or national origin. Nor is its logic limited to

housing; it would apply equally to websites providing employment or educational opportunities—or anything

else, for that matter. 26 The dissent argues that Roommate is not liable because the decision to discriminate on these grounds does

not originate with Roommate; instead, “users have chosen to select characteristics that they find desirable.”

But, it is Roommate that forces users to express a preference and Roommate that forces users to disclose the

information that can form the basis of discrimination by others. Thus, Roommate makes discrimination both

possible and respectable. 27 Apparently, it was common practice for this editor to receive and forward tips from his subscribers. In effect,

the newsletter served as a heavily moderated discussion list. 28 As an initial matter, the Batzel panel held that the defendant newsletter editor was a “user” of an interactive

computer service within the definition provided by section 230. While we have our doubts, we express no view

on this issue because it is not presented to us. Thus, we assume that the editor fell within the scope of section

230’s coverage without endorsing Batzel’s analysis on this point.

323.

newsletter, depending on whether or not the tipster had tendered the piece to the editor for

posting online, and remanded for a determination of that issue.

The distinction drawn by Batzel anticipated the approach we take today. As Batzel

explained, if the tipster tendered the material for posting online, then the editor’s job was,

essentially, to determine whether or not to prevent its posting—precisely the kind of

activity for which section 230 was meant to provide immunity.29 And any activity that can

be boiled down to deciding whether to exclude material that third parties seek to post

online is perforce immune under section 230. But if the editor publishes material that he

does not believe was tendered to him for posting online, then he is the one making the

affirmative decision to publish, and so he contributes materially to its allegedly unlawful

dissemination. He is thus properly deemed a developer and not entitled to CDA immunity.30

We must also clarify the reasoning undergirding our holding in Carafano v.

Metrosplash.com, Inc., 339 F.3d 1119 (9th Cir. 2003), as we used language there that was

unduly broad. In Carafano, an unknown prankster impersonating actress Christianne

Carafano created a profile for her on an online dating site. The profile included Carafano’s

home address and suggested that she was looking for an unconventional liaison. When

Carafano received threatening phone calls, she sued the dating site for publishing the

unauthorized profile. The site asserted immunity under section 230. We correctly held that

the website was immune, but incorrectly suggested that it could never be liable because “no

[dating] profile has any content until a user actively creates it.” As we explain above, even if

the data are supplied by third parties, a website operator may still contribute to the

content’s illegality and thus be liable as a developer.31 Providing immunity every time a

website uses data initially obtained from third parties would eviscerate the exception to

section 230 for “develop[ing]” unlawful content “in whole or in part.”

We believe a more plausible rationale for the unquestionably correct result in Carafano is

this: The allegedly libelous content there—the false implication that Carafano was

unchaste—was created and developed entirely by the malevolent user, without prompting

or help from the website operator. To be sure, the website provided neutral tools, which the

anonymous dastard used to publish the libel, but the website did absolutely nothing to

encourage the posting of defamatory content—indeed, the defamatory posting was contrary

29 As Batzel pointed out, there can be no meaningful difference between an editor starting with a default rule of

publishing all submissions and then manually selecting material to be removed from publication, and a default

rule of publishing no submissions and manually selecting material to be published—they are flip sides of

precisely the same coin. Batzel, 333 F.3d at 1032 (“The scope of [section 230] immunity cannot turn on whether

the publisher approaches the selection process as one of inclusion or removal, as the difference is one of method

or degree, not substance.”). 30 The dissent scores a debater’s point by noting that the same activity might amount to “development” or not,

depending on whether it contributes materially to the illegality of the content. But we are not defining

“development” for all purposes; we are defining the term only for purposes of determining whether the

defendant is entitled to immunity for a particular act. This definition does not depend on finding substantive

liability, but merely requires analyzing the context in which a claim is brought. A finding that a defendant is

not immune is quite distinct from finding liability: On remand, Roommate may still assert other defenses to

liability under the Fair Housing Act, or argue that its actions do not violate the Fair Housing Act at all. Our

holding is limited to a determination that the CDA provides no immunity to Roommate’s actions in soliciting

and developing the content of its website; whether that content is in fact illegal is a question we leave to the

district court. 31 We disavow any suggestion that Carafano holds an information content provider automatically immune so

long as the content originated with another information content provider.

324.

to the website’s express policies. The claim against the website was, in effect, that it failed

to review each user-created profile to ensure that it wasn’t defamatory. That is precisely the

kind of activity for which Congress intended to grant absolution with the passage of section

230. With respect to the defamatory content, the website operator was merely a passive

conduit and thus could not be held liable for failing to detect and remove it.32

By contrast, Roommate both elicits the allegedly illegal content and makes aggressive use

of it in conducting its business. Roommate does not merely provide a framework that could

be utilized for proper or improper purposes; rather, Roommate’s work in developing the

discriminatory questions, discriminatory answers and discriminatory search mechanism is

directly related to the alleged illegality of the site. Unlike Carafano, where the website

operator had nothing to do with the user’s decision to enter a celebrity’s name and personal

information in an otherwise licit dating service, here, Roommate is directly involved with

developing and enforcing a system that subjects subscribers to allegedly discriminatory

housing practices.

Our ruling today also dovetails with another facet of Carafano: The mere fact that an

interactive computer service “classifies user characteristics ... does not transform [it] into a

‘developer’ of the ‘underlying misinformation.’” Carafano, like Batzel, correctly anticipated

our common-sense interpretation of the term “develop[]” in section 230. Of course, any

classification of information, like the sorting of dating profiles by the type of relationship

sought in Carafano, could be construed as “develop[ment]” under an unduly broad reading

of the term. But, once again, such a broad reading would sap section 230 of all meaning.

The salient fact in Carafano was that the website’s classifications of user characteristics did

absolutely nothing to enhance the defamatory sting of the message, to encourage

defamation or to make defamation easier: The site provided neutral tools specifically

designed to match romantic partners depending on their voluntary inputs. By sharp

contrast, Roommate’s website is designed to force subscribers to divulge protected

characteristics and discriminatory preferences, and to match those who have rooms with

those who are looking for rooms based on criteria that appear to be prohibited by the

FHA.33

32 Section 230 requires us to scrutinize particularly closely any claim that can be boiled down to the failure of an

interactive computer service to edit or block user-generated content that it believes was tendered for posting

online, as that is the very activity Congress sought to immunize by passing the section. 33 The dissent coyly suggests that our opinion “sets us apart from” other circuits, carefully avoiding the phrase

“inter-circuit conflict.” And with good reason: No other circuit has considered a case like ours and none has a

case that even arguably conflicts with our holding today. No case cited by the dissent involves active

participation by the defendant in the creation or development of the allegedly unlawful content; in each, the

interactive computer service provider passively relayed content generated by third parties, just as in Stratton

Oakmont, and did not design its system around the dissemination of unlawful content.

In Chicago Lawyers’ Committee for Civil Rights Under Law, Inc. v. craigslist, Inc., 519 F.3d 666 (7th Cir.

2008), the Seventh Circuit held the online classified website craigslist immune from liability for discriminatory

housing advertisements submitted by users. Craigslist’s service works very much like the “Additional

Comments” section of Roommate’s website, in that users are given an open text prompt in which to enter any

description of the rental property without any structure imposed on their content or any requirement to enter

discriminatory information: “Nothing in the service craigslist offers induces anyone to post any particular listing

or express a preference for discrimination....” We similarly hold the “Additional Comments” section of

Roommate’s site immune. Consistent with our opinion, the Seventh Circuit explained the limited scope of

section 230(c) immunity. More directly, the Seventh Circuit noted in dicta that “causing a particular statement

to be made, or perhaps [causing] the discriminatory content of a statement” might be sufficient to create liability

325.

3. Councils finally argue that Roommate should be held liable for the discriminatory

statements displayed in the “Additional Comments” section of profile pages. At the end of

the registration process, on a separate page from the other registration steps, Roommate

prompts subscribers to “tak[e] a moment to personalize your profile by writing a paragraph

or two describing yourself and what you are looking for in a roommate.” The subscriber is

presented with a blank text box, in which he can type as much or as little about himself as

he wishes. Such essays are visible only to paying subscribers.

Subscribers provide a variety of provocative, and often very revealing, answers. The

contents range from subscribers who “[p]ref[er] white Male roommates” or require that

“[t]he person applying for the room MUST be a BLACK GAY MALE” to those who are “NOT

looking for black muslims.” Some common themes are a desire to live without “drugs, kids

or animals” or “smokers, kids or druggies,” while a few subscribers express more particular

preferences, such as preferring to live in a home free of “psychos or anyone on mental

medication.” Some subscribers are just looking for someone who will get along with their

significant other34 or with their most significant Other.35

Roommate publishes these comments as written.36 It does not provide any specific guidance

as to what the essay should contain, nor does it urge subscribers to input discriminatory

preferences. Roommate is not responsible, in whole or in part, for the development of this

content, which comes entirely from subscribers and is passively displayed by Roommate.

Without reviewing every essay, Roommate would have no way to distinguish unlawful

discriminatory preferences from perfectly legitimate statements. Nor can there be any

for a website. (emphasis added). Despite the dissent’s attempt to imply the contrary, the Seventh Circuit’s

opinion is actually in line with our own.

In Universal Communication Systems v. Lycos, Inc., the First Circuit held a message board owner immune

under the CDA for defamatory comments posted on a message board. The allegedly defamatory comments were

made without any prompting or encouragement by defendant: “[T]here is not even a colorable argument that

any misinformation was prompted by Lycos’s registration process or its link structure.”

Green v. America Online, 318 F.3d 465 (3d Cir. 2003), falls yet farther from the mark. There, AOL was held

immune for derogatory comments and malicious software transmitted by other defendants through AOL’s

“Romance over 30” “chat room.” There was no allegation that AOL solicited the content, encouraged users to

post harmful content or otherwise had any involvement whatsoever with the harmful content, other than

through providing “chat rooms” for general use.

In Ben Ezra, Weinstein, and Co. v. America Online Inc., 206 F.3d 980 (10th Cir. 2000), the Tenth Circuit

held AOL immune for relaying inaccurate stock price information it received from other vendors. While AOL

undoubtedly participated in the decision to make stock quotations available to members, it did not cause the

errors in the stock data, nor did it encourage or solicit others to provide inaccurate data. AOL was immune

because “Plaintiff could not identify any evidence indicating Defendant [AOL] developed or created the stock

quotation information.”

And, finally, in Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997), the Fourth Circuit held AOL

immune for yet another set of defamatory and harassing message board postings. Again, AOL did not solicit the

harassing content, did not encourage others to post it, and had nothing to do with its creation other than

through AOL’s role as the provider of a generic message board for general discussions. 34 “The female we are looking for hopefully wont [sic] mind having a little sexual incounter [sic] with my

boyfriend and I [very sic].” 35 “We are 3 Christian females who Love our Lord Jesus Christ.... We have weekly bible studies and bi-weekly

times of fellowship.” 36 It is unclear whether Roommate performs any filtering for obscenity or “spam,” but even if it were to perform

this kind of minor editing and selection, the outcome would not change.

326.

doubt that this information was tendered to Roommate for publication online. This is

precisely the kind of situation for which section 230 was designed to provide immunity.

The fact that Roommate encourages subscribers to provide something in response to the

prompt is not enough to make it a “develop[er]” of the information under the common-sense

interpretation of the term we adopt today. It is entirely consistent with Roommate’s

business model to have subscribers disclose as much about themselves and their

preferences as they are willing to provide. But Roommate does not tell subscribers what

kind of information they should or must include as “Additional Comments,” and certainly

does not encourage or enhance any discriminatory content created by users. Its simple,

generic prompt does not make it a developer of the information posted.37

Councils argue that—given the context of the discriminatory questions presented earlier in

the registration process—the “Additional Comments” prompt impliedly suggests that

subscribers should make statements expressing a desire to discriminate on the basis of

protected classifications; in other words, Councils allege that, by encouraging some

discriminatory preferences, Roommate encourages other discriminatory preferences when it

gives subscribers a chance to describe themselves. But the encouragement that bleeds over

from one part of the registration process to another is extremely weak, if it exists at all.

Such weak encouragement cannot strip a website of its section 230 immunity, lest that

immunity be rendered meaningless as a practical matter.38

We must keep firmly in mind that this is an immunity statute we are expounding, a

provision enacted to protect websites against the evil of liability for failure to remove

offensive content. Websites are complicated enterprises, and there will always be close

cases where a clever lawyer could argue that something the website operator did

encouraged the illegality. Such close cases, we believe, must be resolved in favor of

immunity, lest we cut the heart out of section 230 by forcing websites to face death by ten

thousand duck-bites, fighting off claims that they promoted or encouraged—or at least

tacitly assented to—the illegality of third parties. Where it is very clear that the website

directly participates in developing the alleged illegality—as it is clear here with respect to

Roommate’s questions, answers and the resulting profile pages—immunity will be lost. But

in cases of enhancement by implication or development by inference—such as with respect

to the “Additional Comments” here—section 230 must be interpreted to protect websites not

merely from ultimate liability, but from having to fight costly and protracted legal battles.

The dissent prophesies doom and gloom for countless Internet services, but fails to

recognize that we hold part of Roommate’s service entirely immune from liability. The

search engines the dissent worries about closely resemble the “Additional Comments”

section of Roommate’s website. Both involve a generic text prompt with no direct

encouragement to perform illegal searches or to publish illegal content. We hold Roommate

37 Nor would Roommate be the developer of discriminatory content if it provided a free-text search that enabled

users to find keywords in the “Additional Comments” of others, even if users utilized it to search for

discriminatory keywords. Providing neutral tools for navigating websites is fully protected by CDA immunity,

absent substantial affirmative conduct on the part of the website creator promoting the use of such tools for

unlawful purposes. 38 It’s true that, under a pedantic interpretation of the term “develop,” any action by the website—including the

mere act of making a text box available to write in—could be seen as “develop[ing]” content. However, we have

already rejected such a broad reading of the term “develop” because it would defeat the purpose of section 230.

327.

immune and there is no reason to believe that future courts will have any difficulty

applying this principle.39 The message to website operators is clear: If you don’t encourage

illegal content, or design your website to require users to input illegal content, you will be

immune.

We believe that this distinction is consistent with the intent of Congress to preserve the

free-flowing nature of Internet speech and commerce without unduly prejudicing the

enforcement of other important state and federal laws. When Congress passed section 230

it didn’t intend to prevent the enforcement of all laws online; rather, it sought to encourage

interactive computer services that provide users neutral tools to post content online to

police that content without fear that through their “good samaritan ... screening of offensive

material,” they would become liable for every single message posted by third parties on

their website.

* * *

In light of our determination that the CDA does not provide immunity to Roommate for all

of the content of its website and email newsletters, we remand for the district court to

determine in the first instance whether the alleged actions for which Roommate is not

immune violate the Fair Housing Act, 42 U.S.C. § 3604(c).40 We vacate the dismissal of the

state law claims so that the district court may reconsider whether to exercise its

supplemental jurisdiction in light of our ruling on the federal claims. We deny Roommate’s

cross-appeal of the denial of attorneys’ fees and costs; Councils prevail on some of their

arguments before us so their case is perforce not frivolous.

REVERSED in part, VACATED in part, AFFIRMED in part and REMANDED. NO COSTS.

McKEOWN, Circuit Judge, with whom RYMER and BEA, Circuit Judges, join, concurring

in part and dissenting in part:

…The majority’s unprecedented expansion of liability for Internet service providers

threatens to chill the robust development of the Internet that Congress envisioned. The

majority condemns Roommate’s “search system,” a function that is the heart of interactive

service providers. My concern is not an empty Chicken Little “sky is falling” alert. By

39 The dissent also accuses us of creating uncertainty that will chill the continued growth of commerce on the

Internet. Even looking beyond the fact that the Internet has outgrown its swaddling clothes and no longer needs

to be so gently coddled, some degree of uncertainty is inevitable at the edge of any rule of law. Any immunity

provision, including section 230, has its limits and there will always be close cases. Our opinion extensively

clarifies where that edge lies, and gives far more guidance than our previous cases. While the dissent disagrees

about the scope of the immunity, there can be little doubt that website operators today know more about how to

conform their conduct to the law than they did yesterday.

However, a larger point remains about the scope of immunity provisions. It’s no surprise that defendants

want to extend immunity as broadly as possible. We have long dealt with immunity in different, and arguably

far more important, contexts—such as qualified immunity for police officers in the line of duty—and observed

many defendants argue that the risk of getting a close case wrong is a justification for broader immunity.

Accepting such an argument would inevitably lead to an endless broadening of immunity, as every new holding

creates its own borderline cases. 40 We do not address Roommate’s claim that its activities are protected by the First Amendment. The district

court based its decision entirely on the CDA and we refrain from deciding an issue that the district court has not

had the opportunity to evaluate.

328.

exposing every interactive service provider to liability for sorting, searching, and utilizing

the all too familiar drop-down menus, the majority has dramatically altered the landscape

of Internet liability. Instead of the “robust” immunity envisioned by Congress, interactive

service providers are left scratching their heads and wondering where immunity ends and

liability begins.

To promote the unfettered development of the Internet, Congress adopted the

Communications Decency Act of 1996 (“CDA”), which provides that interactive computer

service providers will not be held legally responsible for publishing information provided by

third parties. Even though traditional publishers retain liability for performing essentially

equivalent acts in the “non-virtual world,” Congress chose to treat interactive service

providers differently by immunizing them from liability stemming from sorting, searching,

and publishing third-party information. As we explained in Batzel v. Smith:

[Section] 230(c)(1)[] overrides the traditional treatment of publishers,

distributors, and speakers under statutory and common law. As a matter of

policy, “Congress decided not to treat providers of interactive computer

services like other information providers such as newspapers, magazines or

television and radio stations....” Congress ... has chosen to treat cyberspace

differently.

Now, with the stroke of a pen or, more accurately, a few strokes of the keyboard, the

majority upends the settled view that interactive service providers enjoy broad immunity

when publishing information provided by third parties. Instead, interactive service

providers are now joined at the hip with third-party users, and they rise and fall together in

liability for Internet sortings and postings.

To be sure, the statute, which was adopted just as the Internet was beginning a surge of

popular currency, is not a perfect match against today’s technology. The Web 2.0 version is

a far cry from web technology in the mid-1990s. Nonetheless, the basic message from

Congress has retained its traction, and there should be a high bar to liability for organizing

and searching third-party information. The bipartisan view in Congress was that the

Internet, as a new form of communication, should not be impeded by the transference of

regulations and principles developed from traditional modes of communication. The

majority repeatedly harps that if something is prohibited in the physical world, Congress

could not have intended it to be legal in cyberspace. Yet that is precisely the path Congress

took with the CDA: the anomaly that a webhost may be immunized for conducting activities

in cyberspace that would traditionally be cause for liability is exactly what Congress

intended by enacting the CDA.

In the end, the majority offers interactive computer service providers no bright lines and

little comfort in finding a home within § 230(c)(1). The result in this case is driven by the

distaste for housing discrimination, a laudable endgame were housing the real focus of this

appeal. But it is not. I share the majority’s view that housing discrimination is a troubling

issue. Nevertheless, we should be looking at the housing issue through the lens of the

Internet, not from the perspective of traditional publisher liability. Whether § 230(c)(1)

trumps the Fair Housing Act (“FHA”) is a policy decision for Congress, not us. Congress has

spoken: third-party content on the Internet should not be burdened with the traditional

legal framework.

329.

I respectfully part company with the majority as to Part 2 of the opinion because the

majority has misconstrued the statutory protection under the CDA for Roommate’s

publishing and sorting of user profiles. The plain language and structure of the CDA

unambiguously demonstrate that Congress intended these activities—the collection,

organizing, analyzing, searching, and transmitting of third-party content—to be beyond the

scope of traditional publisher liability. The majority’s decision, which sets us apart from

five circuits, contravenes congressional intent and violates the spirit and serendipity of the

Internet.

Specifically, the majority’s analysis is flawed for three reasons: (1) the opinion conflates the

questions of liability under the FHA and immunity under the CDA; (2) the majority

rewrites the statute with its definition of “information content provider,” labels the search

function “information development,” and strips interactive service providers of immunity;

and (3) the majority’s approach undermines the purpose of § 230(c)(1) and has far-reaching

practical consequences in the Internet world.

To begin, it is important to recognize what this appeal is not about. At this stage, there has

been no determination of liability under the FHA, nor has there been any determination

that the questions, answers or even the existence of Roommate’s website violate the FHA.

The FHA is a complicated statute and there may well be room for potential roommates to

select who they want to live with, e.g., a tidy accountant wanting a tidy professional

roommate, a collegiate male requesting a male roommate, an observant Jew needing a

house with a kosher kitchen, or a devout, single, religious female preferring not to have a

male housemate. It also bears noting that even if Roommate is immune under the CDA, the

issue of user liability for allegedly discriminatory preferences is a separate question.

By offering up inflammatory examples, the majority’s opinion screams “discrimination.”

The hazard is, of course, that the question of discrimination has not yet been litigated. In

dissenting, I do not condone housing discrimination or endorse unlawful discriminatory

roommate selection practices; I simply underscore that the merits of the FHA claim are not

before us. However, one would not divine this posture from the majority’s opinion, which is

infused with condemnation of Roommate’s users’ practices. To mix and match, as does the

majority, the alleged unlawfulness of the information with the question of webhost

immunity is to rewrite the statute….

The Statute…

We have characterized this immunity under § 230(c)(1) as “quite robust.” Five of our sister

circuits have similarly embraced this robust view of immunity by providing differential

treatment to interactive service providers….

Courts deciding the question of § 230(c)(1) immunity “do not write on a blank slate.” Even

though rapid developments in technology have made webhosts increasingly adept at

searching and displaying third-party information, reviewing courts have, in the twelve

years since the CDA’s enactment, “adopt[ed] a relatively expansive definition of ‘interactive

computer service’ and a relatively restrictive definition of ‘information content provider.’”

As long as information is provided by a third party, webhosts are immune from liability for

publishing “ads for housing, auctions of paintings that may have been stolen by Nazis,

330.

biting comments about steroids in baseball, efforts to verify the truth of politicians’

promises, and everything else that third parties may post on a web site.” We have

underscored that this broad grant of webhost immunity gives effect to Congress’s stated

goals “to promote the continued development of the Internet and other interactive computer

services” and “to preserve the vibrant and competitive free market that presently exists for

the Internet and other interactive computer services.”

Application of § 230(c)(1) to Roommate’s Website…

Roommate’s users are “information content providers” because they are responsible for

creating the information in their user profiles and, at their option—not the website’s

choice—in expressing preferences as to roommate characteristics. The critical question is

whether Roommate is itself an “information content provider,” such that it cannot claim

that the information at issue was “provided by another information content provider.” A

close reading of the statute leads to the conclusion that Roommate is not an information

content provider for two reasons: (1) providing a drop-down menu does not constitute

“creating” or “developing” information; and (2) the structure and text of the statute make

plain that Congress intended to immunize Roommate’s sorting, displaying, and

transmitting of third-party information.

Roommate neither “creates” nor “develops” the information that is challenged by the

Councils, i.e., the information provided by the users as to their protected characteristics

and the preferences expressed as to roommate characteristics. All Roommate does is to

provide a form with options for standardized answers. Listing categories such as geographic

location, cleanliness, gender and number of occupants, and transmitting to users profiles of

other users whose expressed information matches their expressed preferences, can hardly

be said to be creating or developing information. Even adding standardized options does not

“develop” information. Roommate, with its prompts, is merely “selecting material for

publication,” which we have stated does not constitute the “development” of information.

The profile is created solely by the user, not the provider of the interactive website. Indeed,

without user participation, there is no information at all. The drop-down menu is simply a

precategorization of user information before the electronic sorting and displaying that takes

place via an algorithm. If a user has identified herself as a non-smoker and another has

expressed a preference for a non-smoking roommate, Roommate’s sorting and matching of

user information are no different than that performed by a generic search engine.

Displaying the prompt “Gender” and offering the list of choices, “Straight male; Gay male;

Straight female; Gay female” does not develop the information, “I am a Gay male.” The user

has identified himself as such and provided that information to Roommate to publish. Thus,

the user is the sole creator of that information; no “development” has occurred. In the same

vein, presenting the user with a “Preferences” section and drop-down menus of options does

not “develop” a user’s preference for a non-smoking roommate. As we stated in Carafano,

the “actual profile ‘information’ consist[s] of the particular options chosen” by the user, such

that Roommate is not “responsible, even in part, for associating certain multiple choice

responses with a set of [] characteristics.”

The thrust of the majority’s proclamation that Roommate is “developing” the information

that it publishes, sorts, and transmits is as follows: “[W]e interpret the term ‘development’

as referring not merely to augmenting the content generally, but to materially contributing

331.

to its unlawfulness.” This definition is original to say the least and springs forth untethered

to anything in the statute.

The majority’s definition of “development” epitomizes its consistent collapse of substantive

liability with the issue of immunity. Where in the statute does Congress say anything about

unlawfulness? Whether Roommate is entitled to immunity for publishing and sorting

profiles is wholly distinct from whether Roommate may be liable for violations of the FHA.

Immunity has meaning only when there is something to be immune from, whether a

disease or the violation of a law. It would be nonsense to claim to be immune only from the

innocuous. But the majority’s immunity analysis is built on substantive liability: to the

majority, CDA immunity depends on whether a webhost materially contributed to the

unlawfulness of the information. Whether the information at issue is unlawful and whether

the webhost has contributed to its unlawfulness are issues analytically independent of the

determination of immunity. Grasping at straws to distinguish Roommate from other

interactive websites such as Google and Yahoo!, the majority repeatedly gestures to

Roommate’s potential substantive liability as sufficient reason to disturb its immunity. But

our task is to determine whether the question of substantive liability may be reached in the

first place.

Keep in mind that “unlawfulness” would include not only purported statutory violations but

also potential defamatory statements. The irony is that the majority would have us

determine “guilt” or liability in order to decide whether immunity is available. This upside-

down approach would knock out even the narrowest immunity offered under § 230(c)—

immunity for defamation as a publisher or speaker.

Another flaw in the majority’s approach is that it fails to account for all of the other

information allegedly developed by the webhost. For purposes of determining whether

Roommate is an information content provider vis-a-vis the profiles, the inquiry about

geography and the inquiry about gender should stand on the same footing. Both are single

word prompts followed by a drop-down menu of options. If a prompt about gender

constitutes development, then so too does the prompt about geography. And therein lies the

rub.

Millions of websites use prompts and drop-down menus. Inquiries range from what credit

card you want to use and consumer satisfaction surveys asking about age, sex and

household income, to dating sites, e.g., match.com, sites lambasting corporate practices,

e.g., ripoffreports.com, and sites that allow truckers to link up with available loads, e.g.,

getloaded.com. Some of these sites are innocuous while others may not be. Some may solicit

illegal information; others may not. But that is not the point. The majority’s definition of

“development” would transform every interactive site into an information content provider

and the result would render illusory any immunity under § 230(c). Virtually every site

could be responsible in part for developing content.

For example, the majority purports to carve out a place for Google and other search

engines. But the modern Google is more than a match engine: it ranks search results,

provides prompts beyond what the user enters, and answers questions. In contrast,

Roommate is a straight match service that searches information and criteria provided by

the user, not Roommate. It should be afforded no less protection than Google, Yahoo!, or

other search engines.

332.

The majority then argues that “providing neutral tools to carry out what may be unlawful

or illicit searches does not amount to ‘development.’” But this effort to distinguish Google,

Yahoo!, and other search engines from Roommate is unavailing. Under the majority’s

definition of “development,” these search engines are equivalent to Roommate. Google

“encourages” or “contributes” (the majority’s catch phrases) to the unlawfulness by offering

search tools that allow the user to perform an allegedly unlawful match. If a user types into

Google’s search box, “looking for a single, Christian, female roommate,” and Google displays

responsive listings, Google is surely “materially contributing to the alleged unlawfulness” of

information created by third parties, by publishing their intention to discriminate on the

basis of protected characteristics. In the defamation arena, a webhost’s publication of a

defamatory statement “materially contributes” to its unlawfulness, as publication to third

parties is an element of the offense. At bottom, the majority’s definition of “development”

can be tucked in, let out, or hemmed up to fit almost any search engine, creating

tremendous uncertainty in an area where Congress expected predictability.

“Development” is not without meaning. In Batzel, we hinted that the “development of

information” that transforms one into an “information content provider” is “something more

substantial than merely editing portions of an email and selecting material for publication.”

We did not flesh out further the meaning of “development” because the editor’s alterations

of an email message and decision to publish it did not constitute “development.”

Because the statute does not define “development,” we should give the term its ordinary

meaning. “Development” is defined in Webster’s Dictionary as a “gradual advance or growth

through progressive changes.” The multiple uses of “development” and “develop” in other

provisions of § 230 give texture to the definition of “development,” and further expose the

folly of the majority’s ungrounded definition. Defining “development” in this way keeps

intact the settled rule that the CDA immunizes a webhost who exercises a publisher’s

“traditional editorial functions—such as deciding whether to publish, withdraw, postpone,

or alter content.”11

Applying the plain meaning of “development” to Roommate’s sorting and transmitting of

third-party information demonstrates that it was not transformed into an “information

content provider.” In searching, sorting, and transmitting information, Roommate made no

changes to the information provided to it by users. Even having notice that users may be

11 The majority’s notion of using a different definition of “development” digs the majority into a deeper hole. For

example, adopting the Wikipedia definition of “content development”—“the process of researching, writing,

gathering, organizing and editing information for publication on web sites”—would run us smack into the

sphere of Congressionally conferred immunity. Both our circuit and others have steadfastly maintained that

activities such as organizing or editing information are traditional editorial functions that fall within the scope

of CDA immunity. Likewise, an alternative definition of “development” from Webster’s such as “a making usable

or available” sweeps too broadly, as “making usable or available” is precisely what Google and Craigslist do. In

an effort to cabin the reach of the opinion, the majority again goes back to whether the content is legal, i.e., a

dating website that requires sex, race, religion, or marital status is legal because it is legal to discriminate in

dating. Of course this approach ignores whether the claim may be one in tort, such as defamation, rather than a

statutory discrimination claim. And, this circularity also circumvents the plain language of the statute.

Interestingly, the majority has no problem offering up potentially suitable definitions of “development” by

turning to dictionaries, but it fails to explain why, and from where, it plucked its definition of “development” as

“materially contributing to [the] alleged unlawfulness” of content.

333.

using its site to make discriminatory statements is not sufficient to invade Roommate’s

immunity.

The majority blusters that Roommate develops information, because it “requir[es]

subscribers to provide the information as a condition of accessing its services,” and

“designed its search system so it would steer users based on the preferences and personal

characteristics that Roommate itself forces subscribers to disclose.” But the majority,

without looking back, races past the plain language of the statute. That Roommate requires

users to answer a set of prompts to identify characteristics about themselves does not

change the fact that the users have furnished this information to Roommate for Roommate

to publish in their profiles. Nor do Roommate’s prompts alter the fact that users have

chosen to select characteristics that they find desirable in potential roommates, and have

directed Roommate to search and compile results responsive to their requests. Moreover,

tagging Roommate with liability for the design of its search system is dangerous precedent

for analyzing future Internet cases.

Even if Roommate’s prompts and drop-down menus could be construed to seek out, or

encourage, information from users, the CDA does not withhold immunity for the

encouragement or solicitation of information. The CDA does not countenance an exception

for the solicitation or encouragement of information provided by users….

The structure of the statute also supports my view that Congress intended to immunize

Roommate’s sorting and publishing of user profiles. An “interactive computer service” is

defined to include an “access software provider.” The statute defines an “access software

provider” as one that provides “enabling tools” to “filter,” “screen,” “pick,” “choose,”

“analyze,” “digest,” “search,” “forward,” “organize,” and “reorganize” content.

By providing a definition for “access software provider” that is distinct from the definition of

an “information content provider,” and withholding immunity for “information content

providers,” the statute makes resoundingly clear that packaging, sorting, or publishing

third-party information are not the kind of activities that Congress associated with

“information content providers.” Yet these activities describe exactly what Roommate does

through the publication and distribution of user profiles: Roommate “receives,” “filters,”

“digests,” and “analyzes” the information provided by users in response to its registration

prompts, and then “transmits,” “organizes,” and “forwards” that information to users in the

form of uniformly organized profiles. Roommate is performing tasks that Congress

recognized as typical of entities that it intended to immunize….

Ramifications of the Majority Opinion

I am troubled by the consequences that the majority’s conclusion poses for the ever-

expanding Internet community. The unwise narrowing of our precedent, coupled with the

mixing and matching of CDA immunity with substantive liability, make it exceedingly

difficult for website providers to know whether their activities will be considered immune

under the CDA. We got it right in Carafano, that “[u]nder § 230(c) ... so long as a third

party willingly provides the essential published content, the interactive service provider

receives full immunity regardless of the specific editing or selection process.”

334.

Significantly, § 230(e) expressly exempts from its scope certain areas of law, such as

intellectual property law and federal criminal laws. Thus, for example, a webhost may still

be liable as a publisher or speaker of third-party information that is alleged to infringe a

copyright. Notably, the CDA does not exempt the FHA and a host of other federal statutes

from its scope. The FHA existed at the time of the CDA’s enactment, yet Congress did not

add it to the list of specifically enumerated laws for which publisher and speaker liability

was left intact. The absence of a statutory exemption suggests that Congress did not intend

to provide special case status to the FHA in connection with immunity under the CDA.

Anticipating the morphing of the Internet and the limits of creative genius and

entrepreneurship that fuel its development is virtually impossible. However, Congress

explicitly drafted the law to permit this unfettered development of the Internet. Had

Congress discovered that, over time, courts across the country have created more expansive

immunity than it originally envisioned under the CDA, Congress could have amended the

law. But it has not….

The consequences of the majority’s interpretation are far-reaching. Its position will chill

speech on the Internet and impede “the continued development of the Internet and other

interactive computer services and other interactive media.” To the extent the majority

strips immunity because of sorting, channeling, and categorizing functions, it guts the

heart of § 230(c)(1) immunity. Countless websites operate just like Roommate: they

organize information provided by their users into a standardized format, and provide

structured searches to help users find information. These sites, and their attendant display,

search, and inquiry tools, are an indispensable part of the Internet tool box. Putting a lid on

the sorting and searching functions of interactive websites stifles the core of their services.

To the extent the majority strips immunity because the information or query may be illegal

under some statute or federal law, this circumstance puts the webhost in the role of a

policeman for the laws of the fifty states and the federal system. There are not enough Net

Nannies in cyberspace to implement this restriction, and the burden of filtering content

would be unfathomable.

To the extent the majority strips immunity because a site solicits or actively encourages

content, the result is a direct restriction on the free exchange of ideas and information on

the Internet. As noted in the amici curiae brief of the news organizations, online news

organization routinely solicit third-party information. Were the websites to face host

liability for this content, they “would have no choice but to severely limit its use” and

“[s]heer economics would dictate that vast quantities of valuable information be eliminated

from websites.”

To the extent the majority strips immunity because a website “materially contributed” to

the content or output of a website by “specialization” of content, this approach would

essentially swallow the immunity provision. The combination of solicitation, sorting, and

potential for liability would put virtually every interactive website in this category. Having

a website directed to Christians, Muslims, gays, disabled veterans, or childless couples

could land the website provider in hot water.14

14 It is no surprise that there are countless specialized roommate sites. See, e.g.,

http://islam.tc/housing/index.php, http://christian-roommates.com, and http://prideroommates.com.

335.

Because the statute itself is cumbersome to interpret in light of today’s Internet

architecture, and because the decision today will ripple through the billions of web pages

already online, and the countless pages to come in the future, I would take a cautious,

careful, and precise approach to the restriction of immunity, not the broad swath cut by the

majority. I respectfully dissent and would affirm the district court’s judgment that

Roommate is entitled to immunity under § 230(c)(1) of the CDA, subject to examination of

whether the bare inquiry itself is unlawful.

NOTES AND QUESTIONS

What Is the Case’s Holding? Judge Kozinski’s opinion is dense and confusing, but its

greatest flaw is that, with respect to why Section 230 failed, it has multiple holdings…that

may be irreconcilable with each other. Three candidates for “the” holding:

Possible Holding #1: Roommates.com “developed in part” the users’ content because of how

it designed and operated the search and email systems.

Possible Holding #2: Roommates.com “developed in part” the users’ content by “materially

contributing to its alleged unlawfulness.”

Possible Holding #3: “If you don’t encourage illegal content, or design your website to

require users to input illegal content, you will be immune.”

As you can imagine, when subsequent judges interpret an opinion with three holdings that

may be inconsistent with each other, their interpretations can fracture. Holding #3 is

favorably cited far more often than holding #1 (about 3x as often), but each of the rulings

embracing holding #1 are often more significant because they create additional fractures in

Section 230’s immunity.

Internet Exceptionalism. Judges Kozinski repeatedly points to the regulation of offline

activities and says the Internet should be regulated the same. But Section 230 is an

unapologetically exceptionalist statute, so are offline analogies helpful?

“Neutral” Tools. We already discussed some problems with the term “neutrality” in the

notes after Zeran. In the Roommates.com opinion, Judge Kozinski uses the term “neutral

tools” five times but never defines the term. What exactly did he mean by “neutral tools”?

To the extent “tools” encode a designer’s judgment about how best to help users, are they

ever really “neutral”? See Eric Goldman, Search Engine Bias and the Demise of Search

Engine Utopianism, 8 YALE J. L. & TECH. 188 (2006), http://ssrn.com/abstract=893892.

The D.C. Circuit concluded that Google Map’s location algorithm was “neutral”:

Those algorithms are “neutral means” that do not distinguish between legitimate

and scam locksmiths in the translation process…its algorithm neutrally translates

both legitimate and scam information in the same manner.

336.

Marshall’s Locksmith Service Inc. v. Google LLC, 925 F.3d 1263 (D.C. Cir. 2019). This

definition is quite defense-favorable. It suggests that so long as automated tools handle

legal and illegal content identically, the tools qualify as “neutral.”

Product Configuration Choices and Section 230. Jane Doe No. 1 v. Backpage.com, LLC, 817

F.3d 12 (1st Cir. 2016) says:

claims that a website facilitates illegal conduct through its posting rules

necessarily treat the website as a publisher or speaker of content provided by

third parties and, thus, are precluded by section 230(c)(1). This holding is

consistent with, and reaffirms, the principle that a website operator’s

decisions in structuring its website and posting requirements are publisher

functions entitled to section 230(c)(1) protection

The Doe v. Backpage ruling has emerged as a powerful defense rebuttal to the

Roommates.com opinion. Several other appellate courts—including the Ninth Circuit—have

adopted rulings in line with Doe v. Backpage, including Herrick v. Grindr LLC, 765 Fed.

Appx. 586 (2d Cir. 2019); Daniel v. Armslist LLC, 386 Wis.2d 449 (2019); Dyroff v. The

Ultimate Software Group, Inc., 934 F.3d 1093 (9th Cir. 2019); and Marshall’s Locksmith

Service Inc. v. Google LLC, 925 F.3d 1263 (D.C. Cir. 2019). Though these rulings may not

expressly reject the Roommates.com opinion, their holdings may be implicitly incompatible

with it.

For example, in the Dyroff case, the court opined (emphasis added):

Ultimate Software’s functions on Experience Project most resemble the

“Additional Comments” features in Roommates.com in that Experience

Project users, including Wesley Greer, were not required to disclose that they

were looking for heroin or other illegal drugs. Rather, users were given

something along the lines of blank text boxes in which they could post and

share experiences, questions, and answers. The recommendation and

notification functions helped facilitate this user-to-user communication, but it

did not materially contribute, as Plaintiff argues, to the alleged unlawfulness

of the content….

Plaintiff is unable to allege that Ultimate Software materially contributed to

the content posted on Experience Project that led to Greer’s death. Plaintiff

cannot and does not plead that Ultimate Software required users to post

specific content, made suggestions regarding the content of potential user

posts, or contributed to making unlawful or objectionable user posts.

It is likely that Roommates.com’s influence as anti-Section 230 precedent is well-past its

high-water mark.

Is the Internet an “Infant”? Judge Kozinski says the “Internet is no longer a fragile new

means of communication that could easily be smothered in the cradle by overzealous

enforcement of laws and regulations applicable to brick-and-mortar businesses” and “the

337.

Internet has outgrown its swaddling clothes and no longer needs to be so gently coddled.”

This may be true for Google and Facebook, but is it true for the rest of the Internet?

Compare Justice Kennedy’s perspective in 2017: “While we now may be coming to the

realization that the Cyber Age is a revolution of historic proportions, we cannot appreciate

yet its full dimensions and vast potential to alter how we think, express ourselves, and

define who we want to be. The forces and directions of the Internet are so new, so protean,

and so far reaching that courts must be conscious that what they say today might be

obsolete tomorrow.” Packingham v. North Carolina, 137 S. Ct. 1730 (2017).

Other Common Law Exceptions to Section 230. In addition to Roommates.com, some other

potential common law workarounds to Section 230:

 False Advertising (which can be pled as a wide variety of causes of action). We saw a

variation of this in the Noah case, where Noah unsuccessfully claimed that AOL

promised in its TOS to clean up harassing content and failing to do so. These claims

depend a lot on exactly what the defendant advertised, and often the language

doesn’t support the plaintiff’s claims.

 Promissory Estoppel. In Barnes v. Yahoo!, Inc., 570 F.3d 1096 (9th Cir. 2009), the

Ninth Circuit held that Section 230 did not immunize against promissory estoppel

claims. However, plaintiffs rarely meet the prima facie requirements of a promissory

estoppel claim, so this workaround isn’t likely to help plaintiffs win their cases. See,

e.g., Yue v. Miao, 2019 WL 6130473 (D.S.C. 2019).

 Failure to Warn. In Jane Doe No. 14 v. Internet Brands, Inc., 824 F.3d 846 (9th Cir.

2016), the Ninth Circuit held that Section 230 did not immunize against failure-to-

warn claims—in that case, failing to warn users that the service knew sexual

predators were targeting other users. While it’s easy for plaintiffs to make failure-to-

warn arguments, it’s difficult for plaintiffs to show that the services had a duty to

warn them. For example, on remand, Jane Doe No. 14 lost the case because Internet

Brands lacked such a duty. As a result, like promissory estoppel, the duty-to-warn

Section 230 workaround doesn’t increase the likelihood of a plaintiff win. See also

Dyroff v. The Ultimate Software Group, Inc., 934 F.3d 1093 (9th Cir. 2019) (“No

website could function if a duty of care was created when a website facilitates

communication, in a content-neutral fashion, of its users’ content.”).

Increasing Regulation of Marketplaces? Online marketplaces, such as eBay and Amazon

Marketplace, have routinely been protected by Section 230. Plaintiffs have been chipping

away at this coverage, however. For example, the Third Circuit held that Amazon could be

strictly liable as the “seller” of items sold by third-party vendors in its online marketplace,

and Section 230 didn’t apply in those circumstances. Oberdorf v. Amazon.com, Inc., 2019

WL 2849153 (3d Cir. 2019) (currently pending en banc review by the Third Circuit); see also

State Farm Fire & Casualty Company v. Amazon.com, Inc., 390 F. Supp. 3d 964 (W.D. Wis.

2019). Separately, the Ninth Circuit has held that Section 230 doesn’t protect Airbnb when

it books third-party transactions. HomeAway.com, Inc. v. City of Santa Monica, 918 F.3d

676 (9th Cir. 2019). These opinions theoretically open up all online marketplaces to

unlimited federal, state and local regulations of “booking services” without any Section 230

protection.

338.

Roommates.com Denouement. In 2012, nine years after the case started, the Ninth Circuit

(via Judge Kozinski, writing his third opinion in the case) ruled that Roommates.com

hadn’t violated the Fair Housing Act because the law didn’t apply to shared dwellings. Fair

Housing Council of San Fernando Valley v. Roommate.com, LLC, 666 F.3d 1216 (9th Cir.

2012). So even though Roommates.com partially lost its the Section 230 battle, it won the

war.

Did Judge Kozinski fall into the trap predicted by Judge McKeown? Recall Judge Kozinski’s

pronouncement:

If you don’t encourage illegal content, or design your website to require users

to input illegal content, you will be immune.

The Ninth Circuit partially denied Roommates.com the Section 230 immunity because

allegedly it violated this standard; but as Judge Kozinski himself concluded in his third

opinion, Roommates.com had never encouraged illegal content nor designed its website to

require users to input illegal content. According to Judge Kozinski, Roommates.com should

have qualified for Section 230’s immunity all along. Note that if we have to adjudicate the

defendant’s substantive liability to determine if the immunity applies, and the immunity

only applies if there’s no substantive liability, the immunity is effectively worthless.

Section 230 can make a difference by expediting the dismissal of immunized cases, e.g.,

enabling cases to be terminated on a motion to dismiss rather than getting to summary

judgment or trial. In fact, many Section 230 cases end on a Rule 12(b)(6) motion to dismiss.

The Roommates.com case was a great example of a case that would have benefited from

early dismissal, because the litigants spent a lot of time and money litigating over nine

years and two trips to the Ninth Circuit (plus an en banc Ninth Circuit hearing)—only to

conclude that Roommates.com was in the clear all along. Judge Kozinski himself hints at

the virtue of early dismissal of immunized cases when he frets about “death by ten

thousand duck-bites.” Did he let Roommates.com get duck-bitten here?

Trump’s Anti-Section 230 Executive Order. In May 2020, President Trump signed Executive

Order 13925 (May 28, 2020), entitled “Preventing Online Censorship.” At a high level, the

EO took the following actions:

 The EO made various statements about how to interpret Section 230 and purported

to make those interpretations the binding law of the executive branch. As just one

example, the EO said it’s the policy of the executive branch that “large” online

platforms shouldn’t restrict free speech.

 It directed the Commerce Department to ask the FCC to do a rulemaking procedure

to interpret Section 230.

 It directed federal agencies to provide reports on their online advertising.

 It directed that 16,000+ user reports generated from a 2019 effort called “Tech Bias

Reporting” should be sent to the DOJ and FTC for their perusal.

 It encouraged the FTC to bring enforcement actions against Internet companies for

false marketing statements.

 It told AG Barr to form a working group of state AGs to investigate how state laws

can be used against Internet services; to develop model state legislation; and gather

339.

information on specified topics. It also told the AG to draft federal legislation to

advance the EO.

Although the EO purports to be a binding legal document about Section 230, it was

intended, and functions, as empty propaganda more than a legally effective document. The

White House cannot direct the FCC, FTC, or DOJ to do anything; though the DOJ will

honor the EO, at least in part. Shortly after the EO, the DOJ issued its own anti-Section

230 report, which indicated the DOJ is drafting reform legislation. The EO’s various policy

statements and Section 230 interpretations are almost certainly meaningless. Congress

writes laws and the court system interprets them; and unless Congress delegates

interpretative authority to the executive branch, the executive branch’s interpretations of

laws aren’t binding on either Congress or the courts. If an executive agency acts on the EO’s

legal interpretations of Section 230, those actions can be challenged in courts that will not

be bound by the EO’s legal interpretations—meaning those agency actions are likely to be

struck down if they don’t conform to existing Section 230 jurisprudence.

While the EO has no real bearing on the law of Section 230, it would be excellent exam

preparation to read its policy statements and purported legal interpretations and explain

the (possibly multiple) reasons why they are wrong.

230 v. 512. Compare the operation and coverage of 47 U.S.C. § 230 and 17 U.S.C. § 512:

CHAPTER 8 REVIEW QUESTION #1

In which of the following circumstances can the bolded party successfully assert a Section

230 immunity?

a) A Twitter user “retweets” another user’s defamatory tweet

340.

b) YouTube publishes a user-submitted video showing a person doing a stupid stunt that

inspires copycats who injure themselves

c) An online magazine pays for, copy-edits and publishes a freelancer’s story that contains

defamatory statements

d) PayPal processes the payment for an eBay transaction for fake sports memorabilia

e) A blogger links to a third party’s article that is defamatory

f) A Facebook user “likes” a defamatory post made by another user

CHAPTER 8 REVIEW QUESTION #2

Federal law provides civil remedies to victims of terrorist activity (including their families)

against anyone who provides “material support to terrorists.” This law might make sense in

the case of an arms dealer who knowingly profits from selling weapons to terrorists.

Known terrorist organizations such as ISIS create social media accounts at sites like

Twitter and YouTube and use the accounts to distribute propaganda. ISIS terrorist victims

and their families sue these social media services for providing material support to

terrorists. Does Section 230 immunize the social media services from these claims?

341.

There is a lot of discussion about reforming Section 230, much of it premised on the

assumption that Internet companies aren’t moderating content correctly and regulatory

reform would change that. This short essay explains why those assumptions are misguided

and no amount of regulatory reform will “fix” content moderation.

* * *

Top Myths About Content Moderation

Posted by Eric Goldman to the Technology & Marketing Law Blog, October 15, 2019

How Internet companies decide which user-submitted content to keep and which to

remove—a process called “content moderation”—is getting lots of attention lately, for good

reason. Under-moderation can lead to major social problems, like foreign agents

manipulating our elections. Over-moderation can suppress socially beneficial content, like

negative but true reviews by consumers.

Due to these high stakes, regulators across the globe increasingly seek to tell Internet

companies how to moderate content. European regulators are requiring Internet services to

remove extremist content within an hour and to install upload filters to prospectively block

copyright infringement; and U.S. legislators have proposed to ban Internet services from

moderating content at all.

Unfortunately, many of these regulatory efforts are predicated on myths about content

moderation, such as:

Myth: Content moderation can be done perfectly.

Reality: Regulators routinely assume Internet services can remove all bad content without

suppressing any good content. Unfortunately, they can’t. First, mistakes occur when the

service lacks key contextual information about the content—such as details about the

author’s identity, other online and offline activities, and cultural references. Second, any

line-drawing exercise creates mistake-prone border cases because users routinely submit

“edgy” content. Third, a high-volume service will make many mistakes, even if it’s highly

accurate—1 billion submissions a day at 99.9% accuracy still yields a million mistakes a

day.

Myth: Bad content is easy to find and remove.

Reality: Regulators often assume every item of bad content has an impossible-to-miss

flashing neon sign saying “REMOVE THIS CONTENT,” but that’s rare. Content is often

obviously bad only in hindsight or with context unavailable to the service. Regulators’

cherry-picked anecdotes don’t prove otherwise.

Myth: Technologists just need to “nerd harder.”

Reality: Filtering and artificial intelligence play important roles in content moderation.

However, technology alone cannot magically solve the problem. “Edgy” and contextless

content vexes the machines, too.

342.

Myth: Internet services should hire more humans to review content.

Reality: Humans have biases and make mistakes too, so adding human reviewers won’t

lead to perfection. Furthermore, human reviewers sometimes experience an unrelenting

onslaught of horrible content to protect the rest of us.

Myth: Internet companies have no incentive to moderate content.

Reality: In 1996, Congress passed 47 U.S.C. 230, which says Internet services generally

aren’t liable for third-party content. Due to this legal protection, critics often assume

Internet services won’t invest in content moderation; and some companies have stoked that

perception by publicly positioning themselves as “neutral” technology platforms. Yet,

virtually every Internet service moderates content, and major services like Facebook and

YouTube employ many thousands of content reviewers. Why? The services have their own

reputation to manage, and they care about how content can affect their users (e.g.,

Pinterest combats content that promotes eating disorders). Furthermore, advertisers won’t

let their ads appear on bad content, which provides additional financial incentives to

moderate.

Myth: Content moderation, if done right, will make everyone happy.

Reality: By definition, content moderation is a zero-sum game. Someone gets their desired

outcome, and someone else doesn’t—and those folks won’t be happy with the result.

Myth: There is a one-size-fits-all approach to content moderation.

Reality: Internet services cater to diverse audiences that have different moderation needs.

For example, an online crowdsourced encyclopedia like Wikipedia, an open-source software

repository like GitHub, and a payment service for content publishers like Patreon all solve

different problems for their communities. These services shouldn’t have identical content

moderation rules.

Myth: Imposing content moderation requirements will stick it to Google and Facebook.

Reality: Google and Facebook have enough money to handle virtually any requirement

imposed by regulators. Startup enterprises do not. Increased content moderation burdens

are more likely to block new entrants than to punish Google and Facebook.

Myth: Poor content moderation causes anti-social behavior.

Reality: Poorly executed content moderation can accelerate bad behavior, but often the

Internet simply mirrors existing anti-social behavior or tendencies. Better content

moderation can’t fix problems that are endemic in the human condition.

Regulators are right to identify content moderation as a critically important topic. However,

until regulators overcome these myths, regulatory interventions will cause more problems

than they solve.

343.

International Approaches to Liability for Third-Party Content

Section 230 is a globally unique policy solution. No other country favors intermediaries as

much.* This module analyzes a few other jurisdictions’ rules.

European Union “Right to Be Forgotten”

The “right to be forgotten” (RTBF) is a weird term. We cannot make people “forget” things,

but we can require content publishers to delete content or reduce its visibility.

Europe did exactly that. In Google Spain SL, Google Inc. v Agencia Española de Protección

de Datos, Mario Costeja González, Case No. C-131/12 (2014), the European Court of Justice

(ECJ) reached four important conclusions.

1) Privacy Directive Applies. The ECJ concluded that “the activity of a search engine

consisting in finding information published or placed on the internet by third parties,

indexing it automatically, storing it temporarily and, finally, making it available to internet

users according to a particular order of preference” constituted “the processing of personal

data.” As data “controllers,” search engines are required to comply with the 1995 European

Data Privacy Directive (95/46/EC).

This conclusion represents search engine exceptionalism. Search engines are subject to the

RTBF, but other online media enterprises typically aren’t. The court made this ruling after

Google argued it wasn’t a media enterprise (to avoid other unwanted regulatory

consequences). Still, a legal distinction between search engines and other media enterprises

is indefensible. See Eric Goldman, Search Engine Bias and the Demise of Search Engine

Utopianism, 8 YALE J. L. & TECH. 188 (2006).

2) Sales Office Confers Jurisdiction. The ECJ concluded that Google’s advertising sales

office in Spain meant that Google was processing personal data (its search database) within

the European Union and therefore was subject to European law.

3) Search Results De-Indexing. The ECJ concluded that search engines must “remove from

the list of results displayed following a search made on the basis of a person’s name links to

web pages, published by third parties and containing information relating to that person,”

even if that information remains on the third party website, and even if the third party

lawfully published the information.

4) Limit to De-Indexing Right. The right of people to erase search results about them

“override[s]…not only the economic interest of the operator of the search engine but also

the interest of the general public in having access to that information upon a search

relating to the data subject’s name.” However, the erasure right can be trumped by a

“preponderant interest of the general public in having, on account of its inclusion in the list

of results, access to the information in question,” such as the person’s role “in public life.”

* Article 19.17 of the USMCA, signed in 2020, requires Canada and Mexico to conform to Section 230-like

principles; and a trade agreement with Japan does as well. It remains unclear if these trade agreements will

actually change those countries’ laws to more closely resemble Section 230.

344.

The court failed to specify the exact grounds on which a person may request erasure of

search results, putting the burden on search engines, and the data protection authorities

with enforcement authority, to figure it out. Google* decided to remove links to “irrelevant,

outdated, or otherwise objectionable” information from search results for the individual’s

name; but Google won’t de-index a search result if “there’s a public interest in the

information,” such as information “about financial scams, professional malpractice,

criminal convictions, or public conduct of government officials.”

As interpreted by Google, a de-indexing request only affects results when the person’s name

is searched. Searches for other search keywords could still display those search results.

Meanwhile, even if Google de-indexes the search result, the original source material will

remain online. Thus, if an online newspaper article is subject to a de-indexing request,

Google might remove the search result from the name search but the original article is still

available at the online newspaper. This is one reason the “right to be forgotten” is a

misnomer—the newspaper doesn’t “forget” the article. Only the search engine does, and

only for specific searches.

Google’s de-indexing standards—“irrelevant, outdated, or otherwise objectionable” content

that’s not “in the public interest”—are obviously problematic. For example, if 99% of

searchers would find an information item irrelevant, but 1% of searchers would find it

exceptionally relevant, what should Google do?

Similarly, how can Google determine when information becomes outdated, “otherwise

objectionable,” or not in the public interest? It’s not easy to figure out what information has

historical significance, and information’s historical significance might change over time

(i.e., something that appears irrelevant at one point in time might emerge as essential

information at a different time). For example, for decades, Justice Kavanaugh’s high school

calendar from 1982 was not historically significant…until it became the subject of

international news and Congressional hearings during his confirmation to the U.S.

Supreme Court. If Google had “forgotten” that calendar because the document didn’t seem

that important when a removal request was made, it would have reached a decision that in

retrospect (with the benefit of historical hindsight) would be clearly wrong.

Indeed, in a perhaps inevitable ironic twist, we saw how the value of information changed

in Costeja’s own case. Because of the high public interest in his case, in 2015 the Spanish

Data Protection Authority ruled

(http://www.agpd.es/portalwebAGPD/resoluciones/tutela_derechos/tutela_derechos_2015/co

mmon/pdfs/TD-00568-2015_Resolucion-de-fecha-14-09-2015_Art-ii-culo-16-LOPD.pdf) that

Costeja no longer had the right to de-index stories discussing the facts that initially

prompted his lawsuit. Oops.

The ECJ made it clear that it doesn’t want search engines to rely on third party publishers’

judgments of what’s relevant or important. In Costeja’s case, he complained about an article

referencing him that was published in a traditional newspaper. By definition, a newspaper

only publishes items of “public interest” to its audience. Yet, the ECJ said that level of

public interest wasn’t enough.

* We’ll focus on Google’s responses because it lost the case and Google has 90%+ market share in most European

countries. Google also receives the vast bulk of de-indexing requests submitted to all search engines.

345.

Thus, the ECJ concluded that a for-profit enterprise must evaluate and depublish content

using inherently subjective legal standards and without any knowledge about the

underlying facts. Furthermore, Google makes its depublication decisions on an ex parte

basis, based solely on the representations of requesting individuals. The de-indexed

publisher does not get to plead its case before Google makes its decision; nor can the de-

indexed publisher or public interest advocates effectively protest Google’s decisions after

the fact.

If Google denies an individual’s de-indexing request, the individual can “appeal” Google’s

decision to a data protection authority. Given Google’s incentives when evaluating de-

indexing requests—potential punishment for denying a de-indexing request, no immediate

complaints for accepting a de-indexing request—Google has incentives to err on the side of

de-indexing. Nevertheless, Google has rejected a majority of de-indexing requests, perhaps

suggesting that it has been flooded with bogus or weak requests.

The ECJ ruling shocked many Americans because American law would not permit a similar

result. As an online content publisher, Google is protected by the First Amendment’s free

speech and free press clauses. Thus, any regulatory mandate that Google include or exclude

information in its search index is almost certainly unconstitutional. See, e.g., Search King,

Inc. v. Google Technology, Inc., 2003 WL 21464568 (W.D. Okla. 2003); Langdon v. Google,

Inc., 474 F. Supp. 2d 622 (D. Del. 2007); Zhang v. Baidu.com, Inc., 10 F. Supp. 3d 433

(S.D.N.Y. 2014); Google, Inc. v. Hood, 96 F. Supp. 3d 584 (S.D. Miss. 2015) (vacated on

other grounds); e-ventures Worldwide v. Google, Inc., 2017 WL 2210029 (M.D. Fla. 2017);

Eugene Volokh & Donald M. Falk, First Amendment Protection For Search Engine Search

Results, April 20, 2012; see also Martin v. Hearst Corporation, 777 F.3d 546 (2d Cir. 2015)

(publication cannot be obligated to remove article about an expunged arrest).

Furthermore, Section 230 (both (c)(1) and (c)(2)) statutorily immunize search engines for

their indexing decisions, including their refusal to de-index content (even if that content is

tortious). See, e.g., Maughan v. Google Technology, Inc., 143 Cal. App. 4th 1242 (Cal. App.

Ct. 2006); Murawski v. Pataki, 514 F. Supp. 2d 577 (S.D.N.Y. 2007); Shah v. MyLife.Com,

Inc., 2012 WL 4863696 (D. Or. 2012); Merritt v. Lexis Nexis, 2012 WL 6725882 (E.D. Mich.

2012); Nieman v. Versuslaw, Inc., 2012 WL 3201931 (C.D. Ill. 2012); Getachew v. Google,

Inc., 491 Fed. Appx. 923 (10th Cir. 2012); Mmubango v. Google, Inc., 2013 WL 664231 (E.D.

Pa. 2013); O’Kroley v. Fastcase Inc., 831 F.3d 352 (6th Cir. 2016); Fakhrian v. Google Inc.,

2016 WL 1650705 (Cal. App. Ct. 2016); Despot v. Baltimore Life Insurance Co., 2016 WL

4148085 (W.D. Pa. 2016); Manchanda v. Google, Inc., 2016 WL 6806250 (S.D.N.Y. 2016);

Mosha v. Yandex Inc., 2019 WL 5595037 (S.D.N.Y. 2019); see also Yeager v. Innovus

Pharmaceuticals, Inc., 2019 WL 447743 n.6 (N.D. Ill. 2019) (“no ‘right to be forgotten’ exists

under United States law”).

Collectively, U.S. law makes it clear that search engines, including Google.com, cannot be

legally compelled to implement a right to be forgotten.* So the U.S. and European

* In 2013, California passed an “online eraser” law that requires user-generated content websites to let minors

remove posts they made. This law has not been subject to a constitutional challenge (indeed, it has been widely

ignored), but the law likely violates the websites’ First Amendment interests. See Eric Goldman, California's

New ‘Online Eraser’ Law Should Be Erased, FORBES TERTIUM QUID BLOG, Sept. 24, 2013,

346.

regulatory schemes for search engines have diverged widely, and as we’ll discuss in a

moment, are on a collision course.

Putting the legal issues aside, the “right to be forgotten” sounds quite appealing as a policy

solution (at least superficially). After all, who wouldn’t want greater control over his or her

public identity and reputation? As one study found, “74% of U.S. adults would delete

themselves from search results if they could.” Greg Sterling, Survey: 74% Of U.S. Adults

Would Delete Themselves From Search Results If They Could, MARKETING LAND, July 16,

2014, http://marketingland.com/74-percent-adults-delete-from-search-results-91158.

Furthermore, why would Google want to keep “irrelevant” or “outdated” information in its

database? We expect Google to deliver relevant results, so perhaps the ECJ ruling just

requires Google to do what it voluntarily strives to do anyways.

Still, Google might rationally conclude that information is rarely irrelevant or outdated, at

least to some of its users, or that it doesn’t want to make such nuanced and ill-informed

decisions. Assuming Google wants to continue displaying the search results that it is forced

to remove due to de-indexing requests, the right to be forgotten might be viewed as a

regulatory effort to make search engine content dumber than is dictated by technical

ability.

Will searchers notice this deliberate dumbing-down of search engine capabilities? If de-

indexed results are truly irrelevant or outdated, then searchers won’t notice or care about

their absence. On the other hand, if de-indexed results were in fact relevant, then searchers

may notice the degradation of Google search result quality, and they will start looking for

alternative tools that do a better job meeting their needs. We’ll revisit that issue in a

moment.

Even though the right to be forgotten might be inconsistent with American norms about

free speech, it’s proving to be a popular policy solution globally. For example, in 2015,

Russia adopted a variation of RTBF even more censorial than the EU policy. Under the

Russian rule, search engines must remove offending content from its search database

entirely, so it will not appear in response to any search query. In contrast, in the EU,

search engines only need to suppress the search result for the offended individual’s name,

but the search result can appear in response to other search queries.

EU Electronic Commerce Directive, the United Kingdom Defamation Act and the Germany

Network Enforcement Law

In 2000, the European Union enacted the Electronic Commerce Directive, Directive

2000/31/EC, including safe harbors for “mere conduits” (Article 12), caching (Article 13) and

hosting (Article 14). The provisions are similar to the DMCA online safe harbors, which

served as a model. Thus, like 512(a)’s safe harbor for Internet access providers, conduits

aren’t liable for third party content, and the caching provisions resemble 512(b).

Like 512(c), the hosting safe harbor is based on a notice-and-takedown scheme:

http://www.forbes.com/sites/ericgoldman/2013/09/24/californias-new-online-eraser-law-should-be-erased/.

Furthermore, in contrast to Europe’s RTBF, California’s law only applies to content posted by the minor; the

statute explicitly says that the minor cannot remove any third-party content about the minor.

347.

Article 14: Hosting

1. Where an information society service is provided that consists of the

storage of information provided by a recipient of the service, Member States

shall ensure that the service provider is not liable for the information stored

at the request of a recipient of the service, on condition that:

(a) the provider does not have actual knowledge of illegal activity or

information and, as regards claims for damages, is not aware of facts or

circumstances from which the illegal activity or information is apparent; or

(b) the provider, upon obtaining such knowledge or awareness, acts

expeditiously to remove or to disable access to the information.

2. Paragraph 1 shall not apply when the recipient of the service is acting

under the authority or the control of the provider.

3. This Article shall not affect the possibility for a court or administrative

authority, in accordance with Member States' legal systems, of requiring the

service provider to terminate or prevent an infringement, nor does it affect

the possibility for Member States of establishing procedures governing the

removal or disabling of access to information.

This provision differs from the DMCA’s § 512(c) hosting safe harbor in several key ways.

First, the Directive requires European Union member states to enact a law consistent with

the Directive, but member states do not have to copy the provision identically. As a result,

there are national differences in the Directive’s enactment. Second, the Directive’s hosting

provision governs all claims related to user-generated content, not just copyright. Thus, the

Directive’s notice-and-takedown system applies to all legal doctrines, including those

covered by Section 230 in the United States. Third, the Directive contemplates that hosts

may be liable without ever receiving a takedown notice. In practice, European courts find

hosts liable in the absence of takedown notices more frequently than we see with Section

512(c) cases. Fourth, unlike Section 512(c)(3), the Directive doesn’t define what constitutes

a proper takedown notice, so web hosts are more likely to take action in response to any

notice submitted by anyone.

As you can see, Section 230 provides more protection for web hosts in the United States

than the Electronic Commerce Directive provides for European hosts. Accordingly, US user-

generated content websites launching localized services for European users typically

remove third party content in Europe that would be untouched in the United States.

The UK Defamation Law. The United Kingdom Defamation Act of 2013 highlights the

differences between the United States and Europe. Section 5 provides a safe harbor for

user-generated defamatory content. In general, the web host can avoid liability either by (1)

providing enough identifying information about the user to facilitate a lawsuit against

him/her, or (2) removing the content promptly after a takedown notice. Further, a web host

can’t qualify for the safe harbor if it “has acted with malice” towards the offending post,

348.

setting potential fights about web host scienter pre-takedown notice (similar to the Section

512(c) scienter problems we saw in Veoh).

For web hosts, the logical solution is to authenticate users before allowing them to post, so

that it will be possible to turn over the identifying information if demanded. As a result, the

UK Defamation Act undermines unattributed content. This rule deviates from Section 230,

which protects intermediaries for third-party content even if the poster cannot be identified.

Germany’s Network Enforcement Law (NetzDG). In 2017, Germany enacted the

Netzwerkdurchsetzungsgesetz (NetzDG). The law requires sites to maintain procedures to

remove “unlawful” user content, to remove “manifestly unlawful” user content within 24

hours of getting complaints about it (and within 7 days for merely “unlawful” user content),

and to make various public reports about content removals. The law imposes substantial

fines of up to €50 million for noncompliance. The law nominally targeted social media

platforms, but it applies to any online services with 2+ million registered users in Germany.

“Unlawful” content includes a wide range of content, including “public incitement to crime,”

“violation of intimate privacy by taking photographs,” defamation, “treasonous forgery”,

forming criminal or terrorist organizations, and “dissemination of depictions of violence.”

The NetzDG law supplements the EU Directive in important ways. First, it provides a

specific turnaround time for takedowns. Second, it starts to creep into regulating the

mechanics of a service’s content moderation/removal operations. Third, it requires the

production of “transparency” reports about complaints received and the service’s responses,

which may spur further regulatory oversight. Finally, the statute specifies penalties that

can be punitive in practice, which has spurred the regulated services to over-remove

content.

Brazil’s Internet Bill of Rights

In 2014, Brazil enacted an “Internet Bill of Rights.” An unofficial translation of some key

parts:

Art. 18 The provider of connection to internet shall not be liable for civil

damages resulting from content generated by third parties.

Art. 19 In order to ensure freedom of expression and prevent censorship, the

provider of internet applications can only be subject to civil liability for

damages resulting from content generated by third parties if, after an specific

court order, it does not take any steps to, within the framework of their

service and within the time stated in the order, make unavailable the content

that was identified as being unlawful, unless otherwise provided by law.

§ 1º The referred court order must include, under penalty of being null, clear

identification of the specific content identified as infringing, allowing the

unquestionable location of the material.

§ 2º The implementation of the provisions of this article for infringement of

copyright or related rights is subject to a specific legal provision, which must

respect freedom of speech and other guarantees provided for in Art. 5º of the

Federal Constitution.

349.

§ 3º The compensation disputes for damages arising from content made

available on the internet related to the honor, reputation or personality

rights, as well as the removal of related contents by internet application

providers, can be presented to special small causes courts.

§ 4º The judge, including within the proceeding set forth in § 3º, can

anticipate, partially or in full, the effects of the request contained in the

initial petition, to the extent that undisputable proof exists of the fact,

considering society’s collective interest in the availability of the content on

the internet, as long as the requisites of truthiness of the author’s claims, the

reasonable concern of irreparable damage, or damage that is difficult to

repair are met.

Art. 20 Whenever the contact information of the user directly responsible for

the content, referred to in Art. 19, is available, the provider of internet

applications shall have the obligation to inform the user about the execution

of the court order with information that allows the user to legally contest and

submit a defense in court, unless otherwise provided by law or in a court

order.

Sole Paragraph. When requested by the user, who provided the content made

unavailable, the provider of internet applications that carries out this activity

in an organized, professional manner and for economic purposes, shall

replace the content made unavailable for a note of explanation or with the

text of the court order that gave grounds to the unavailability of such content.

Art. 21 The internet application provider that makes third party generated

content available shall be held liable for the breach of privacy arising from

the disclosure of images, videos and other materials containing nudity or

sexual activities of a private nature, without the authorization of the

participants, when, after receipt of notice by the participant or his/hers legal

representative, refrains from removing, in a diligent manner, within its own

technical limitations, such content.

Sole Paragraph. The notice set forth above must contain sufficient elements

that allow the specific identification of the material said to violate the right to

privacy of the participant-user and the confirmation of the legitimacy of the

party presenting the request.

It’s hard to properly evaluate this text without reading it in its original language

(“truthiness”?) and thoroughly understanding Brazilian law, which differs from U.S. law in

many significant ways. Still, we can infer from Article 19 that “providers of internet

applications”—presumably including both websites and mobile apps—generally aren’t

civilly liable for user-generated content until a court orders its removal. To understand how

useful this safe harbor is, we’d need to know how broad Brazilian criminal law is (many

countries define more activity as criminal than the United States does) and how hard it is

to get a court order (which is easier in many countries than in the United States).

The bill of rights treats several types of claims specially. Copyright claims apparently are

covered by another provision. Claims related to “honor, reputation or personality rights”

can be fast-tracked to a small claims court. Claims related to non-consensual pornography

are subject to a notice-and-takedown regime.

350.

By generally deferring intermediary liability until a court order, Article 19 more closely

resembles Section 230 than the European notice-and-takedown rules. Still, Section 230 goes

further. A court can’t order a U.S. web host to remove user-generated content; any lawsuit

directly against the web host is preempted by Section 230, and a court order in any other

lawsuit can’t reach the web host due to Federal Rules of Civil Procedure 65(d)(2). See, e.g.,

Blockowicz v. Williams, 630 F.3d 563 (7th Cir. 2010); Giordano v. Romeo, 76 So.3d 1100

(Fla. Dist. App. Ct. 2011); see also Hassell v. Bird, 5 Cal. 5th 522 (Cal. 2018) (Yelp can’t be

compelled to honor a removal injunction).

Section 230 and Foreign Judgments

In 2010, Congress enacted the SPEECH Act, codified at 28 USC §§ 4101-05. Among other

provisions, the law says that a foreign court judgment for defamation cannot be enforced in

the United States if the result would have violated Section 230 if litigated in a U.S. court;

and unsuccessful plaintiffs must pay the attorneys’ fees of the Section 230-immunized

entity. Thus, even if foreign laws are less protective of web hosts or other intermediaries

than Section 230, a foreign court’s defamation judgment will not work in U.S. courts if it

violates Section 230. See, e.g., Trout Point Lodge, Ltd. v. Handshoe, 729 F.3d 481 (5th Cir.

2013).

Global Removals Based on Local Violations

From the Internet’s earliest days, the tension between a global communication network and

local geography-based laws has been obvious. One scenario is that every jurisdiction’s local

laws apply to the Internet globally, meaning that the country (or sub-national regulator)

with the most restrictive law for any content category sets the global standard for that

content. If this scenario comes to pass, the Internet will only contain content that is legal in

every jurisdiction in the world—a small fraction of the content we as Americans might

enjoy, because many countries broadly restrict content that is clearly legal in the U.S.

Perhaps surprisingly, we’ve generally avoided this dystopian scenario—so far. In part, this

is because many major Internet services create localized versions of their offerings that

conform to local laws, which allows the services to make country-by-country removals of

locally impermissible content. Thus, the content on google.de might vary pretty

substantially from the content on google.com. This localization undermines the 1990s

utopian vision that the Internet would enable a single global content database that

everyone in the world could uniformly enjoy. However, service localization has also

forestalled more dire regulatory crises. So long as google.de complies with local German

laws and google.com complies with local U.S. laws, regulators in the U.S. and Germany

should be OK…right?

Maybe. In a long-running battle over the Right to Be Forgotten, the French regulator CNIL

took the position that any RTBF removal applies to all of Google’s indexes worldwide, not

just those in Europe. Google made numerous accommodations to appease CNIL, including

filtering the search results from a non-EU search index when accessed by someone in the

EU. Despite these accommodations, CNIL took the issue to the European Court of Justice,

which mostly sided with Google. Google LLC v. Commission Nationale de L’Informatique et

des Libertés (CNIL), Case C‑507/17 (ECJ 2019). The ECJ said “a search engine operator

351.

cannot be required…to carry out a de-referencing on all the versions of its search engine.”

However, the court said the law potentially could be changed to impose such a duty.

Furthermore, search engines can be required to try to block European users from reaching

search indexes not subject to the RTBF.

Will territorial limits be found in other cases? Maybe not. The CNIL case interpreted the

GDPR. A couple of weeks later, the ECJ interpreted the E-Commerce Directive and held

that Facebook could be required to remove defamatory content worldwide. Glawischnig-

Piesczek v. Facebook Ireland Ltd, Case C-18/18 (ECJ 2019).

Another case from Canada illustrates the challenges in these cases. In 2017, the Canada

Supreme Court ordered Google to globally remove search results based on alleged Canadian

legal violations. Google Inc. v. Equustek Solutions Inc., 2017 SCC 34.

In that case, Datalink, a competitor of Equustek, sold products that allegedly infringed

Equustek’s intellectual property rights. After Equustek sued Datalink, Datalink relocated

to an unknown location outside of Canada, putting it beyond the reach of Canadian courts.

Equustek asked Google to deindex Datalink’s website. Google partially deindexed the site

from google.ca, but Equustek sought more relief. The Canada Supreme Court ordered

global deindexing of Datalink’s website:

The problem in this case is occurring online and globally. The Internet has no

borders — its natural habitat is global. The only way to ensure that the

interlocutory injunction attained its objective was to have it apply where

Google operates — globally. As Fenlon J. found, the majority of Datalink’s

sales take place outside Canada. If the injunction were restricted to Canada

alone or to google.ca, as Google suggests it should have been, the remedy

would be deprived of its intended ability to prevent irreparable harm.

Purchasers outside Canada could easily continue purchasing from Datalink’s

websites, and Canadian purchasers could easily find Datalink’s websites even

if those websites were de-indexed on google.ca. Google would still be

facilitating Datalink’s breach of the court’s order which had prohibited it

from carrying on business on the Internet….

The order does not require that Google take any steps around the world, it

requires it to take steps only where its search engine is controlled….

This is not an order to remove speech that, on its face, engages freedom of

expression values, it is an order to de-index websites that are in violation of

several court orders….

This does not make Google liable for this harm. It does, however, make

Google the determinative player in allowing the harm to occur.

The court noted that Google admitted it would be easy to deindex Datalink’s domain name,

and the court noted that Google regularly deindexes content for other reasons, such as the

DMCA online safe harbor.

352.

The court dismissed the risk of international conflicts-of-laws because everyone apparently

accepted that Datalink would violate Equustek’s IP rights under other countries’ laws.

However, the court was surprisingly unspecific about the alleged IP violations, which

apparently included trademarks and trade secrets. Thus, the court avoided some subtle IP

issues, such as the scope of Equustek’s trademark rights (usually trademark rights don’t

reach beyond a country’s borders, so a Canadian court cannot order a defendant to stop

infringing trademark rights in other countries) and the likelihood that Canadian trade

secret laws and remedies differ from the laws and remedies of other countries. See Ariel

Katz, Google v. Equustek: Unnecessarily Hard Cases Make Unnecessarily Bad Law,

ArielKatz.org, June 29, 2017, https://arielkatz.org/google-v-equustek-unnecessarily-hard-

cases-make-unnecessarily-bad-law/.

In a subsequent proceeding not contested by Equustek, Google successfully obtained a U.S.

court order declaring that “the Canadian court’s order cannot be enforced in the United

States and enjoining its enforcement.” Google LLC v. Equustek Solutions Inc., 2017 WL

5000834 (N.D. Cal. 2017). The court explained: “The Canadian order would eliminate

Section 230 immunity for service providers that link to third-party websites. By forcing

intermediaries to remove links to third-party material, the Canadian order undermines the

policy goals of Section 230 and threatens free speech on the global internet.”

This seemingly sets up an international conflicts-of-law: Google now has conflicting

injunctions in two different countries. Yet, so long as Google is subject to Canadian

jurisdiction, the U.S. order doesn’t change its legal exposure in Canada. When presented

with the U.S. order, the British Columbia Supreme Court shrugged its shoulders: “The

effect of the U.S. order is that no action can be taken against Google to enforce the

injunction in U.S. courts. That does not restrict the ability of this Court to protect the

integrity of its own process through orders directed to parties over whom it has personal

jurisdiction.” Equustek Solutions Inc. v. Jack, 2018 BCSC 610.

In response to the Canadian Supreme Court opinion, Canadian law professor Michael Geist

wrote:

what happens if a Chinese court orders it to remove Taiwanese sites from the

index? Or if an Iranian court orders it to remove gay and lesbian sites from

the index? Since local content laws differ from country to country, there is a

great likelihood of conflicts. That leaves two possible problematic outcomes:

local courts deciding what others can access online or companies such as

Google selectively deciding which rules they wish to follow. The Supreme

Court of Canada did not address the broader implications of the decision,

content to limit its reasoning to the need to address the harm being sustained

by a Canadian company, the limited harm or burden to Google, and the ease

with which potential conflicts could be addressed by adjusting the global

takedown order. In doing so, it invites more global takedowns without

requiring those seeking takedowns to identify potential conflicts or assess the

implications in other countries.

Michael Geist, Global Internet Takedown Orders Come to Canada: Supreme Court Upholds

International Removal of Google Search Results, MichaelGeist.ca, June 28, 2017,

353.

http://www.michaelgeist.ca/2017/06/global-internet-takedown-orders-come-canada-

supreme-court-upholds-international-removal-google-search-results/.

Note that Equustek ruling (as well as its CNIL dispute) avoid an underlying jurisdictional

issue because Google has substantial physical presence in both Canada and Europe. Would

Canada or Europe have jurisdiction over an Internet service that operates exclusively from

the United States?

CHAPTER 8 REVIEW QUESTION #3

Under which of these circumstances can a U.S. resident compel Google to remove search

results from its Google.com search index?

a) If the search result contains the plaintiff’s social security number

b) If the search result displays an unflattering photo of the plaintiff

c) If the search result contains factual assertions that a foreign court has declared

defamatory

d) If the search result contains factual assertions that a U.S. court has declared defamatory

e) If the search result contains an outdated version of the plaintiff’s resume that the

plaintiff posted to his personal website and subsequently replaced with an updated version

354.

IX. Privacy

From xkcd, http://xkcd.com/1269/

355.

The Children’s Online Privacy Protection Act (COPPA) is an Internet exceptionalist law

that protects children’s personal information online. Most general-purpose websites and

online apps easily fall outside its scope (can you parse the statute to see why?).

Excerpts from 16 C.F.R. Part 312, the Children’s Online Privacy Protection Act’s

Regulations

16 C.F.R. § 312.3. General requirements. It shall be unlawful for any operator of a Web site

or online service directed to children, or any operator that has actual knowledge that it is

collecting or maintaining personal information from a child, to collect personal information

from a child in a manner that violates the regulations prescribed under this part.

Generally, under this part, an operator must:

(a) Provide notice on the Web site or online service of what information it collects from

children, how it uses such information, and its disclosure practices for such information (§

312.4(b));

(b) Obtain verifiable parental consent prior to any collection, use, and/or disclosure of

personal information from children (§ 312.5);

(c) Provide a reasonable means for a parent to review the personal information collected

from a child and to refuse to permit its further use or maintenance (§ 312.6);

(d) Not condition a child’s participation in a game, the offering of a prize, or another activity

on the child disclosing more personal information than is reasonably necessary to

participate in such activity (§ 312.7); and

(e) Establish and maintain reasonable procedures to protect the confidentiality, security,

and integrity of personal information collected from children (§ 312.8).

Definitions from 16 C.F.R. § 312.2:

Personal information means individually identifiable information about an individual

collected online, including:

(1) A first and last name;

(2) A home or other physical address including street name and name of a city or town;

(3) Online contact information as defined in this section;

(4) A screen or user name where it functions in the same manner as online contact

information, as defined in this section;

(5) A telephone number;

(6) A Social Security number;

(7) A persistent identifier that can be used to recognize a user over time and across

different Web sites or online services. Such persistent identifier includes, but is not limited

to, a customer number held in a cookie, an Internet Protocol (IP) address, a processor or

device serial number, or unique device identifier;

(8) A photograph, video, or audio file where such file contains a child’s image or voice;

(9) Geolocation information sufficient to identify street name and name of a city or town; or

356.

(10) Information concerning the child or the parents of that child that the operator collects

online from the child and combines with an identifier described in this definition.

Collects or collection means the gathering of any personal information from a child by any

means, including but not limited to:

(1) Requesting, prompting, or encouraging a child to submit personal information online;

(2) Enabling a child to make personal information publicly available in identifiable form.

An operator shall not be considered to have collected personal information under this

paragraph if it takes reasonable measures to delete all or virtually all personal information

from a child’s postings before they are made public and also to delete such information from

its records; or

(3) Passive tracking of a child online.

Web site or online service directed to children means a commercial Web site or online

service, or portion thereof, that is targeted to children.

(1) In determining whether a Web site or online service, or a portion thereof, is directed to

children, the Commission will consider its subject matter, visual content, use of animated

characters or child-oriented activities and incentives, music or other audio content, age of

models, presence of child celebrities or celebrities who appeal to children, language or other

characteristics of the Web site or online service, as well as whether advertising promoting

or appearing on the Web site or online service is directed to children. The Commission will

also consider competent and reliable empirical evidence regarding audience composition,

and evidence regarding the intended audience.

(2) A Web site or online service shall be deemed directed to children when it has actual

knowledge that it is collecting personal information directly from users of another Web site

or online service directed to children.

(3) A Web site or online service that is directed to children under the criteria set forth in

paragraph (1) of this definition, but that does not target children as its primary audience,

shall not be deemed directed to children if it:

(i) Does not collect personal information from any visitor prior to collecting

age information; and

(ii) Prevents the collection, use, or disclosure of personal information from

visitors who identify themselves as under age 13 without first complying with

the notice and parental consent provisions of this part.

(4) A Web site or online service shall not be deemed directed to children solely because it

refers or links to a commercial Web site or online service directed to children by using

information location tools, including a directory, index, reference, pointer, or hypertext link.

357.

Note About The E.U.’s General Data Protection Regulation (GDPR)

This book primarily focuses on U.S. law, but we have to address a key piece of European

law because of its importance to U.S. Internet law.

The European Union’s General Data Protection Regulation, or GDPR, came into effect in

May 2018. The GDPR has many implications for businesses both in Europe and

internationally. The GDPR will affect many Internet companies for the foreseeable future,

so odds are high that you will have to navigate the GDPR—whether you want to or not.

This part gives you just a broad sketch of the GDPR. The actual text (https://eur-

lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN) is 88 pages

of dense and impenetrable legalese (much of it in the passive voice). Each EU country is

required to implement the GDPR in its own laws, which creates country-by-country

variations in implementation, and the GDPR is supplemented by rulings from the

European Court of Justice, official and unofficial guidance from the European Data

Protection Board, national Supervisory Authorities, and others. If you’re actually making a

business decision governed by the GDPR, you’ll need to consult with an expert in EU data

protection law. For more on why Americans struggle to understand the GDPR, see Meg

Leta Jones & Margot E. Kaminski, An American’s Guide to the GDPR, 98 DENV. L. REV. __

(2020).

European companies must also comply with the ePrivacy Directive (Directive 2002/58/EC,

as modified by Directive 2009/136/EC), sometimes called the “Cookie Directive.” The

ePrivacy Directive regulates communication privacy in numerous ways, including requiring

consent for:

 any direct marketing by phone, fax, email, text, or other electronic message.

Individuals must affirmatively opt-in—i.e., the checkbox must be presented as

unchecked—to receive these marketing materials (with limited exceptions).

 placing or reading cookies or other client-side persistent identifiers. Individual

consent usually is sought in a web banner. This is why you often see websites asking

for permission to place cookies.

The GDPR and ePrivacy Directive may overlap, in which case they both apply.

Who Must Comply with the GDPR?

The GDPR applies to anyone who “processes” personal data, defined as “any operation or

set of operations which is performed on personal data or on sets of personal data, whether

or not by automated means.”

The GDPR defines two roles: data “controllers” and “processors.” The GDPR places a

heavier compliance burden on controllers, so the distinction between the two is critical.

A controller “determines the purposes and means of processing personal data.” A processor

“processes personal data on behalf of a controller.” In some cases, this will be fairly clear.

An example:

358.

A brewery has many employees. It signs a contract with a payroll company to pay

the wages. The brewery tells the payroll company when the wages should be paid,

when an employee leaves or has a pay rise, and provides all other details for the

salary slip and payment. The payroll company provides the IT system and stores the

employees’ data. The brewery is the data controller and the payroll company is the

data processor.

In some cases, an advertiser who collects information directly from consumers would be the

controller; and third party vendors who help the advertiser communicate with those

consumers would be processors. (The GDPR applies to all individuals, not just consumers,

but this note focuses on the consumer context).

However, because the GDPR’s definitions are flexible, it will not always be clear who is a

controller and who is a processor. The GDPR also contemplates that entities working

together can be “joint controllers,” making the classification decision even more difficult. As

one commentator wrote, “deciding who is a data controller and who a data processor in

complicated areas like modern targeted advertising is maddeningly difficult.” Lilian

Edwards, Data Protection: Enter the General Data Protection Regulation, in LAW, POLICY

AND THE INTERNET (2018).

What Data Does the GDPR Cover?

The GDPR defines “personal data” as “any information relating to an identified or

identifiable natural person (‘data subject’); an identifiable natural person is one who can be

identified, directly or indirectly, in particular by reference to an identifier such as a name,

an identification number, location data, an online identifier or to one or more factors

specific to the physical, physiological, genetic, mental, economic, cultural or social identity

of that natural person.”

Like most privacy laws, this definition attempts to distinguish personal data from non-

personal data, but even very general data about a person can become identifiable when

combined with enough other data. Some items are categorically personal data, like names,

telephone numbers and email addresses, and other items, like IP addresses or a unique

identifier in a browser cookie, likely qualify as well.

However, the definition could be read much more broadly to cover virtually every scrap of

data about any person. The GDPR only excludes truly “anonymous” data, if such a thing

even exists.

The GDPR provides extra protections for “sensitive” personal data. The GDPR prohibits

processing data “revealing racial or ethnic origin, political opinions, religious or

philosophical beliefs, or trade union membership, and the processing of genetic data,

biometric data for the purpose of uniquely identifying a natural person, data concerning

health or data concerning a natural person's sex life or sexual orientation,” subject to many

exclusions. There are also extra protections for information about criminal convictions and

offenses.

359.

GDPR’s Rights and Obligations

The GDPR creates a wide range of rights for consumers and requirements on controllers

and processors.

GDPR Article 5 enumerates six “principles” that apply to all processing of personal data:

 Lawfulness, Fairness and Transparency. Personal data shall be “processed lawfully,

fairly and in a transparent manner.”

 Purpose Limitation. Personal data shall be “collected for specified, explicit and

legitimate purposes and not further processed in a manner that is incompatible with

those purposes” (subject to some public interest exceptions).

 Data Minimization. Personal data shall be “adequate, relevant and limited to what

is necessary in relation to the purposes for which they are processed.”

 Accuracy. Personal data shall be “accurate and, where necessary, kept up to date.”

 Storage Limitation. Personal data shall be “kept in a form which permits

identification of data subjects for no longer than is necessary for the purposes for

which the personal data are processed” (subject to some public interest exceptions).

 Integrity and Confidentiality (a/k/a Security). Personal data shall be “processed in a

manner that ensures appropriate security of the personal data.”

As you can see, these vaguely worded principles are more aspirational than prescriptive.

This reflects the GDPR’s general regulatory approach. The GDPR wants companies to

comply both with the letter of the law and its spirit, and it creates the possibility of

enforcement when the spirit of the law isn’t honored. As Jones and Kaminski explain, the

“GDPR is often vague because it tasks companies with figuring out how to best implement

its aspirations.” The GDPR’s aspirational approach to regulation conflicts with American

jurisprudential norms that favor bright-line rules that provide more legal certainty.

The GDPR prohibits the processing of personal data unless permitted by one of six “lawful”

bases, which includes consumer consent. However, the GDPR substantially raises the bar

for what constitutes proper consent. The GDPR requires that consumers opt-in, with

granular consent options, for different processing operations. Consent cannot be obtained

via pre-checked boxes or in the terms of service, and consent generally shouldn’t be a

precondition of registration. Because of the complexities associated with obtaining proper

consent from consumers, controllers often will find it more expedient or less risky to rely on

one of the five other lawful bases for processing. As Jones and Kaminski state bluntly: “The

GDPR is not primarily based on consent.”

In addition to the Article 5 principles, Chapter III of the GDPR describes 8 consumer rights:

 Right to Be Informed. Consumers have the right to know when their data is being

collected and why. Articles 13 and 14 enumerate minimum requirements of privacy

disclosures.

 Right of Access. Consumers have the right to see their data.

 Right to Rectification. Consumers have the right to correct erroneous information

about them.

360.

 Right of Erasure (also called the “right to be forgotten”). Consumers have the right

to delete personal data about them in many circumstances.

 Right to Restrict Processing. Consumers have the right to restrict processing of their

personal data in many circumstances.

 Right to Data Portability. Consumers have the right to obtain and reuse personal

data about them for their own purposes across different services in certain cases.

 Right to Object. Consumers have the right to object to and prevent their data from

being used for specified purposes, including an absolute right to stop their data

being used for direct marketing purposes.

 Rights Related to Automated Decision-Making. A decision with legal effects may be

made solely by a machine, and consumers may be profiled, only with consumers’

explicit consent, or where necessary for the contract, or as otherwise legally

authorized.

The GDPR also requires various operational procedures that make companies more

proactive about data protection rather than treating it like a “check-the-box” compliance

function. For example, it expects companies to implement “data protection by design and by

default,” companies are required to conduct “data protection impact assessments” before

undertaking significant actions, and some companies must designate a “Data Protection

Officer.” The GDPR also requires companies to report data breaches to government

regulators and, in some cases, directly to consumers.

As mentioned earlier, data processors have fewer obligations than data controllers. A data

processor must comply with its contracts with data controllers and:

 not use a sub-processor without the controller’s permission;

 cooperate with regulators;

 ensure the security of its processing;

 keep records of processing activities;

 notify the data controller of any personal data breaches;

 employ a Data Protection Officer (in some cases); and

 appoint a representative within the European Union (if the processor isn’t

established in the EU).

Damages

The GDPR authorizes direct consumer lawsuits for violations, either individually or

through public interest organizations. Violations also can be enforced by government

agencies, which can seek fines of up to €20M or 4% of a company’s global annual revenue

(and, in the case of a group of companies, 4% of the group’s global annual revenue),

whichever is greater.

Jurisdictional Reach

The GDPR applies to:

(1) Companies established in the EU, regardless of whether data processing takes place

inside or outside the EU or the data relates to EU residents. Thus, a U.S. company

361.

with a physical presence in the EU may be subject to GDPR both for EU consumer

data and non-EU consumer data.

(2) Companies not established in the EU that process EU residents’ data where the

processing is (a) related to offering goods or services to individuals in the EU, or (b)

related to monitoring behavior by individuals in the EU. These companies must

appoint a representative in the EU.

Thus, the GDPR purports to govern the processing of EU consumer data by companies that

have no physical presence in the EU at all. So, a Silicon Valley-based Internet startup with

a globally available website might need to comply with the GDPR from day one. However,

the GDPR’s potentially global reach raises many complex issues about transborder

conflicts-of-laws and enforcements, so the GDPR’s actual application to non-EU companies

may not be as broad as the GDPR claims. As a practical matter, EU-based regulators will

prioritize their enforcement efforts, and for the foreseeable future, the regulators are likely

to have higher-value targets than small U.S. start-up companies with offices exclusively in

the U.S. Still, E.U. regulators inevitably will bring cases that test this geographic issue.

So the legally conservative approach would be for all consumer-facing Internet services to

comply with the GDPR unless they have no EU offices and never touch EU consumer data.

Indeed, many U.S.-only companies have chosen to do just that. This is a reason why every

Internet law professional must be familiar with the GDPR. However, compliance with the

GDPR is quite expensive and demanding than complying with just U.S. law. Therefore,

many U.S. Internet companies will choose to ignore the GDPR unless/until they have

physical offices in the EU. See Kurt Wimmer, Free Expression and EU Privacy Regulation:

Can the GDPR Reach U.S. Publishers?, 68 SYR. L. REV. 547 (2018).

Even if a U.S. company never directly collects EU consumer data, it might still encounter

the GDPR if it receives transborder data transfers of EU consumer data from its business

partners. For example, the GDPR regulates when a European company hires a U.S.-based

advertising agency to help with ad buys, and the company wants to share consumer data

with the agency. In this situation, the company is the data controller and the ad agency is a

data processor; and the company must legally impose GDPR-based restrictions on the

agency to satisfy its own GDPR obligations.* Thus, a U.S.-only company might still need to

comply with the GDPR, at least in part, to facilitate such business arrangements.

A Third Option to Address Jurisdiction: Opt Out of Europe

To bypass the comply-or-not decision, non-EU companies may rationally decide to turn off

their services in Europe altogether. This could be as simple as setting up IP address blocks

for EU-based IP addresses. Indeed, a number of companies have blocked EU users, such as

this site displaying a “451” error code:

* There is a separate issue about whether EU data can be transferred to the U.S. at all. Such transborder

movements of data to non-EU countries are permitted only when adequate/appropriate safeguards are in place

to protect consumer privacy. The U.S. as a country has not received an adequacy determination.

362.

(The 451 error code is a not-subtle reference to dystopian novel, Fahrenheit 451, about

censorship).

Some major media outlets, like the Chicago Tribune, took a similar approach:

See U.S. News Outlets Block European Readers Over New Privacy Rules, N.Y. TIMES, May

25, 2018, https://www.nytimes.com/2018/05/25/business/media/europe-privacy-gdpr-

us.html; Jeff South, More Than 1,000 U.S. News Sites Are Still Unavailable in Europe, Two

Months After GDPR Took Effect, NIEMAN LABS, Aug. 7, 2018,

http://www.niemanlab.org/2018/08/more-than-1000-u-s-news-sites-are-still-unavailable-in-

europe-two-months-after-gdpr-took-effect/.

363.

Other services have reduced their offerings in Europe. For example, LinkedIn dropped its

“Mentioned in the News” feature in Europe due to privacy concerns. David Cohen, LinkedIn

Put Its Mentioned in the News Feature on Hold in the EU, ADWEEK, Feb. 28, 2019,

https://www.adweek.com/digital/linkedin-put-its-mentioned-in-the-news-feature-on-hold-in-

the-eu/.

The Washington Post took yet a different approach, charging an extra fee for GDPR-

compliant services to compensate for the lost ad revenue and increased compliance costs:

(The California’s Consumer Privacy Act, discussed below, may restrict price discrimination

like this).

These examples show how the GDPR effectively shrank the Internet for EU consumers—

the Internet is less functional and robust for them. (Of course, EU residents can try to use

VPNs to get around geoblocks, but many won’t bother to do so). These virtual geographic

walls further hinder trans-border understanding of different cultures and reduce cross-

border pollination of ideas.

Thus, the GDPR significantly contributes to and accelerates the splintering of the Internet

into many “Internets,” where the Internet available to people in one geographic location

increasingly looks different than the Internet available to people in other places. Perhaps

geographically distinct Internets were inevitable, but they represent a limitation of the

Internet imposed wholly by regulation, not technology.

Star Trek’s vision for the future is that our globe overcomes national borders to unite into a

single government. The Internet could contribute to that future, but splintered Internets—

364.

fueled by well-intentioned privacy laws—seemingly makes that vision of the future feel

impossible.

GDPR’s Effects on Competition

Costly and cumbersome privacy regulations (like the GDPR and CCPA) have significant,

and often unwanted, effects on marketplace competition. For example, numerous studies

have documented that GDPR hurt Google and Facebook less than their smaller

competitors—or even helped reinforce their market dominance. E.g., Jessica Davies, The

Impact of GDPR, in 5 Charts, DIGIDAY, Aug. 24, 2018, https://digiday.com/media/impact-

gdpr-5-charts/; Mark Scott et al, How Silicon Valley Gamed Europe’s Privacy Rules,

POLITICO, May 22, 2019, https://www.politico.eu/article/europe-data-protection-gdpr-

general-data-protection-regulation-facebook-google/; Alec Stapp, GDPR After One Year:

Costs and Unintended Consequences, TRUTH ON THE MARKET, May 24, 2019,

https://truthonthemarket.com/2019/05/24/gdpr-after-one-year-costs-and-unintended-

consequences/; Leonid Bershidsky, Europe’s Privacy Rules Hurt Small Firms, Not Tech

Giants, BLOOMBERG, July 25, 2019, https://www.bloomberg.com/opinion/articles/2019-07-

26/europe-s-privacy-rules-hurt-small-firms-not-google-and-facebook. Frustratingly, these

unwanted competitive effects were widely predicted in advance.

365.

An Introduction to the California Consumer Privacy Act (CCPA)

(current as of July 1, 2020)

By spending about $3M of his personal fortune, a California real estate developer with a

yen for privacy and money to burn qualified a privacy initiative for the November 2018

California statewide ballot. If passed by voters, the initiative’s language—which contained

numerous provisions that were toxic to the business community—would have been

exceptionally difficult to amend, functionally locking in problematic policy permanently.

Following the ballot certification, the developer offered the California legislature a “deal”: if

it immediately passed a law substantially similar to the initiative, he would withdraw the

initiative from the ballot. This deal was attractive to all sides. The developer would get his

desired policy outcome without spending millions more to sway voters. Meanwhile, for

opponents and the legislature, passing a bill would retain the legislature’s power to improve

and superintend the law over time, plus the opponents would avoid spending an estimated

$100M to fight the initiative.

In a chaotic 7 day period in June 2018, the California legislature introduced, amended, and

enacted AB 375, the California Consumer Privacy Act (“CCPA”). The legislature didn’t hold

any hearings on the law and, behind closed doors, got minimal input from affected

stakeholders. This is how California got a sweeping, lengthy, insanely complicated, and

poorly drafted privacy law that governs the world’s fifth largest economy (and beyond).

Following passage of the CCPA, the California legislature made numerous, but mostly

cleanup or minor, amendments in 2019. The legislature will likely adopt a few more (mostly

minor) amendments in 2020.

In parallel, the law required the California Attorney General’s Office (the “DOJ”) to develop

regulations, a process that took two years. The DOJ issued its final regulations in June

2020, just a few weeks before the DOJ could start enforcing the law.

Collectively, the CCPA and regulations create a 21,000+ word unreadable mess. This note

provides a roadmap to the law, but bonne chance if you ever have the misfortune of reading

the law yourself.

Who Has to Comply With the Law?

The law applies to any business that “collects consumers’ personal information, or on the

behalf of which such information is collected and that alone, or jointly with others,

determines the purposes and means of the processing of consumers’ personal information,

that does business in the State of California” and satisfies one of these three requirements:

1) has $25M+ in annual revenues (from anywhere, not just California), or

2) derives 50%+ of its revenues from selling consumer data, or

3) “annually buys, receives for the business’ commercial purposes, sells, or shares for

commercial purposes, alone or in combination, the personal information of 50,000 or more

consumers, households, or devices” (1798.140(c)).

366.

The law excludes the collection or sale of “a consumer’s personal information if every aspect

of that commercial conduct takes place wholly outside of California[, i.e.,] if the business

collected that information while the consumer was outside of California, no part of the sale

of the consumer’s personal information occurred in California, and no personal information

collected while the consumer was in California is sold” (1798.145(a)(6)). Despite this

apparent overreach into activity occurring in other states (which raises significant

Constitutional problems), the law only applies to companies “doing business in California.”

Due to the ambiguity of what qualifies as “doing business” in a state, many out-of-state

businesses have reluctantly complied with the law despite not having any employees or

property in California.

The law expressly says it is “not limited to information collected electronically or over the

Internet[; the law applies] to the collection and sale of all personal information collected by

a business from consumers” (1798.175). Thus, the law applies equally to online and offline

businesses that collect personal information. The DOJ estimated that the CCPA applies to

up to 400,000 businesses in California, including many small- and medium-sized

businesses. See https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/ccpa-std399.pdf.

The law reaches so many small businesses because it covers any business that

“receives…the personal information of” 50k+ consumers, including the “receipt” of credit

cards and IP addresses. A business can clear that threshold with an average of 137 unique

credit card sales per day (14 sales/hour over a 10-hour business day)—which describes

many restaurants, coffee shops, pizzerias, frozen yogurt shops, and other low-revenue

retailers. Similarly, the law applies to any ad-supported website that “receives” an average

of 137 unique IP addresses per day, a tiny amount of traffic. While the ballot initiative

really targeted the data practices of Google and Facebook, the law counterintuitively treats

a local pizza shop the same as it treats Internet giants.

What is “Personal Information”?

The law applies to consumers’ “personal information.” “Consumers” are natural persons

who are California residents (1798.140(g)), including customers, prospective customers,

employees/contractors, and business contacts (like vendor salespeople). In 2019, the

California legislature excluded employees/business contacts from the law for a year; it may

temporarily renew this extension in 2020.

As with the GDPR, attempts to distinguish personal information from non-personal

information are likely to be under- or over-inclusive. The CCPA took the overinclusive

route. The law defines “personal information” as information that “identifies, relates to,

describes, is reasonably capable of being associated with, or could reasonably be linked,

directly or indirectly, with a particular consumer or household” (1798.140(o)). The statute

specifies many examples of personal information, including geolocation data, biometric

information, and olfactory information. The reference to “household,” an undefined term not

in the GDPR, creates numerous potential problems, but the regulations mostly ameliorated

those concerns.

Because computer scientists are clever about reidentification and combining datasets, what

data isn’t reasonably capable of being associated with a particular consumer? For example,

standing alone, a person’s gender isn’t a unique identifier; it only narrows the potential pool

367.

of people who might be that individual by roughly half. However, knowing a person’s

birthdate, zip code and gender allows the accurate unique identification of 87% of the

population. So the CCPA likely treats gender information—standing alone—as “personal

information” because it is “reasonably capable of being associated with” a particular

consumer when combined with other datasets. Applying the same logic to other data types,

it’s likely that all data about individuals possessed by a business qualifies as “personal

information.”

“Personal information” excludes “information that is lawfully made available from federal,

state, or local government records” (1798.140(o)(2)) and “consumer information that is

deidentified or in the aggregate consumer information” (1798.145(a)(5)). However, it’s

unclear if data can be sufficiently deidentified or aggregated to satisfy the statutory

standards; and the scope of the government records exception also remains unclear.

The CCPA categorically does not apply when other specified privacy laws apply, such as

information covered by Health Insurance Portability and Accountability Act of 1996

(1798.145(c)(1)), Fair Credit Reporting Act (1798.145(d)), Gramm-Leach-Bliley Act

(1798.145(e)), Driver’s Privacy Protection Act of 1994 (1798.145(f)), and more.

Consumer Rights Created by the Law

The CCPA provides six consumer rights:

1) and 2) “Right to Know” and Right of Data Portability

The CCPA lets consumers learn about businesses’ data practices (both online and offline).

Businesses are required to make disclosures about their generic collection practices

(1798.100) and their data sales or transfers (1798.115). Upon request, businesses must also

disclose the specific categories of personal information they have collected from the

consumer and the “specific pieces of personal information it has collected about that

consumer,” in a portable format (1798.110). The CCPA has detailed requirements for

privacy policies (especially 1798.130(a)(5)), and the regulations add many more

requirements. For example, web pages containing the statutory disclosures must comply

with W3C accessibility standards.

These rights create mechanisms that could help malefactors illegitimately obtain highly

valuable consumer data. To prevent this outcome, the CCPA required the DOJ to define

what constitutes a “verifiable consumer request.” (1798.140(y)). The DOJ mostly told

businesses to figure it out, saying that “determining the appropriate verification standard

is fact- and scenario-specific” and providing a multi-factor test for businesses to ponder. As

a result, businesses often must individually assess each verification request, a process that

is not scalable for businesses receiving many requests.

To ease the burden slightly, the DOJ provided some categorical rules:

 A business can decline a request when it can’t reasonably verify the consumer.

 Password-protected accounts often qualify as reliable verifiers.

368.

 For consumers’ requests to know the categories of information collected about them,

businesses may match “at least two data points provided by the consumer with data

points maintained by the business.”

 For consumers’ requests to know their specific data, businesses may match 3 data

points with their records and require consumers to sign a declaration of identity

under penalty of perjury. The “penalty of perjury” sounds serious, but unless the

DOJ actually prosecutes perjured declarations, it’s an empty threat. For deletion

requests (as opposed to right to know requests), the DOJ says businesses should

decide between requiring 2- or 3-data point matches depending “on the sensitivity of

the personal information and the risk of harm to the consumer posed by

unauthorized deletion.”

 In commentary, the DOJ said that businesses can require consumers to obtain

notarization only if the business covers the notary costs.

3) Erasure Right (1798.105). Upon a consumer’s request, a business shall delete any

personal information about the consumer that the business collected from the consumer.

Businesses can refuse deletion requests when it “is necessary for the business or service

provider to maintain the consumer’s personal information” to: (1) complete the transaction

or a reasonably anticipated transaction, (2) find, prevent, or prosecute security breaches or

illegal activity, (3) “Debug to identify and repair errors that impair existing intended

functionality,” (4) exercise free speech (of the business or a third party) or “exercise another

right provided for by law,” (5) comply with the California ECPA, (6) engage in certain types

of research in limited cases, (7) “enable solely internal uses that are reasonably aligned

with the expectations of the consumer based on the consumer’s relationship with the

business,” (8) comply with a legal obligation, or (9) “Otherwise use the consumer’s personal

information, internally, in a lawful manner that is compatible with the context in which the

consumer provided the information.”

4) Right to Say “No” to Data Sales

Consumers can control businesses’ ability to sell their data:

 Opt-Out of Data Sales (1798.120(a)). Consumers can opt-out of sales of their

personal information, and the business can’t ask them to reconsider for at least 12

months (1798.135(a)(5)) with limited exceptions specified in the regulations.

 Opt-In for Data Sales Related to Minors (1798.120(d)). A business that knows (or

“willfully disregards” the consumer’s age) personal information related to consumers

under 16 may not sell the personal information unless the consumer (ages 13-15) or

parent/guardian (under 13) opts-in.

 Opt-Out of Third-Party Data Resales (1798.115(d)). “A third party shall not sell

personal information about a consumer that has been sold to the third party by a

business unless the consumer has received explicit notice and is provided an

opportunity to exercise the right to opt out.”

 Specifications for Disclosing Opt-Out of Data Sales (1798.135). If a business sells

personal information, then it must “[p]rovide a clear and conspicuous link on the

business’ Internet homepage, titled ‘Do Not Sell My Personal Information,’ to an

369.

Internet Web page that enables a consumer, or a person authorized by the

consumer, to opt out of the sale of the consumer’s personal information.”

The CCPA defines “sale” broadly to include any disclosure from one business to another “for

monetary or other valuable consideration” (1798.140(t)(1)). Due to the ambiguous meaning

of “other valuable consideration,” the law potentially applies to many legitimate activities

and data transfers that are not straight cash-for-data.

5) Non-Discrimination Provisions (1798.125).

“A business shall not discriminate against a consumer because the consumer exercised any

of the consumer’s rights under this title,” though a business may charge “a consumer a

different price or rate, or [provide] a different level or quality of goods or services to the

consumer, if that difference is reasonably related to the value provided to the consumer by

the consumer’s data.” Businesses may offer “financial incentives” (circularly defined as “a

program, benefit, or other offering, including payments to consumers, related to the

collection, retention, or sale of personal information”) to compensate for the collection, sale

or deletion of data, but not if the financial incentives are “unjust, unreasonable, coercive, or

usurious in nature.” The regulations provide numerous formulas to value data for justifying

any price or service discrimination.

6) Private Right of Action for Data Breaches.

The law creates a private cause of action when “nonencrypted or nonredacted personal

information…is subject to an unauthorized access and exfiltration, theft, or disclosure as a

result of the business’ violation of the duty to implement and maintain reasonable security

procedures and practices appropriate to the nature of the information to protect the

personal information” (1798.150). In those cases, consumers may obtain the greater of

actual damages or statutory damages within a range of $100-$750 “per consumer per

incident.” To proceed with the private cause of action, consumers must first give the

defendant a 30 day cure period; and if the business is able to cure the problem (whatever

“cure” means in the context of a data theft), statutory damages become unavailable.

”User-Enabled Global Privacy Controls”

The regulations added a provision (not in the statute) requiring businesses to honor “user-

enabled global privacy controls,” defined as signals communicated through browser

software or plug-ins indicating that consumers want to opt-out of data sales. This

technology does not exist today; the DOJ speculated that it might emerge in the future.

This provision has numerous serious unresolved issues:

 How to interpret the signals when multiple consumers share the same browser

software.

 How businesses can determine that new technology constitutes user-enabled privacy

controls. The DOJ does not certify software as satisfying the legal standard, so

businesses are supposed to figure it out themselves. There may be thousands of

software programs and apps that might qualify, and monitoring all of them—on the

370.

off-chance that they suddenly became a “user-enabled global privacy control”—will

be costly and overwhelming for even technologically sophisticated businesses.

 How the technology will be granular enough to effectuate the consumer’s opt-out

intent. If a consumer globally sends the opt-out signal to all websites, this will likely

lead (due to the overinclusive definition of data sales) to unexpected consequences,

such as losing access to key services the consumer actually wants.

Because the technology does not currently exist, most businesses are likely to ignore this

provision until the DOJ makes further public announcements.

Transparency Reports

In another provision newly added in the regulations, a business that “buys, receives for the

business’s commercial purposes, sells, or shares for commercial purposes” personal

information for 10+ million California consumers in a calendar year must publish a

transparency report about certain types of consumer requests and their processing times

and decisions. The DOJ claimed that these transparency reports will help it with

enforcement priorities and provide valuable data to researchers, though those benefits

remain highly speculative and come at a substantial cost to complying businesses.

Who Can Enforce the CCPA?

Other than consumers’ private right of action for data breaches, the law does not allow for

private causes of action (1798.150(c)), either directly or through indirect means like

California Business & Professions Code § 17200, which ordinarily creates a civil claim for

legal violations. Plaintiffs are testing this restriction in court.

Except for data breaches, the law can be enforced only by the California Attorney General’s

office (1798.155), and only after giving businesses a 30 day cure period (1798.155(b)). Civil

penalties can run up to $2,500 “per violation,” though if violations are intentional, the cap

increases to $7,500 per violation (1798.155(b)).

The Future

The CCPA continues to evolve dynamically. The California legislature will likely enact

additional amendments in 2020. The DOJ will begin enforcing the law, which will signal its

enforcement priorities. Some of those enforcements may spill over into court, though

contested enforcements will be rare because most businesses will correct violations in the

30-day cure period or strike a deal with the DOJ. There could also be prospective challenges

to the law, but that seems unlikely.

The November 2020 ballot will include a new ballot initiative, the California Privacy Rights

Act of 2020 (CPRA), from the same team that funded the CCPA ballot initiative. Yes, before

we know how the CCPA works, and while we are in the middle of a pandemic and a related

economic depression that is already devastating small- and medium-sized businesses and

the California economy, and while we are focusing on a presidential election with massive

stakes for our country, the ballot proponents think it’s a great time to abandon the CCPA

“experiment,” waste a ton of investments that have been already made by both

371.

governments and businesses to accommodate the CCPA, create a brand new government

agency from scratch, and make significant parts of consumer privacy law impossible to

superintend except through additional ballot initiatives. This decision to pursue a new

initiative before the CCPA even became effective is a profound rejection of legislative

governance. It also disrespects the hard work and significant expense that businesses

invested to jump through the CCPA’s onerous hoops.

Whether or not CPRA passes, the future of privacy regulation seems more dystopian than

promising. The CCPA is problematic on its own. When other legislatures clone-and-revise

it, the ensuing multi-state regulatory thicket will be overwhelming. Plus, there could be

further privacy-related California ballot initiatives post-CPRA–which could create a

perpetually moving target and a usurpation of legislative governance.

As a result, preemptive federal legislation is the only remaining path to achieve sensible

consumer privacy regulation. Unfortunately, Congress has a full docket of structural

problems to address, so it’s likely we’ll see more terrible privacy regulatory outcomes before

Congress prioritizes solving the privacy regulatory challenge for the country.

372.

There are thousands of online privacy cases, and this book includes only one. Obviously the

Pharmatrak case is not everything you need to know about online privacy. Indeed, the

specific legal holding involving the Electronic Communications Privacy Act isn’t especially

crucial.

Although the technology discussed in this case has evolved some, the tracking

methodologies described are still commonly used. See Winston Smith v. Facebook, Inc.,

5:16-cv-01282-EJD (N.D. Cal. May 9, 2017),

http://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=2481&context=historical

(granting Facebook’s motion to dismiss in a lawsuit very similar to the Pharmatrak case).

If you’re not an expert on cookies, before you read this case, take a look at what cookies are

on your computer. If you don’t know how to do that, this URL can help:

http://www.wikihow.com/View-Cookies. If you’ve never reviewed your cookies before, you

are almost certainly in for a surprise!

In re Pharmatrak, Inc., 329 F.3d 9 (1st Cir. 2003).

This case raises important questions about the scope of privacy protection afforded internet

users under the Electronic Communications Privacy Act of 1986 (ECPA), 18 U.S.C. §§ 2511,

2520.

In sum, pharmaceutical companies invited users to visit their websites to learn about their

drugs and to obtain rebates. An enterprising company, Pharmatrak, sold a service, called

“NETcompare,” to these pharmaceutical companies. That service accessed information

about the internet users and collected certain information meant to permit the

pharmaceutical companies to do intra-industry comparisons of website traffic and usage.

Most of the pharmaceutical companies were emphatic that they did not want personal or

identifying data about their web site users to be collected. In connection with their

contracting to use NETcompare, they sought and received assurances from Pharmatrak

that such data collection would not occur. As it turned out, some such personal and

identifying data was found, using easily customized search programs, on Pharmatrak’s

computers. Plaintiffs, on behalf of the purported class of internet users whose data

Pharmatrak collected, sued both Pharmatrak and the pharmaceutical companies asserting,

inter alia, that they intercepted electronic communications without consent, in violation of

the ECPA.

The district court entered summary judgment for defendants on the basis that

Pharmatrak’s activities fell within an exception to the statute where one party consents to

an interception. The court found the client pharmaceutical companies had consented by

contracting with Pharmatrak and so this protected Pharmatrak. The plaintiffs dismissed

all ECPA claims as to the pharmaceutical companies. This appeal concerns only the claim

that Pharmatrak violated Title I of the ECPA.

We hold that the district court incorrectly interpreted the “consent” exception to the ECPA;

we also hold that Pharmatrak “intercepted” the communication under the statute. We

reverse and remand for further proceedings. This does not mean that plaintiffs’ case will

prevail: there remain issues which should be addressed on remand, particularly as to

whether defendant’s conduct was intentional within the meaning of the ECPA.

373.

I.

Pharmatrak provided its NETcompare service to pharmaceutical companies including

American Home Products, Pharmacia, SmithKline Beecham, Pfizer, and Novartis from

approximately June 1998 to November 2000. The pharmaceutical clients terminated their

contracts with Pharmatrak shortly after this lawsuit was filed in August 2000. As a result,

Pharmatrak was forced to cease its operations by December 1, 2000.

NETcompare was marketed as a tool that would allow a company to compare traffic on and

usage of different parts of its website with the same information from its competitors’

websites. The key advantage of NETcompare over off-the-shelf software was its capacity to

allow each client to compare its performance with that of other clients from the same

industry.

NETcompare was designed to record the webpages a user viewed at clients’ websites; how

long the user spent on each webpage; the visitor’s path through the site (including her

points of entry and exit); the visitor’s IP address; and, for later versions, the webpage the

user viewed immediately before arriving at the client’s site (i.e., the “referrer URL”). This

information-gathering was not visible to users of the pharmaceutical clients’ websites.

According to Wes Sonnenreich, former Chief Technology Officer of Pharmatrak, and

Timothy W. Macinta, former Managing Director for Technology of Pharmatrak,

NETcompare was not designed to collect any personal information whatsoever.

NETcompare operated as follows. A pharmaceutical client installed NETcompare by adding

five to ten lines of HTML code to each webpage it wished to track and configuring the pages

to interface with Pharmatrak’s technology. When a user visited the website of a

Pharmatrak client, Pharmatrak’s HTML code instructed the user’s computer to contact

Pharmatrak’s web server and retrieve from it a tiny, invisible graphic image known as a

“clear GIF” (or a “web bug”). The purpose of the clear GIF was to cause the user’s computer

to communicate directly with Pharmatrak’s web server. When the user’s computer

requested the clear GIF, Pharmatrak’s web servers responded by either placing or accessing

a “persistent cookie” on the user’s computer. On a user’s first visit to a webpage monitored

by NETcompare, Pharmatrak’s servers would plant a cookie on the user’s computer. If the

user had already visited a NETcompare webpage, then Pharmatrak’s servers would access

the information on the existing cookie.

A cookie is a piece of information sent by a web server to a web browser that the browser

software is expected to save and to send back whenever the browser makes additional

requests of the server (such as when the user visits additional webpages at the same or

related sites). A persistent cookie is one that does not expire at the end of an online session.

Cookies are widely used on the internet by reputable websites to promote convenience and

customization. Cookies often store user preferences, login and registration information, or

information related to an online “shopping cart.” Cookies may also contain unique

identifiers that allow a website to differentiate among users.

Each Pharmatrak cookie contained a unique alphanumeric identifier that allowed

Pharmatrak to track a user as she navigated through a client’s site and to identify a repeat

user each time she visited clients’ sites. If a person visited www.pfizer.com in June 2000

374.

and www.pharmacia.com in July 2000, for example, then the persistent cookie on her

computer would indicate to Pharmatrak that the same computer had been used to visit both

sites.5 As NETcompare tracked a user through a website, it used JavaScript and a

JavaApplet to record information such as the URLs the user visited. This data was recorded

on the access logs of Pharmatrak’s web servers.

[Editor’s note: consider if the following diagram helps you visualize the interactions:]

Pharmatrak sent monthly reports to its clients juxtaposing the data collected by

NETcompare about all pharmaceutical clients. These reports covered topics such as the

most heavily used parts of a particular site; which site was receiving the most hits in

particular areas such as investor or media relations; and the most important links to a site.

The monthly reports did not contain any personally identifiable information about users.

The only information provided by Pharmatrak to clients about their users and traffic was

contained in the reports (and executive summaries thereof). Slides from a Pharmatrak

marketing presentation did say the company would break data out into categories and

provide “user profiles.” In practice, the aggregate demographic information in the reports

was limited to the percentages of users from different countries; the percentages of users

with different domain extensions (i.e., the percentages of users originating from for-profit,

government, academic, or other not-for-profit organizations); and the percentages of first-

time versus repeat users. An example of a NETcompare “user profile” is: “The average

Novartis visitor is a first-time visitor from the U.S., visiting from a .com domain.”

5 Pharmatrak’s cookies expired after ninety days.

Customers PharmatrakHTML code

Data

Data

Clear GIF Cookie

Javascript

HTML/ Content

Web users

First Access

Customers PharmatrakHTML codeCustomers PharmatrakHTML code

Data

Data

Data

Data

Clear GIF Cookie

Javascript

HTML/ Content

Clear GIF Cookie

Javascript

HTML/ Content

Web users

First Access

Web users

First Access

375.

While it was marketing NETcompare to prospective pharmaceutical clients, Pharmatrak

repeatedly told them that NETcompare did not collect personally identifiable information.

It said its technology could not collect personal information, and specifically provided that

the information it gathered could not be used to identify particular users by name. In their

affidavits and depositions, executives of Pharmatrak clients consistently said that they

believed NETcompare did not collect personal information, and that they did not learn

otherwise until the onset of litigation. Some, if not all, pharmaceutical clients explicitly

conditioned their purchase of NETcompare on Pharmatrak’s guarantees that it would not

collect users’ personal information. For example, Pharmacia’s April 2000 contract with

Pharmatrak provided that NETcompare would not collect personally identifiable

information from users. Michael Sonnenreich, Chief Executive Officer of Pharmatrak,

stated unequivocally at his deposition that none of his company’s clients consented to the

collection of personally identifiable information.

Pharmatrak nevertheless collected some personal information on a small number of users.

Pharmatrak distributed approximately 18.7 million persistent cookies through

NETcompare. The number of unique cookies provides a rough estimate of the number of

users Pharmatrak monitored.9 Plaintiffs’ expert was able to develop individual profiles for

just 232 users.

The following personal information was found on Pharmatrak servers: names, addresses,

telephone numbers, email addresses, dates of birth, genders, insurance statuses, education

levels, occupations, medical conditions, medications, and reasons for visiting the particular

website. Pharmatrak also occasionally recorded the subject, sender, and date of the web-

based email message a user was reading immediately prior to visiting the website of a

Pharmatrak client. Most of the individual profiles assembled by plaintiffs’ expert contain

some but not all of this information.

The personal information in 197 of the 232 user profiles was recorded due to an interaction

between NETcompare and computer code written by one pharmaceutical client, Pharmacia,

for one of its webpages. Starting on or before August 18, 2000 and ending sometime

between December 2, 2000 and February 6, 2001, the client Pharmacia used the “get”

method to transmit information from a rebate form on its Detrol website; the webpage was

subsequently modified to use the “post” method of transmission. This was the source of the

personal information collected by Pharmatrak from users of the Detrol website.

Web servers use two methods to transmit information entered into online forms: the get

method and the post method. The get method is generally used for short forms such as the

“Search” box at Yahoo! and other online search engines. The post method is normally used

for longer forms and forms soliciting private information. When a server uses the get

method, the information entered into the online form becomes appended to the next URL.

For example, if a user enters “respiratory problems” into the query box at a search engine,

and the search engine transmits this information using the get method, then the words

“respiratory” and “problems” will be appended to the query string at the end of the URL of

the webpage showing the search results. By contrast, if a website transmits information via

9 Different users might have the same cookie (if, say, family members shared a computer and browser) or one

user might have multiple cookies (if, for example, he used separate work and home computers to visit sites

employing NETcompare, or if he revisited a NETcompare site after his first cookie expired).

376.

the post method, then that information does not appear in the URL. Since NETcompare

was designed to record the full URLs of the webpages a user viewed immediately before and

during a visit to a client’s site, Pharmatrak recorded personal information transmitted

using the get method.

There is no evidence Pharmatrak instructed its clients not to use the get method. The

detailed installation instructions Pharmatrak provided to pharmaceutical clients ignore

entirely the issue of the different transmission methods.

In addition to the problem at the Detrol website, there was also another instance in which a

pharmaceutical client used the get method to transmit personal information entered into an

online form. The other personal information on Pharmatrak’s servers was recorded as a

result of software errors. These errors were a bug in a popular email program (reported in

May 2001 and subsequently fixed) and an aberrant web browser.

II.

On June 28, 2001, plaintiffs filed an amended consolidated class action complaint13 against

Pharmatrak; its parent company, Glocal Communications, Ltd.; and five pharmaceutical

companies: American Home Products Corp., Glaxo Wellcome, Inc., Pfizer, Inc., Pharmacia

Corp., and SmithKline Beecham Corp. Plaintiffs alleged nine counts including violation of

Title I of the ECPA, 18 U.S.C. § 2510 et seq.; violation of Title II of the ECPA, 18 U.S.C.

2701 et seq.; violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030; violation of

Mass. Gen. Laws ch. 272, § 99; violation of Mass. Gen. Laws ch. 93A; invasion of privacy;

trespass to chattels and conversion; and unjust enrichment….

The plaintiffs employed computer scientist C. Matthew Curtin and his company, Interhack,

to analyze Pharmatrak’s servers between December 17, 2001 and January 18, 2002. In

about an hour, Curtin wrote three custom computer programs, including “getneedle.pl,” to

extract and organize personal information on Pharmatrak’s web server access logs, which

he “colloquially termed ‘haystacks.’” Curtin then cross-referenced the information he

extracted with other sources such as internet telephone books….

III….

B. Elements of the ECPA Cause of Action

ECPA amended the Federal Wiretap Act by extending to data and electronic transmissions

the same protection already afforded to oral and wire communications. The paramount

objective of the Wiretap Act is to protect effectively the privacy of communications.

The post-ECPA Wiretap Act provides a private right of action against one who

“intentionally intercepts, endeavors to intercept, or procures any other person to intercept

13 Originally, eight lawsuits were filed in the District of Massachusetts and the Southern District of New York.

The two lawsuits in the District of Massachusetts were filed on August 18, 2000. On April 18, 2001, the Judicial

Panel on Multi-District Litigation issued an order transferring the six New York cases to the District of

Massachusetts. The purported class, which has never been certified, consists of all persons who visited one of

the defendants’ websites “and who, as a result thereof, have had Pharmatrak ‘cookies’ placed upon their

computers and have had information about them gathered by Pharmatrak.”

377.

or endeavor to intercept, any wire, oral, or electronic communication.” The Wiretap Act

defines “intercept” as “the aural or other acquisition of the contents of any wire, electronic,

or oral communication through the use of any electronic, mechanical, or other device.”

Thus, plaintiffs must show five elements to make their claim under Title I of the ECPA:

that a defendant (1) intentionally (2) intercepted, endeavored to intercept or procured

another person to intercept or endeavor to intercept (3) the contents of (4) an electronic

communication (5) using a device. This showing is subject to certain statutory exceptions,

such as consent.

In its trial and appellate court briefs, Pharmatrak sought summary judgment on only one

element of § 2511(1)(a), interception, as well as on the statutory consent exception. We

address these issues below. Pharmatrak has not contested whether it used a device or

obtained the contents of an electronic communication. This is appropriate. The ECPA

adopts a “broad, functional” definition of an electronic communication. This definition

includes “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any

nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectric, or

photooptical system that affects interstate or foreign commerce,” with certain exceptions

unrelated to this case. Transmissions of completed online forms, such as the one at

Pharmacia’s Detrol website, to the pharmaceutical defendants constitute electronic

communications.

The ECPA also says that “‘contents,’ when used with respect to any wire, oral, or electronic

communication, includes any information concerning the substance, purport, or meaning of

that communication.” This definition encompasses personally identifiable information such

as a party’s name, date of birth, and medical condition. Finally, it is clear that Pharmatrak

relied on devices such as its web servers to capture information from users.

C. Consent Exception

There is a pertinent statutory exception to § 2511(1)(a) “where one of the parties to the

communication has given prior consent to such interception unless such communication is

intercepted for the purpose of committing any criminal or tortious act....” Plaintiffs, of

course, bear the burden of establishing a violation of the ECPA. Our case law is unclear as

to who has the burden of showing the statutory exception for consent….We think, at least

for the consent exception under the ECPA in civil cases, that it makes more sense to place

the burden of showing consent on the party seeking the benefit of the exception, and so

hold. That party is more likely to have evidence pertinent to the issue of consent. Plaintiffs

do not allege that Pharmatrak acted with a criminal or tortious purpose. Therefore, the

question under the exception is limited to whether the pharmaceutical defendants gave

consent to the interception. Because the district court disposed of the case on the grounds

that Pharmatrak’s conduct fell within the consent exception, we start there.

The district court adopted Pharmatrak’s argument that the only relevant inquiry is

whether the pharmaceutical companies consented to use Pharmatrak’s NETcompare

service, regardless of how the service eventually operated. In doing so, the district court did

not apply this circuit’s general standards for consent under the Wiretap Act and the ECPA

set forth in Griggs-Ryan, 904 F.2d 112. It also misread two district court opinions on which

it purported to rely.

378.

This court addressed the issue of consent under the Wiretap Act in Griggs-Ryan. A party

may consent to the interception of only part of a communication or to the interception of

only a subset of its communications. “Thus, ‘a reviewing court must inquire into the

dimensions of the consent and then ascertain whether the interception exceeded those

boundaries.’” Consent may be explicit or implied, but it must be actual consent rather than

constructive consent. Pharmatrak argues that it had implied consent from the

pharmaceutical companies.

Consent “should not casually be inferred.” “Without actual notice, consent can only be

implied when the surrounding circumstances convincingly show that the party knew about

and consented to the interception.”

The district court made an error of law, urged on it by Pharmatrak, as to what constitutes

consent. It did not apply the standards of this circuit. Moreover, DoubleClick and Avenue A

do not set up a rule, contrary to the district court’s reading of them, that a consent to

interception can be inferred from the mere purchase of a service, regardless of

circumstances. If these cases did so hold, they would be contrary to the rule of this circuit

established in Griggs-Ryan. DoubleClick and Avenue A, rather, were concerned with

situations in which the defendant companies’ clients purchased their services for the

precise purpose of creating individual user profiles in order to target those users for

particular advertisements. This very purpose was announced by DoubleClick and Avenue A

publicly, as well as being self-evident. These decisions found it would be unreasonable to

infer that the clients had not consented merely because they might not understand

precisely how the user demographics were collected. The facts in our case are the mirror

image of those in DoubleClick and Avenue A: the pharmaceutical clients insisted there be

no collection of personal data and the circumstances permit no reasonable inference that

they did consent.

On the undisputed facts, the client pharmaceutical companies did not give the requisite

consent. The pharmaceutical clients sought and received assurances from Pharmatrak that

its NETcompare service did not and could not collect personally identifiable information.

Far from consenting to the collection of personally identifiable information, the

pharmaceutical clients explicitly conditioned their purchase of NETcompare on the fact

that it would not collect such information.

The interpretation urged by Pharmatrak would, we think, lead to results inconsistent with

the statutory intent. It would undercut efforts by one party to a contract to require that the

privacy interests of those who electronically communicate with it be protected by the other

party to the contract. It also would lead to irrational results. Suppose Pharmatrak, for

example, had intentionally designed its software, contrary to its representations and its

clients’ expectations, to redirect all possible personal information to Pharmatrak servers,

which collected and mined the data. Under the district court’s approach, Pharmatrak would

nevertheless be insulated against liability under the ECPA on the theory that the

pharmaceutical companies had “consented” by simply buying Pharmatrak’s product. Or

suppose an internet service provider received a parent’s consent solely to monitor a child’s

internet usage for attempts to access sexually explicit sites—but the ISP installed code that

monitored, recorded and cataloged all internet usage by parent and child alike. Under the

theory we have rejected, the ISP would not be liable under the ECPA.

379.

Nor did the users consent. On the undisputed facts, it is clear that the internet user did not

consent to Pharmatrak’s accessing his or her communication with the pharmaceutical

companies. The pharmaceutical companies’ websites gave no indication that use meant

consent to collection of personal information by a third party. Rather, Pharmatrak’s

involvement was meant to be invisible to the user, and it was. Deficient notice will almost

always defeat a claim of implied consent. Pharmatrak makes a frivolous argument that the

internet users visiting client Pharmacia’s webpage for rebates on Detrol thereby consented

to Pharmatrak’s intercepting their personal information. On that theory, every online

communication would provide consent to interception by a third party.

D. Interception Requirement

The parties briefed to the district court the question of whether Pharmatrak had

“intercepted” electronic communications. If this question could be resolved in Pharmatrak’s

favor, that would provide a ground for affirmance of the summary judgment. It cannot be

answered in favor of Pharmatrak.

The ECPA prohibits only “interceptions” of electronic communications. “Intercept” is

defined as “the aural or other acquisition of the contents of any wire, electronic, or oral

communication through the use of any electronic, mechanical, or other device.”

Before enactment of the ECPA, some courts had narrowed the Wiretap Act’s definition of

interception to include only acquisitions of a communication contemporaneous with

transmission. There was a resulting debate about whether the ECPA should be similarly

restricted….Other circuits have invoked the contemporaneous, or “real-time,” requirement

to exclude acquisitions apparently made a substantial amount of time after material was

put into electronic storage. These circuits have distinguished between materials acquired in

transit, which are interceptions, and those acquired from storage, which purportedly are

not.

We share the concern of the Ninth and Eleventh Circuits about the judicial interpretation

of a statute written prior to the widespread usage of the internet and the World Wide Web

in a case involving purported interceptions of online communications. In particular, the

storage-transit dichotomy adopted by earlier courts may be less than apt to address current

problems. As one court recently observed, “[T]echnology has, to some extent, overtaken

language. Traveling the internet, electronic communications are often—perhaps

constantly—both ‘in transit’ and ‘in storage’ simultaneously, a linguistic but not a

technological paradox.”

The facts here do not require us to enter the debate over the existence of a real-time

requirement. The acquisition by Pharmatrak was contemporaneous with the transmission

by the internet users to the pharmaceutical companies. Both Curtin, the plaintiffs’ expert,

and Wes Sonnenreich, Pharmatrak’s former CTO, observed that users communicated

simultaneously with the pharmaceutical client’s web server and with Pharmatrak’s web

server. After the user’s personal information was transmitted using the get method, both

the pharmaceutical client’s server and Pharmatrak’s server contributed content for the

succeeding webpage; as both Curtin and Wes Sonnenreich acknowledged, Pharmatrak’s

content (the clear GIF that enabled the interception) sometimes arrived before the content

delivered by the pharmaceutical clients.

380.

Even those courts that narrowly read “interception” would find that Pharmatrak’s

acquisition was an interception. For example, Steiger observes:

[U]nder the narrow reading of the Wiretap Act we adopt ..., very few seizures

of electronic communications from computers will constitute ‘interceptions.’ ...

‘Therefore, unless some type of automatic routing software is used (for

example, a duplicate of all of an employee’s messages are automatically sent

to the employee’s boss), interception of E-mail within the prohibition of [the

Wiretap Act] is virtually impossible.’

NETcompare was effectively an automatic routing program. It was code that automatically

duplicated part of the communication between a user and a pharmaceutical client and sent

this information to a third party (Pharmatrak).

Pharmatrak argues that there was no interception because “there were always two

separate communications: one between the Web user and the Pharmaceutical Client, and

the other between the Web user and Pharmatrak.” This argument fails for two reasons.

First, as a matter of law, even the circuits adopting a narrow reading of the Wiretap Act

merely require that the acquisition occur at the same time as the transmission; they do not

require that the acquisition somehow constitute the same communication as the

transmission. Second, Pharmatrak acquired the same URL query string (sometimes

containing personal information) exchanged as part of the communication between the

pharmaceutical client and the user. Separate, but simultaneous and identical,

communications satisfy even the strictest real-time requirement.

E. Intent Requirement

At oral argument this court questioned the parties about whether the “intent” requirement

under § 2511(a)(1) had been met.

We remand this issue because it was not squarely addressed by both parties before the

district court. When Pharmatrak moved for summary judgment, it did not do so on the

grounds that the statutory requirement of intent was unmet. At most, it raised the issue in

passing at the hearing on the cross-motions for summary judgment.

Plaintiffs, in their motion for summary judgment, did raise the issue and argued that any

interception was intentional; but the district court neither granted the motion nor

addressed the issue. In its opposition to plaintiffs’ motion, Pharmatrak relied on its own

motion for summary judgment, and so did not address intent. The issue has not been

briefed to us.

While it is true that we can affirm the grant of summary judgment on any ground

presented by the record, we will usually do so only when the issue has been fairly presented

to the trial court. Here it was not, and we are reluctant to determine ourselves whether

there was adequate opportunity for discovery on this issue and whether there are material

facts in dispute, and to resolve an issue without briefing.

381.

Still, we wish to avoid uncertainty about the legal standard for intent under the ECPA on

remand, and so we address that point. Congress amended 18 U.S.C. § 2511 in 1986 to

change the state of mind requirement from “willful” to “intentional”. Since “intentional”

itself may have different glosses put on it, we refer to the legislative history, which states:

As used in the Electronic Communications Privacy Act, the term “intentional”

is narrower than the dictionary definition of “intentional.” “Intentional”

means more than that one voluntarily engaged in conduct or caused a result.

Such conduct or the causing of the result must have been the person’s

conscious objective. An “intentional” state of mind means that one’s state of

mind is intentional as to one’s conduct or the result of one’s conduct if such

conduct or result is one’s conscious objective. The intentional state of mind is

applicable only to conduct and results. Since one has no control over the

existence of circumstances, one cannot “intend” them.

S.Rep. No. 99-541, at 23 (1986). Congress made clear that the purpose of the amendment

was to underscore that inadvertent interceptions are not a basis for criminal or civil

liability under the ECPA. An act is not intentional if it is the product of inadvertence or

mistake. There is also authority suggesting that liability for intentionally engaging in

prohibited conduct does not turn on an assessment of the merit of a party’s motive. That is

not to say motive is entirely irrelevant in assessing intent. An interception may be more

likely to be intentional when it serves a party’s self-interest to engage in such conduct.

F. Conclusion

We reverse and remand for further proceedings consistent with this opinion.

NOTES AND QUESTIONS

What Went Wrong? Despite Pharmatrak’s technical efforts, it made the mistakes it tried

hard to avoid. If you had been Pharmatrak’s lawyer, what would you have done differently

to change the outcome?

Analytics Services. Today, the term “analytics” refers to the service of generating and

reporting user activity statistics. Pharmatrak was an analytics service. Because they

typically lack direct relationships with the users whose activities they measure, analytics

services continue to face legal exposure. See, e.g., Yershov v. Gannett Satellite Information

Network, Inc., 820 F.3d 482 (1st Cir. 2016) (suggesting that third party analytics for online

video content may violate the Video Privacy Protection Act).

Reidentification. “Reidentification” refers to the process of uniquely identifying individuals

based on combining seemingly anonymous bits of data. Reidentification is a well-known and

well-studied process in computer science, and the Pharmatrak plaintiffs’ expert engaged in

a fairly standard reidentification process.

Reidentification becomes easier as datasets grow in size. As the amount of data publicly

available on the Internet grows, keeping datasets anonymized becomes more challenging.

This is a primary reason why legal rules premised on distinguishing between “personally

identifiable” and “non-personally identifiable” information are doomed to collapse.

382.

What Would User Consent Look Like? How does the consent required to waive the ECPA’s

application differ from consent required to form a binding contract as discussed in Chapter

3? For example, if Pharmacia’s privacy policy indicated that it was using Pharmatrak’s

services, but the privacy policy wasn’t presented as a mandatory non-leaky clickthrough

agreement, would users have “consented” to Pharmatrak’s operations for ECPA purposes?

Consumer Harm? What harm, if any, was suffered by the 232 consumers whose data

Pharmatrak intercepted? See Eric Goldman, The Irony of Privacy Class Action Litigation,

10 J. TELECOMM. & HIGH TECH. L. 309 (2012), http://ssrn.com/abstract=2045909.

Consider this discussion involving a data security breach at Zappos.com:

Zappos’s servers were breached in January 2012. Plaintiffs allege that the

personal information of 24 million Zappos’s customers was stolen. Of those 24

million customers, only twelve are before the Court seeking damages against

Zappos. Of those twelve, only three determined that the increased threat of

identity theft and fraud was sufficiently severe to purchase credit monitoring

services. Of those three, not one alleges to have detected any irregularity

whatsoever in regards to unauthorized purchases or other manifestations

that their personal information has been misused. Yet Plaintiffs still claim

that the threat they face is immediate, though there is no indication when or

if that threat will materialize.

Given the stipulated stays and other delays in this case, the Court must

decide whether the alleged threat of future harm is properly considered

certainly impending three-and-a-half years after the breach occurred. Even if

Plaintiffs’ risk of identity theft and fraud was substantial and immediate in

2012, the passage of time without a single report from Plaintiffs that they in

fact suffered the harm they fear must mean something….

The Court therefore finds that the increased threat of identity theft and fraud

stemming from the Zappos’s security breach does not constitute an injury-in-

fact sufficient to confer standing. The years that have passed without

Plaintiffs making a single allegation of theft or fraud demonstrate that the

risk is not immediate.

In re Zappos.Com, Inc., Customer Data Security Breach Litigation, 108 F.Supp.3d 949 (D.

Nev. 2015). The Ninth Circuit reversed this ruling because standing is measured when the

complaint is filed. In re Zappos.com, Inc. Customer Data Security Breach Litigation, 888

F.3d 1020 (9th Cir. 2018). Nevertheless, if none of the 24 million class members actually

suffered any loss from the breach, why were the plaintiffs still pursuing this lawsuit years

later?

More on Article III Standing. In general, allegation of a statutory violation often

automatically creates Article III standing. Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016);

Campbell v. Facebook, 951 F.3d 1106 (9th Cir. 2020).

383.

In re Facebook, Inc., Internet Tracking Litigation, 956 F.3d 589 (9th Cir. 2020), extended

the Campbell ruling by holding that a plaintiff may satisfy Article III standing by showing

the consumer’s potential loss of control over his or her personal data or the defendant’s

commercialization of personal data.

Content v. Metadata. In In re Zynga Privacy Litigation, 750 F.3d 1098 (9th Cir. 2014), the

Ninth Circuit distinguished Pharmatrak:

the complaints here do not plausibly allege that Facebook and Zynga

divulged a user’s communications to a website; rather, they allege that

Facebook and Zynga divulged identification and address information

contained in a referer header automatically generated by the web browser.

Unlike the information disclosed in Pharmatrak, the information allegedly

disclosed by Facebook and Zynga is record information about a user’s

communication, not the communication itself. ECPA does not apply to such

disclosures.

The Ninth Circuit distinguished Zynga in In re Facebook, Inc., Internet Tracking

Litigation, 956 F.3d 589 (9th Cir. 2020):

Unlike the URLs in Zynga, which revealed only that a Facebook user had

clicked on a link to a gaming website, Plaintiffs allege that the URLs in the

instant case could emanate from search terms inputted into a third-party

search engine. These terms and the resulting URLs could divulge a user’s

personal interests, queries, and habits on third-party websites operating

outside of Facebook’s platform.

Denouement. On remand, the district court again dismissed the ECPA lawsuit because

Pharmatrak lacked the requisite intent. While Pharmatrak nominally won in court, it

faltered in the marketplace. As the court recounts, shortly after the plaintiffs sued

Pharmatrak, all of its customers dropped it and Pharmatrak went out of business. Even if

Pharmatrak could legally survive an ECPA challenge, its technological design remained a

“bet-your-business” issue for the company. What should Pharmatrak and its attorneys have

done differently? What should Pharmacia and its attorneys have done differently?

384.

X. Spam

Eric Goldman, Where’s the Beef? Dissecting Spam’s Purported Harms, 22 J.

MARSHALL J. COMPUTER & INFO. L. 13 (2003)

I. INTRODUCTION

[In 2003, Congress enacted] enacted a law regulating unsolicited commercial emails, the

Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the

“CAN-SPAM Act” or “CAN-SPAM”). CAN-SPAM follows significant state-based efforts to

regulate spam; from 1997 to 2003, nearly three quarters of the states adopted some spam

regulation, most of which are now preempted by CAN-SPAM.

CAN-SPAM, like the state laws preceding it, takes a multi-faceted approach to regulating

spam. Among other provisions, CAN-SPAM contains provisions that regulate the email

content, restrict specific notorious spammer practices, give spam recipients the ability to

opt-out, and attack the spammer’s funding by creating advertiser liability.

The diversity of regulatory approaches inherent in CAN-SPAM (and, before that, the

superseded state statutes) prompts a fundamental question: exactly what harms are caused

by spam that these regulations attempt to redress? There is no consensus answer to this

question. Just about everyone seems to agree that spam is a problem that needs to be

addressed, but no one seems to agree on why. Without clearly understanding the targeted

harms, policy-makers cannot craft regulations designed to fix them.

This Essay examines the purported harms caused by spam in an effort to isolate bona fide

areas needing legislative intervention. However, few such needs exist. Instead, most

purported harms are illusory, already adequately addressed by existing laws or best left to

market solutions. This analysis thus undercuts many of the purported justifications for

regulating spam.

II. DEFINING THE HARMS OF SPAM

A. Defining Spam

Any attempt to intelligently discuss spam is immediately hampered by the word’s

imprecision. Simply put, the term “spam” lacks a single well-accepted definition. Usually

“spam” refers to some form of unwanted email, although some users generalize the term to

describe all forms of unwanted advertising, both in email and other media. CAN-SPAM

defines “commercial electronic mail message” as “any electronic mail message the primary

purpose of which is the commercial advertisement or promotion of a commercial product or

service.” Building on this definition, this Essay refers to “spam” as unsolicited “commercial

electronic mail messages.” However, this definition is both under- and over-inclusive

because the definition includes emails recipients want and does not include all emails not

wanted by recipients, and thus it may not track recipient expectations.

385.

B. Spam is Annoying

1. Distinguishing Wanted and Unwanted Content

Many email recipients castigate spam as annoying, but the reasons why are less clear.

Some annoyance is attributable to the objectionable content in spam, a point addressed

infra in subsection II(D). Otherwise, the annoyance is based (among other factors) on the

unsolicited, high-volume, time-consuming or unpreventable nature of spam.

I believe these concerns all derive from the same source: spam is unwanted. A simple

example may illustrate this. Assume Jane is ready to purchase a Canon PowerShot S400

digital camera. An unsolicited email arrives in Jane’s in-box from a trustworthy retailer

that she has never transacted with. The retailer offers to sell her the camera for $100 less

than any other retailer. Is this spam?

Some recipients would say “yes” because the email is unsolicited or otherwise invades their

privacy. However, most email recipients would consider this email valuable instead of

annoying, in which case they would want this email because it will save them time and

money.

Perhaps this example gives us an important insight on the nature of spam. Email recipients

want email that saves money, saves time, educates on matters of interest, or is otherwise

relevant and helpful. Thus, many email recipients gladly would receive unsolicited emails

that meet those specifications. In contrast, email recipients are annoyed to receive a high

volume of irrelevant and unhelpful emails.

Unfortunately, frequently spam is irrelevant and unhelpful to recipients because it is

relatively untargeted. Like any other marketers, spam advertisers will pay for targeted

email lists that are more likely to yield higher results. However, the negligible marginal

cost of sending spam lowers the optimal level of targeting for spammers. Thus, spammers

can profitably use low-yield and untargeted practices such as email harvesting and

dictionary attacks.

Even though spammers can profitably send very-low relevance emails to lots of recipients,

not all spam is bad. Inevitably, some recipients will find a particular spam email helpful

and relevant. More specifically, recipients’ perceptions about each spam’s relevance usually

sort into a bell curve: some will find the email completely irrelevant, some will find the

email very relevant, and others will find the email somewhat relevant.

Some empirical data supports this analysis. Several recent surveys show that seven to eight

percent of those surveyed have purchased a product or service in response to spam and

approximately thirty percent of those surveyed have responded to spam to get more

information about the advertised product or service. While not high percentages, the

statistics seemingly contradict spam’s abysmal reputation. For recipients who responded to

spam (plus those who were educated but did not respond), the spam was relevant. For those

who purchased in response to a particular spam, that email helped the consumer find a

desired product or service at an acceptable price.

386.

We should not trivialize these consequences. Spam plays an important role in the

marketplace of ideas, perhaps filling gaps left by other media, and can contribute to

efficiently functioning economic markets. In some cases, spam creates transaction

opportunities that otherwise would not occur due to prohibitive search costs or lack of

consumer awareness about products available to solve their needs.

Of course, these conclusions do not change the fact that most spam is unwanted by most

recipients. However, it is unclear why individuals seem less tolerant of irrelevant spam

than irrelevant ads in other media. Consumers routinely tolerate irrelevant ads in other

media with less annoyance than they feel towards spam.

Let us consider ad relevancy in a few media, starting with billboards. Billboard ads target

viewers only by geography (if that), so they are fairly low-relevancy advertising tools,

meaning that most billboard ads will be irrelevant to most viewers.

The broadcast and newspaper media use differentiated content to segment consumers.

Thus, a TV show will appeal to a certain demographic, and newspapers divide their content

into topical sections (e.g. sports, business, metro) that are read by only some readers. This

segmentation means that ads can be targeted to consumers attracted by the surrounding

content. Nevertheless, even the most targeted content will appeal to multiple

demographics, so the associated ads will be less relevant to non-majority audience

segments.

In these other media like billboards, broadcasting and newspapers, consumers do not

vociferously demand regulation to minimize the irrelevancy of ads delivered through them.

Why do consumers feel differently about spam?

2. Sorting Spam Wastes Time

Perhaps recipients penalize spam because it takes time to sort irrelevant spam from

wanted emails. Sorting also creates the risk of Type I and Type II errors (i.e., legitimate

email gets tossed or blocked as spam, and objectionable spam gets through the sorting).

But once again, spam is not different from other media. Every medium that contains ads

requires consumers to sort ads from content and wanted ads from unwanted ads. For

example, sorting postal mail requires the recipient to evaluate the envelope’s exterior and,

in some cases, open and review the contents. Broadcast ads are even more difficult to sort,

because ads are interspersed with content and the viewer cannot reorder or skip the ads.

So while spam does require sorting time, recipients can manually sort email relatively

efficiently by reviewing subject lines, and many recipients develop good skills doing so.

Spam can also be automatically blocked without any manual sorting using email filters. As

a result, the amount of time “wasted” on the email sorting process may very well be less

than the time wasted in other media.

All media containing ads demand sorting time and create some risk of erroneous sorting,

and no regulatory scheme—other than banning a medium altogether—can eliminate that.

Instead, time lost to sorting is unavoidable in a media-based society, and spam is just one of

387.

many manifestations of that phenomenon. Thus, the explanation for recipients’ antipathy

towards spam must lie elsewhere.

3. Spam Causes Recipients to Lose Control of Their In-Boxes

Evidence suggests that many recipients are bothered by their inability to stop spam and

feel that spam is a loss of privacy. This suggests that recipient frustration with spam may

be the result of a feeling that recipients have lost control over their in-boxes.

However, once again this problem arises with other media. Recipients cannot stop spam

except by eliminating their email account altogether, but consumers of other media are

similarly powerless to change what ads are delivered in that medium except by

discontinuing use of that medium. For example, a newspaper or magazine reader cannot

control what ads are published; the reader’s only choices are to ignore unwanted ads or stop

reading the publication altogether. This argument holds true for broadcast media,

billboards, and junk mail as well.

Perhaps email can be distinguished from other media because it delivers more important

personal content to recipients than other media. Recipients seem to develop a special and

personal relationship with their in-box, and this explanation might offer an insight about

why telemarketing is so reviled. But this explanation is not totally satisfactory because it

does not explain the seeming dichotomy between the outrage over spam and comparative

tolerance of junk mail.

A more satisfying explanation can be found by considering the relative adoption curves of

spam and other media. We have had many years to develop ways to cope with ads in other

media, but we are still developing ways to cope with email ads. It seems likely that users

will improve their ability to manage email with more experience, at which point user

frustration should decrease. Meanwhile, new generations who grow up using email should

be more tolerant of spam because they will develop coping strategies for spam (and media

inputs generally) from an early age.

Thus, current annoyance with spam could merely reflect that user experience with email is

evolving. Robust email management tools also should reduce annoyance, and the current

annoyance may also reflect that those tools are not yet adequately deployed.

4. Conclusion on Annoyance

Unwanted emails are annoying, but minor annoyances are a fact of life, and no law can

eliminate them—from email or otherwise. Email recipients’ annoyance at spam appears to

be an overreaction when compared to their reactions to other forms of annoying ads.

Meanwhile, regulation of spam creates significant risk that some relevant emails will be

blocked from recipients who want them. It is troubling to regulate content to protect the

majority from minor annoyances if the consequence is preventing minority interests from

exchanging relevant content.

388.

C. Spammers Impose Costs on Third Parties

As it moves from sender to recipient, spam generates bandwidth and server processing

costs for the spammer’s IAP, the recipient and the recipient’s IAP. Depending on a

spammer’s practices, they can also impose some costs on unsuspecting third parties, such

as server operators with open mail relays and or whose domains are forged. We consider

each cost in turn.

1. The Spammer’s IAP

The spammer and its IAP have contractual privity, and the IAP can technologically

constrain the spammer’s activities (i.e. capping the quantity of emails sent). As a result, a

spammer’s IAP has the capacity to charge spammers for any spam-related costs, and there

are no obvious market failures that require regulatory protection for the spammer’s IAP.

2. Recipients and Their IAPs

It is frequently claimed that recipients pay to receive spam, and sometimes spam is likened

to junk mail sent with postage due. With respect to individuals with a consumer IAP

account, this claim is no longer accurate. It was true prior to the mid-1990s, when many

IAPs charged customers a time-based fee for Internet connectivity. Because each email took

some time to download, recipients paid a small fee for each email they received. Today,

consumer IAPs almost universally charge flat-rate pricing for unlimited usage, so consumer

recipients do not pay for each email received.

However, recipient IAPs bear some bandwidth and server processing costs for each email

they process, plus preventative costs (like filtering) and remediation costs (like blocking or

database repair) associated with pernicious email. Unlike the spammer’s IAP, the

recipient’s IAP has no contractual privity or technological relationship with the spammer.

And where corporations provide Internet connectivity to their employees, they incur these

costs as a recipient directly. As a result, recipient IAPs and corporations may benefit from

legal systems that allow them to pass those costs back to spammers or avoid the costs

altogether.

Until recently, common law trespass to chattels was an important legal mechanism to

accomplish that objective. However, in Intel Corp. v. Hamidi, the California Supreme Court

recently scaled the doctrine back, rejecting trespass to chattels when a low-volume

spammer’s emails did not threaten to impair (or actually impair) the functioning of Intel’s

systems. It remains unclear how subsequent courts will interpret Intel, but in all likelihood

some future spammers will avoid liability for trespass to chattels.

Irrespective of trespass to chattels, corporations and recipient IAPs can use, and have

successfully used, the Computer Fraud and Abuse Act (“CFAA”) to combat spam. CAN-

SPAM supplements the CFAA (and whatever is left of common law trespass to chattels) by

providing recipient IAPs a direct cause of action when the IAP is “adversely affected” by a

spammer who fails to comply with selected other provisions of CAN-SPAM. Depending on

how broadly courts interpret the words “adversely affected,” this provision may moot

Hamidi’s common law analysis by providing a statutory cause of action. At minimum, CAN-

SPAM expedites recipient IAP causes of action by providing statutory damages and

389.

attorneys’ fees and by providing another basis (in addition to the CFAA) for federal court

jurisdiction. As a result, CAN-SPAM should help recipient IAPs control some of the email

processing costs that are externalized to them.

In addition to bandwidth, server, preventative and maintenance costs, some companies

have sought legal recognition for the time employees waste on spam. Indeed, analysts claim

that this lost time creates enormous costs. However, as discussed in Section II supra, time

spent sorting or reading spam is not necessarily wasted, nor is it unique compared to the

many other ways that employees waste time (e.g. personal email, junk mail and personal

telephone calls). Therefore, lost productivity due to spam is a poor policy basis for

regulating spam.

3. Open Mail Relays

Spammers can offload costs to third party computers who have open mail relays, which can

cause those server operators to incur some costs like any other recipient IAP. Of course,

operators wishing to avoid those costs can simply close their mail relays, and interestingly

these operators are often considered part of the problem, not victims. Thus, forcing them to

internalize the spam-created costs (rather than pushing those costs to a spammer) may

motivate them to close the relays.

4. Targets of Forged Headers

Spammers also can offload costs to third parties using forged headers. A forged header

occurs when a spammer manipulates an email to make it look like the spam originated

from X.com when it is really being sent from Y.com. The X.com domain name operator (or

its IAP) incurs costs when undeliverable messages and recipient complaints are directed to

the operator.

The operator of a forged domain name lacks any contractual or technological way to prevent

this activity, so regulatory protection is appropriate. Indeed, thirty states prohibited forged

headers, and these state laws may not be preempted by CAN-SPAM. Meanwhile, CAN-

SPAM criminalizes forged headers and potentially sets up a private cause of action for some

victims (“providers of Internet access services” who are “adversely affected”). The

robustness of this private cause of action remains to be seen, but this CAN-SPAM provision,

plus any coverage under non-preempted state laws and other existing doctrines like

trademark law and the CFAA, should provide substantial protection to the victims of forged

headers.

5. Conclusion on Costs

Far too much rhetoric is directed to the costs borne by individual spam recipients. These

individuals no longer bear a financial cost to receive spam, and any “costs” associated with

the consumption of their attention makes unsupportable assumptions about the email’s

relevancy to the recipient. Similarly, although sending IAPs may find it desirable to obtain

regulatory protection against spam, they can control their financial exposure to spammers’

behavior through pricing and technology.

390.

Focusing on the costs borne by individual recipients and sending IAPs detracts from the

parties who incur uncontrollable costs from spam, such as recipient IAPs, operators of open

mail relays and victims of forged headers. CAN-SPAM provides some useful legal tools to

protect these parties, although those tools may be incomplete. A crisper understanding of

the real costs borne by these parties would have likely produced a more thoughtful legal

solution.

D. Spam Contains or Promotes Objectionable Content

Many spam recipients complain about objectionable content of spam, especially

pornographic spam. Due to deep feelings towards pornographic spam, Congress specifically

targeted it in CAN-SPAM by requiring warning labels. But to understand the harms

pornographic spam causes, it is useful to consider adults and minors separately.

For adults, pornographic spam is no different from any other form of unwanted content

discussed in Section II(B) supra. Nevertheless, Congress has tried to help adults avoid

unwanted pornographic spam by requiring special labeling of pornographic spam in the

subject line. When implemented, this requirement can help recipients who automatically

filter email using the appropriate words because the spam will automatically be routed

outside the recipient’s ordinary view. Until spammers regularly comply with this law,

however, filtering will not be helpful.

The mandatory labeling law may be even less helpful to recipients who manually sort

email. These recipients may still see objectionable content if the subject line contains

objectionable terms or the recipient’s email software “previews” a message and the

previewed content is objectionable.

So how can regulatory intervention help recipients avoid objectionable emails? With widely

varying perceptions of what constitutes objectionable content, regulating objectionable ads

is no more feasible than regulating irrelevant ads. Thus, the only “solution” may be for

recipients to manage their exposures themselves, either through technological measures or

by looking elsewhere when something offends.

Putting the burden on recipients to avoid pornographic spam is less satisfactory when

recipients are minors. In that case, society may be harmed when minors view this

inappropriate material.

However, minors’ exposure to pornographic spam is a microcosm of a much greater

problem: minors with email accounts. This is a major social development because

historically minors had few communication media that readily bypassed parental oversight.

Today, minors can use email, instant messenger, and cell phones to communicate with third

parties without any parental oversight and knowledge. With this additional autonomy,

minors can get into inappropriate and potentially very dangerous situations, such as

interactions with sexual predators.

Because of these risks, some parents restrict minors’ access to the Internet altogether, and

other parents permit only supervised Internet use. The former prevents any risk of

exposure to pornographic spam, and the latter approach gives parents the ability to pre-

screen pornographic spam or counsel the minor when seeing such spam.

391.

Otherwise, parents who let minors have unsupervised email use make a huge decision, and

it is not made lightly. Because these parents accept the risk that their children will engage

in dangerous online behavior, the problem of pornographic spam seems almost trivial by

comparison. If the parents trust their children enough to give them that autonomy, perhaps

we should infer that the parents deem their children responsible enough to cope with

pornographic spam.

Regulation cannot easily solve these problems. Efforts to specifically ban pornographic

spam are likely unconstitutional and do not affect emails from foreign jurisdictions. Lesser

efforts, like mandatory labeling, have low efficacy. Ultimately, there can be no substitute

for parental involvement in their children’s use of email.

III. CONCLUSION

Society is still evolving ways to cope with media saturation. Spam contributes to this

problem, but so do other media. Yet, many recipients hate spam more than other ads. As

explored by this Essay, this dichotomous attitude is hard to explain. Nevertheless, the

anger has caused anti-spam rhetoric to reach hyperbolic levels. But, while many spam

opponents decry spam as a system breakdown, the breakdown has been more political than

technological. Most state-based attempts to regulate spam, a product of political

grandstanding or legislator rage instead of rational policy-making, were ineffectual,

reflecting their weak policy underpinnings. Early feedback on CAN-SPAM suggests the

federal law will not be any more effective.

Even if CAN-SPAM beneficially affects the flow of unwanted emails, any legislative

solution seems inherently empty. Without legislative intervention, society will find ways to

cope with spam, just as we have with other media. Meanwhile, entrepreneurs will continue

to develop better tools to sort wanted and unwanted communications. Thus, more patience

with the spam “problem” might have facilitated the development of superior results

organically.

NOTES AND QUESTIONS

Did CAN-SPAM Work? If you were to make a list of your top Internet annoyances today,

where would unwanted email rank? If you had surveyed Internet users in the late 1990s, it

would have easily ranked in the top 3, and probably #1. If it ranks well below that now, is

that because, or in spite, of CAN-SPAM? In other words, if spam isn’t one of the major

Internet Law issues of the 21st century, what factors contributed to that outcome?

What is an “Email”? CAN-SPAM is an email exceptionalist statute. But what is an “email,”

and how do we distinguish it from other forms of electronic communication? CAN-SPAM

defines “electronic mail address” as

a destination, commonly expressed as a string of characters, consisting of a

unique user name or mailbox (commonly referred to as the ‘local part’) and a

reference to an Internet domain (commonly referred to as the ‘domain part’),

whether or not displayed, to which an electronic mail message can be sent or

delivered

392.

Based on this definition, is a Facebook instant message an “email”? A Facebook notification

alert? An SMS message/“text”? An appointment added to Google calendar without consent?

What is Commercial Email? CAN-SPAM applies to emails with a primary purpose of “the

commercial advertisement or promotion of a commercial product or service.” This limitation

reflects Congress’ effort to stay within its Commerce Clause authorization, but the

boundaries of commerciality are no clearer in this context than other contexts. Which of the

following might be a commercial email for CAN-SPAM purposes?

 A job seeker sends an unsolicited email to a potential employer attaching a resume

and asking for an interview.

 An elected politician sends an unsolicited email to constituents asking them to

contribute funds to her reelection campaign.

 A law firm sends an unsolicited email “newsletter” to non-clients describing a new

legal ruling and saying that its attorneys have further expertise helping clients

navigate the ruling.

 An Uber user sends an affiliate code to his friends saying that both the sender and

recipient will save $20 on their next Uber rides if the friend creates a new Uber

account using the affiliate code

 A person sends an email to her friends saying that she is doing a bike ride for

charity and asking recipients to donate to her team’s fundraising page.

If you have done any of these activities, did you consider the possibility that you may need

to comply with CAN-SPAM?

State Law Preemption. CAN-SPAM preempted state anti-spam laws except laws restricting

“falsity or deception” in commercial email. After CAN-SPAM, many states adopted laws

seeking to fit into that non-preempted space. Given that heterogeneous state laws still are

in effect, what did CAN-SPAM’s preemption clause accomplish?

393.

XI. Blogs and Social Networking Sites

The Third Wave of Internet Exceptionalism

By Eric Goldman

Posted March 11, 2009 to http://blog.ericgoldman.org/archives/2009/03/the_third_wave.htm

From the beginning, the Internet has been viewed as something special and “unique.” For

example, in 1996, a judge called the Internet “a unique and wholly new medium of

worldwide human communication.”

The Internet’s perceived novelty has prompted regulators to engage in “Internet

exceptionalism,” crafting Internet-specific laws that diverge from regulatory precedents in

other media. Internet exceptionalism has come in three distinct waves:

The First Wave: Internet Utopianism

In the mid-1990s, some people fantasized about an Internet “utopia” that would overcome

the problems inherent in other media. Some regulators, fearing disruption of this possible

utopia, sought to treat the Internet more favorably than other media.

47 U.S.C. §230 (a law still on the books) is a flagship example of mid-1990s efforts to

preserve Internet utopianism. The statute categorically immunizes online providers from

liability for publishing most types of third party content. It was enacted (in part) “to

preserve the vibrant and competitive free market that presently exists for the Internet and

other interactive computer services, unfettered by Federal or State regulation.” The statute

is clearly exceptionalist because it treats online providers more favorably than offline

publishers—even when they publish identical content.

The Second Wave: Internet Paranoia

Later in the 1990s, the regulatory pendulum swung in the other direction. Regulators still

embraced Internet exceptionalism, but instead of favoring the Internet, regulators treated

the Internet more harshly than analogous offline activity.

For example, in 2005, a Texas website called Live-shot.com announced that it would offer

“Internet hunting.” The website allowed paying customers to control, via the Internet, a

gun on its game farm. An employee manually monitored the gun and could override the

customer’s instructions. The website wanted to give people who could not otherwise hunt,

such as paraplegics, the opportunity to enjoy the hunting experience.

The regulatory reaction to Internet hunting was swift and severe. Over 3 dozen states

banned Internet hunting. California also banned Internet fishing for good measure.

However, regulators never explained how Internet hunting is more objectionable than

physical space hunting.

For example, California Sen. Debra Bowen criticized Internet hunting because it “isn’t

hunting; it’s an inhumane, over the top, pay-per-view video game using live animals for

target practice….Shooting live animals over the Internet takes absolutely zero hunting

skills, and it ought to be offensive to every legitimate hunter.”

394.

Sen. Bowen’s remarks reflect numerous unexpressed assumptions about the nature of

“hunting” and what constitutes fair play. In the end, however, hunting may just be

“hunting,” in which case the response to Internet hunting may just be a typical example of

adverse Internet exceptionalism.

The Third Wave: Exceptionalism Proliferation

The past few years have brought a new regulatory trend. Regulators are still engaged in

Internet exceptionalism, but each new advance in Internet technology has prompted

exceptionalist regulations towards that technology.

For example, the emergence of blogs and virtual worlds has helped initiate a push towards

blog-specific and virtual world-specific regulation. In effect, Internet exceptionalism has

splintered into pockets of smaller exceptionalist efforts.

Regulatory responses to social networking sites like Facebook and MySpace are a prime

example of Internet exceptionalism splintering. Rather than regulating these sites like

other websites, regulators have sought social networking site-specific laws, such as

requirements to verify users’ age, combat sexual predators and suppress content that

promotes violence. The result is that the regulation of social networking sites differs not

only from offline enterprises but from other websites as well.

Implications

Internet exceptionalism is not inherently bad. In some cases, the Internet truly is unique,

special or different and should be regulated accordingly. Unfortunately, more typically,

exceptionalism cannot be analytically justified and instead reflects regulatory panic.

In these cases, regulatory exceptionalism can be harmful, especially to Internet

entrepreneurs and their investors. It can distort the marketplace between web enterprises

and their offline competition—occasionally advantaging the website (such as 47 U.S.C.

230), but typically hindering the web business’ ability to compete. In extreme cases, such as

Internet hunting, unjustified regulatory intervention may put companies out of business.

Accordingly, before enacting exceptionalist Internet regulation, regulators should articulate

how the Internet is unique, special or different and explain why these differences support

exceptionalism. Unfortunately, emotional overreactions to perceived Internet threats or

harms typically trump such a rational regulatory process. Knowing this tendency, perhaps

we can better resist that temptation.

395.

People v. Lopez, 2016 WL 297942 (Cal. App. Ct. 2016)

Defendant Hector Salvador Lopez…challenges two of the imposed probation conditions.

First, he argues that the probation condition requiring him to give his probation officer

passwords to any “social media sites” is unreasonable and unconstitutionally vague….

Defendant argues that the term “social media site” is vague, because it has “neither a clear

legal definition or any obvious contours in common sense.” Defendant maintains that, for

example, certain Web sites like Facebook are commonly accepted as a social media site.

However, he claims that due to the inherent ambiguity in the term “social media site,” it is

unclear whether other, less typical Web sites would be considered a “social media site.” In

support of this argument, defendant brings up the example of a newspaper Web site where

individuals are able to create accounts and comment on news stories. These Web sites

involve a degree of social interaction with other users, and is a way for users to share and

promote content with each other. Defendant insists that it is unclear whether these Web

sites would be considered social media sites under the imposed condition….

…the [lower] court here provided context by listing certain examples of social media sites

covered by the probation condition, including Facebook, Instagram, Myspace, Mocospace, or

anything similar. Further, the probation condition was imposed as part of a standard set of

gang orders. Accordingly, the condition’s purpose—to deter criminal activities associated

with gangs and to prevent future criminality by disassociating defendant from other gang

members—provides guidance to the probationer and clarifies which “social media sites” the

condition intends to target.

Defendant maintains that the term “social media sites” remains ambiguous on its face. We

agree with defendant’s assessment that at first blush the definition of the term “social

media” appears murky, because it lacks a clear definition in California law. Our Legislature

has attempted to define the term “social media” in other codes, but the crafted definitions

have been sweeping. For example, in a footnote in their reply brief, the People point out

that the term “social media” has been defined in the Education Code as “an electronic

service or account, or electronic content, including, but not limited to, videos or still

photographs, blogs, video blogs, podcasts, instant and text messages, email, online services

or accounts, or Internet Web site profiles or locations.” (Educ. Code, § 99120.) A similar

definition is also found in Labor Code section 980, subdivision (a).

The People do not attempt to argue that these definitions apply to defendant’s probation

condition. Nor do we believe application of this definition is appropriate, since the broad

definitions found in the Education Code and Labor Code, which include “online services or

accounts” or “Internet Web site profiles or locations,” would encompass almost anything

that can be found on the Internet, including online bank accounts and e-mail accounts. This

definition likely encompasses a larger swath of defendant’s online presence that the

probation condition did not intend to reach.

However, a practical, acceptable, and common-sense definition of the term does exist. And

that is what the condition needs in order to pass constitutional muster. According to the

Oxford English Dictionary, “social media” constitutes “websites and applications which

enable users to create and share content or to participate in social networking.” In turn,

“social networking” is defined as “the use or establishment of social networks or

396.

connections; (now esp.) the use of websites which enable users to interact with one another,

find and contact people with common interest, etc.” And, “social network” is defined as “a

system of social interactions and relationships; a group of people who are socially connected

to one another; (now also) a social networking website; the users of such a website

collectively.”…

Here, the term “social media,” although not mathematically precise, has a reasonably

certain definition: Web sites where users are able to share and generate content, and find

and connect with other users of common interests. And, the term was made sufficiently

specific by the trial court when it clarified that the probation condition covered social media

sites including Facebook, Instagram, Myspace, Mocospace, or anything similar.

Accordingly, for the aforementioned reasons, we do not find that the term “social media

sites” to be unconstitutionally vague and reject defendant’s conjecture that the condition

could be interpreted to include news Web sites.

Lastly, defendant posits that the condition is also vague because it covers social media

“sites.” Defendant claims that it is unclear whether, based on this language, social media

applications (i.e., applications that only have an interface accessible on a cell phone or

tablet device) that do not have a Web site component would be covered by the probation

condition. We disagree that the condition is vague in this regard. Although the term

references “sites,” we believe it is reasonably clear that the probation condition intends to

include all social media that has an online component. Read this way, there is no vagueness

in the condition’s use of the term “sites.”…

NOTES AND QUESTIONS

What is a “Social Media Site”? As Justice Alito declared, “it is not easy to provide a precise

definition of a ‘social media’ site.” Packingham v. North Carolina, 137 S. Ct. 1730 (2017)

(concurrence n. 16).

Notice how the Lopez court used a sleight-of-hand to get around this. In order to find that

the meaning of the term “social media sites” is “reasonably certain,” the court had to (a)

ignore a statutory definition of the exact same term adopted by the California legislature

(albeit in a different context), and (b) collapse the definition of three different words from

the Oxford English Dictionary Online.

The Lopez court defines a “social media site” as “Web sites where users are able to share

and generate content, and find and connect with other users of common interests.” Assume

for a moment that we don’t have the ejusdem generis examples that the lower court

included in the probation conditions. Which of the following should constitute a “social

media site” according to the Lopez court?

 online banks. No, because the court expressly says it’s not included.

 an e-commerce site. Normally no if the site is purely transactional. However, what if

the e-commerce site includes consumer review functionality, like Amazon does?

 newspaper message boards. Unclear. The court’s definition implies users must be

able to “connect” to each other, which older message board functions don’t normally

397.

allow. But if the term “connect” is metaphorical and not technological, then every

user-generated content function enables like-minded folks to gather and discuss.

 online dating apps like Tinder or Grindr. Definitely yes even if they are purely

mobile apps.

 online video games like massively multi-player online role playing games

(MMORPGs). Probably yes.

 Photo and video sharing sites like YouTube and Flickr. Probably yes. Note that a

person’s YouTube and Gmail accounts may share the same login credentials. So if

the probationer turns over the YouTube passwords, the probation officer also should

be able to log into the probationer’s Gmail account, even though the court expressly

says email accounts are excluded.

Given the definition’s murkiness, if you’re the probationer, aren’t you likely to turn over

every online login credentials, including online banking and email accounts, because it’s not

worth risking jailtime? The court rejected the probationer’s overbreadth argument, but if

you conclude that the probationer’s most rational choice is to overdisclose login credentials,

perhaps the overbreadth argument deserved more credit.

The California Social Media Privacy Laws. California Education Code § 99120 restricts

schools’ access to students’ social media accounts. California Labor Code § 980 restricts

employers’ access to employees’ social media accounts. A majority of the other states have

similar laws, though the actual wording varies substantially from state to state.

The California laws define “social media” as

an electronic service or account, or electronic content, including, but not

limited to, videos, still photographs, blogs, video blogs, podcasts, instant and

text messages, email, online services or accounts, or Internet Web site

profiles or locations.

By including “electronic content,” the laws don’t just apply to “social media”—they apply to

all digital content and activity, both online and offline.

Furthermore, Labor Code § 980 restricts employers’ access to “personal” social media,

presumably in contradistinction to “business-related” accounts that aren’t restricted. Yet,

the law doesn’t define when a social media account is “personal.” While some social media

accounts are clearly “personal” and others are clearly “business-related,” many employee

social media accounts could represent a mix of the two. Indeed, employers and employees

routinely disagree about whether or not a social media account was personal or business-

related.

This puts employers in an obvious squeeze: employers may not know which employee

accounts are purely personal and which are a mix of personal and business-related; the

statute doesn’t expressly allow employers to access mixed account; and the statute doesn’t

give employers a defense if they demand the login credentials because they reasonably but

mistakenly thought the account was all or partially business-related.

398.

It might seem odd to question the value of social media password protection laws, but for an

extended critique of the state-by-state enactments, see Eric Goldman, The Spectacular

Failure of Employee Social Media Privacy Laws, Tech. & Marketing L. Blog, May 31, 2014,

http://blog.ericgoldman.org/archives/2014/05/state_laws_to_p.htm.

Implications. Do you draw any regulatory lessons from the difficulties defining “social

media” as a subset of the Internet (or, in the case of the California laws, as a subset of

electronic data)?

399.

The next case shows how Section 230 applies in the context of social media. Notice how the

case extends Section 230’s immunity to offline injuries.

Doe v. MySpace, Inc., 528 F.3d 413 (5th Cir. 2008).

Jane and Julie Doe (“the Does”) appeal the district court’s dismissal of their claims for

negligence and gross negligence, and its finding that the claims were barred by the

Communications Decency Act (“CDA”), 47 U.S.C § 230, and Texas common law. For the

following reasons, we affirm the decision of the district court.

I. FACTS AND PROCEEDINGS

MySpace.com is a Web-based social network. Online social networking is the practice of

using a Web site or other interactive computer service to expand one’s business or social

network. Social networking on MySpace.com begins with a member’s creation of an online

profile that serves as a medium for personal expression, and can contain such items as

photographs, videos, and other information about the member that he or she chooses to

share with other MySpace.com users. Members have complete discretion regarding the

amount and type of information that is included in a personal profile. Members over the age

of sixteen can choose the degree of privacy they desire regarding their profile; that is, they

determine who among the MySpace.com membership is allowed to view their profile. Once

a profile has been created, the member can use it to extend “invitations” to existing friends

who are also MySpace.com users and to communicate with those friends online by linking

to their profiles, or using e-mail, instant messaging, and blogs, all of which are hosted

through the MySpace.com platform.

Members can also meet new people at MySpace.com through user groups focused on

common interests such as film, travel, music, or politics. MySpace.com has a browser

feature that allows members to search the Web site’s membership using criteria such as

geographic location or specific interests. MySpace.com members can also become online

“friends” with celebrities, musicians, or politicians who have created MySpace.com profiles

to publicize their work and to interface with fans and supporters.

MySpace.com membership is free to all who agree to the Terms of Use. To establish a

profile, users must represent that they are at least fourteen years of age. The profiles of

members who are aged fourteen and fifteen are automatically set to “private” by default, in

order to limit the amount of personal information that can be seen on the member’s profile

by MySpace.com users who are not in their existing friends network and to prevent younger

teens from being contacted by users they do not know. Although MySpace.com employs a

computer program designed to search for clues that underage members have lied about

their age to create a profile on the Web site, no current technology is foolproof. All members

are cautioned regarding the type of information they release to other users on the Web site,

including a specific prohibition against posting personal information such as telephone

numbers, street addresses, last names, or e-mail addresses. MySpace.com members are also

encouraged to report inaccurate, inappropriate, or obscene material to the Web site’s

administrators.

In the summer of 2005, at age thirteen, Julie Doe (“Julie”) lied about her age, represented

that she was eighteen years old, and created a profile on MySpace.com. This action allowed

400.

her to circumvent all safety features of the Web site and resulted in her profile being made

public; nineteen-year-old Pete Solis (“Solis”) was able to initiate contact with Julie in April

2006 when she was fourteen. The two communicated offline on several occasions after Julie

provided her telephone number. They met in person in May 2006, and, at this meeting,

Solis sexually assaulted Julie.2…

III. DISCUSSION

In October 1998*, Congress recognized the rapid development of the Internet and the

benefits generated by Web-based service providers to the public. In light of its findings,

Congress enacted the CDA for several policy reasons, including “to remove disincentives for

the development and utilization of blocking and filtering technologies that empower parents

to restrict their children’s access to objectionable or inappropriate online material.” To

achieve that policy goal, Congress provided broad immunity under the CDA to Web-based

service providers for all claims stemming from their publication of information created by

third parties, referred to as the “Good Samaritan” provision. Indeed, “[n]o cause of action

may be brought and no liability may be imposed under any State or local law that is

inconsistent with this section.”

Courts have construed the immunity provisions in § 230 broadly in all cases arising from

the publication of user-generated content. For example, the Ninth Circuit [in Carafano]

held that a Web-based dating-service provider was not liable when an unidentified party

posted a false online personal profile for a popular actress, causing her to receive sexually

explicit phone calls, letters, and faxes at her home. Acknowledging that the immunity

provision in § 230(c)(1) of the CDA causes “Internet publishers [to be] treated differently

from corresponding publishers in print, television and radio,” the Ninth Circuit held that

“[u]nder § 230(c), ... so long as a third party willingly provides the essential published

content, the interactive service provider receives full immunity regardless of the specific

editing or selection process.”

Similarly, the Fourth Circuit dismissed a plaintiff’s claims on the pleadings, holding that

the CDA protects Web-based service providers from liability even after the provider is

notified of objectionable content on its site. The plaintiff in Zeran sued an Internet service

provider for failing to remove upon notice a false advertisement offering shirts featuring

tasteless slogans relating to the 1995 bombing of the Oklahoma City Federal Building and

instructing interested buyers to call the plaintiff to place orders. After analyzing the

immunity provision of § 230, the Fourth Circuit wrote:

If computer service providers were subject to distributor liability, they would

face potential liability each time they receive notice of a potentially

defamatory statement—from any party, concerning any message.... Because

service providers would be subject to liability only for the publication of

information, and not for its removal, they would have a natural incentive

simply to remove messages upon notification, whether the contents were

2 Julie’s mother reported the assault to Austin, Texas police, who arrested Solis and charged him with second-

degree sexual assault. * [Editor’s note: this date appears to be an error. The DMCA was enacted in October 1998. The CDA was

enacted in February 1996.]

401.

defamatory or not. Thus, like strict liability, liability upon notice has a

chilling effect on the freedom of Internet speech.... Because the probable

effects of distributor liability on the vigor of Internet speech and on service

provider self-regulation are directly contrary to § 230’s statutory purposes,

we will not assume that Congress intended to leave liability upon notice

intact.

Parties complaining that they were harmed by a Web site’s publication of user-generated

content have recourse; they may sue the third-party user who generated the content, but

not the interactive computer service that enabled them to publish the content online.

The Does appear to agree with the consensus among courts regarding the liability

provisions in § 230(c)(1). They argue, however, that their claims against MySpace do not

attempt to treat it as a “publisher” of information; therefore, they argue that § 230 does not

immunize MySpace from their claims and state tort law applies in full effect. The Does

attempt to distinguish their case from Carafano, Zeran, and other contrary authority by

claiming that this case is predicated solely on MySpace’s failure to implement basic safety

measures to protect minors. The district court rejected the Does’ argument, stating:

The Court, however, finds this artful pleading to be disingenuous. It is quite

obvious the underlying basis of Plaintiffs’ claims is that, through postings on

MySpace, Pete Solis and Julie Doe met and exchanged personal information

which eventually led to an in-person meeting and the sexual assault of Julie

Doe. If MySpace had not published communications between Julie Doe and

Solis, including personal contact information, Plaintiffs assert they never

would have met and the sexual assault never would have occurred. No matter

how artfully Plaintiffs seek to plead their claims, the Court views Plaintiffs’

claims as directed toward MySpace in its publishing, editorial, and/or

screening capacities.

The Does do not present any caselaw to support their argument. In fact, they rely upon the

same line of cases listed above but point to § 230(c)(1)’s grant of immunity to publishers of

third-party content as evidence that their claims are somehow different. Other courts,

however, have examined pleadings similar to the Does’ and have reached the same

conclusion as the district court. For example, in Green, the plaintiff sued a Web-based

service provider after he received a computer virus from a third party and endured

derogatory comments directed at him by others in an online “chat room.” He made a failure-

to-protect argument similar to the Does’, claiming that “AOL waived its immunity under [§]

230 by the terms of its membership contract with him and because AOL’s Community

Guidelines outline standards for online speech and conduct and contain promises that AOL

would protect [him] from other subscribers.” The Third Circuit, however, dismissed the

claims as barred by § 230, after recharacterizing the plaintiff’s claims:

There is no real dispute that Green’s fundamental tort claim is that AOL was

negligent in promulgating harmful content and in failing to address certain

harmful content on its network. Green thus attempts to hold AOL liable for

decisions relating to the monitoring, screening, and deletion of content from

its network—actions quintessentially related to a publisher’s role. Section

230 “specifically proscribes liability” in such circumstances.

402.

Green demonstrates the fallacy of the Does’ argument. Their claims are barred by the CDA,

notwithstanding their assertion that they only seek to hold MySpace liable for its failure to

implement measures that would have prevented Julie Doe from communicating with Solis.

Their allegations are merely another way of claiming that MySpace was liable for

publishing the communications and they speak to MySpace’s role as a publisher of online

third-party-generated content.

The Does further argue for the first time on appeal that MySpace is not immune under the

CDA because it partially created the content at issue, alleging that it facilitates its

members’ creation of personal profiles and chooses the information they will share with the

public through an online questionnaire. The Does also contend that MySpace’s search

features qualify it as an “information content provider”, as defined in the CDA: “The term

‘information content provider’ means any person or entity that is responsible, in whole or in

part, for the creation or development of information provided through the Internet or any

other interactive computer service.”

Nothing in the record, however, supports such a claim; indeed, Julie admitted that she lied

about her age to create the profile and exchanged personal information with Solis. In the

February 1, 2007 hearing before the district court, the Does admitted that Julie created the

content, disclosing personal information that ultimately led to the sexual assault, but

stressed that their cause of action was rooted in the fact that MySpace should have

implemented safety technologies to prevent Julie and her attacker from meeting:

THE COURT: I want to get this straight. You have a 13-year-old girl who

lies, disobeys all of the instructions, later on disobeys the warning not to give

personal information, obviously, [and] does not communicate with the parent.

More important, the parent does not exercise the parental control over the

minor. The minor gets sexually abused, and you want somebody else to pay

for it? This is the lawsuit that you filed?

MR. ITKIN [Counsel for the Does]: Yes, your Honor.

....

MR. ITKIN: The first point is we’re not complaining about any of the content

that was transmitted between Julie Doe and Pete Solis. Our complaint is

[that] the two of them never should have been able to meet because MySpace

could have implemented technology very simple and technologically—not

simple but technologically and inexpensive age verification software that has

been asked for by attorneys general before the lawsuit happened, or even

done the things they did right after the filing of the lawsuit that would have

prevented these two people from ever meeting. We wanted to keep the foxes

out of the hen house. That’s the first thing, your Honor, is that we’re not

complaining about the content.

Throughout the hearing, the Does stated they had one argument—that MySpace was

negligent for not taking more precautions:

403.

MR. ITKIN: Pete Solis is liable for an assault. But what we’re trying to hold

MySpace liable for isn’t the publishing of a phone number but, rather, we’re

trying to hold MySpace responsible for not putting in the safety precautions

to keep the two of them separated.

....

THE COURT: Now, I’ve heard all of your arguments on the negligence and

the duty. Now the duty is something that’s bothering me and that’s my next

question to you. But as I read your pleadings, they are just wholly

inapplicable to the Federal Rules of Procedure on fraud. You’ve got no specific

fraud here. And on your negligent misrepresentation, that’s just a rehash of

what you’re already doing. So we’re really talking about one cause of action,

and that is a negligence cause of action. You keep nodding. Do you agree with

that?

MR. ITKIN: I think that is a fair recommendation, a fair statement.

....

MR. ITKIN: Thank you. Your Honor we are not—and I want to be very clear

about this. We are not complaining about any of the content that was

exchanged between Julie Doe and Pete Solis. We understand that that is

something we cannot complain about. Our complaint is only that these two

should have never been allowed to find each other, anyways, if reasonable

safety precautions were put in place. And under congressional law and, we

believe, Texas common law, that’s enough to state a claim.

Although the Does’ complaint alleged that MySpace allowed or encouraged members to post

information after a member’s profile had been created, counsel for the Does reiterated in

the hearing time and again that they had no complaints or allegations regarding the

content of the information posted by Julie or exchanged between Julie and Solis. It appears

that the reference to MySpace’s solicitation of information was solely used to set up the

Does’ argument that MySpace failed to protect Julie by declining to implement age-

verification software:

THE COURT: But your client violated every single thing that MySpace says

to do.

MR. ITKIN: Which is your Honor—and true. That is correct, your Honor. But

I will say that that’s a known risk to MySpace. And that’s not just me saying

it, that’s the Attorney General saying it.

THE COURT: Everyone knows people lie. So therefore, should you be liable?

MR. ITKIN: No, your Honor. But when you know of the risk and you know

that the people—there’s potential for lying, all you need to do is put some

basic safety mechanisms in place to prevent—or to circumvent the lying.

404.

THE COURT: So you’ve got the Attorney General of the United States saying

... don’t put your credit card on the internet, but you want them to do it to get

a free space. That’s one of the things.

MR. ITKIN: That’s one of the things.

THE COURT: Then a driver’s license. Do you know how many people I

sentence here every Friday that have a fake driver’s license?

MR. ITKIN: I can imagine a lot, your Honor.

....

MR. ITKIN: What we really want, your Honor, is there’s a company out

there—I’ll give you an example of one of the companies out there called

Aristotle. Aristotle through public databases if you enter your name, your zip

code, and your birth year can come back with, hey, this person’s real; or you

can enter an e-mail and have verification. So there’s some things to do that

are less intrusive as far as giving people your driver’s license or your Social

Security number.

....

MR. ITKIN: Your Honor, because if [MySpace] had the age verification

software in place, [Julie and Solis] never would have talked in the first place.

They never would have known about each other.

At no time before filing their appeal in this Court did the Does argue that the CDA should

not apply to MySpace because it was partially responsible for creating information

exchanged between Julie and Solis. Because the Does failed to present this argument to the

district court, they are barred from making this argument on appeal. We therefore hold,

without considering the Does’ content-creation argument, that their negligence and gross

negligence claims are barred by the CDA, which prohibits claims against Web-based

interactive computer services based on their publication of third-party content. Because we

affirm the district court based upon the application of § 230(c)(1), there is no need to apply §

230(c)(2), or to assess the viability of the Does’ claims under Texas common law in the

absence of the CDA….

NOTES AND QUESTIONS

Age Verification Redux. As we’ve repeatedly discussed, plaintiffs and regulators keep

agitating for age verification, but the technology challenge has proven tougher than

anticipated. See Nicole Perlroth, Verifying Ages Online Is a Daunting Task, Even for

Experts, N.Y. TIMES, June 17, 2012.

In 2008, following coercive “coaxing” by dozens of state Attorneys General, MySpace and

Facebook undertook greater efforts to protect 13 and 14 year old site users. Yet, Facebook

has millions of under-13 users, and in many cases parents help their pre-teens work around

the site’s technological efforts to screen them out. danah boyd et al, Why Parents Help Their

Children Lie to Facebook About Age: Unintended Consequences of the ‘Children’s Online

Privacy Protection Act’, FIRST MONDAY, Nov. 7, 2011,

405.

http://www.firstmonday.org/ojs/index.php/fm/article/view/3850; Matt Richtel & Miguel

Helft, Facebook Users Who Are Under Age Raise Concerns, N.Y. TIMES, Mar. 11, 2011.

Allocation of Responsibility. Consider the list of parties who might bear responsibility for

the sexual assaults:

 Pete Solis, the sexual predator. Solis pleaded guilty to criminal charges and was

sentenced to 90 days in jail. From MySpace’s perspective, Solis was an intervening

tortfeasor.

 the teenage victim, who lied to MySpace and made risky choices.

 the victim’s parents. Arguably, they did not supervise the victim’s online or offline

activities.

 the school. Note that Solis allegedly picked the victim up from school.

 the parking lot operator where Solis and the victim went to have sex.

 MySpace, which allowed the victim to lie, allowed Solis to find her, and enabled Solis

and the victim to communicate.

Which, if any, of these parties should bear responsibility for the sexual assault? All of

them? None of them? Some subset?

“But For” and Proximate Causation. When so many parties are “but for” causal contributors

to a tragedy, how should we allocate proximate causation? Section 230 normally moots that

question, but Vesely v. Armslist LLC, 762 F.3d 661 (7th Cir. 2014) considered the

underlying tort principles without relying on Section 230.

Armslist runs a classified advertising website for guns. A buyer and seller met through

Armslist and arranged a transaction that violated federal law. The buyer used the gun to

murder a woman who had spurned his romantic overtures. The deceased’s family sued

Armslist for negligence in allowing the illegal gun sale to take place.

The court rejected the claim on ordinary tort principles, without mentioning Section 230 at

all. First, the court held that Armslist didn’t owe the deceased a duty. The court says that

“when an intervening criminal act by a third person arises,” the defendant has a duty to

prevent negligence that attaches only when the defendant has a “special relationship” with

the victim. In this case, Armslist didn’t have a special relationship with the victim; in fact,

it had no relationship at all. Second, the court held that Armslist didn’t impermissibly

facilitate the gun buyer’s crime:

simply enabling consumers to use a legal service is far removed from

encouraging them to commit an illegal act. Armslist permitted Ladera to

place an advertisement on its website and nothing more. It did not invite

Ladera or Smirnov to break the law.

See also Fields v. Twitter, Inc., 881 F.3d 739 (9th Cir. 2018) (Twitter isn’t liable for

terrorist-caused deaths, even though terrorists use Twitter).

406.

E-Discovery is a critical part of every litigator’s practice, and social networking accounts

can be a treasure trove of rich and juicy evidence that every litigator craves. Is everything

stored by a social networking site fair game in litigation? The next two opinions address

that question.

Zimmerman v. Weis Markets, 2011 WL 2065410 (Penn. Ct. Common Pleas 2011)

…The case at bar involves an accident that occurred on April 21, 2008 while Zimmerman

was operating a forklift at Weis Markets’ warehouse located in Milton, Pennsylvania.

Zimmerman seeks damages for the injuries caused to his left leg as a result of the accident,

including lost wages, lost future earning capacity, pain and suffering, scarring and

“embarrassment.” He avers that “his health in general has been seriously and permanently

impaired and compromised” and, that “he has sustained a permanent diminution in the

ability to enjoy life and life’s pleasures.” Weis Markets, upon review of the public portion of

Zimmerman’s Facebook page, discovered that his interests included “ridin” and “bike

stunts” and his MySpace page contains more recent photographs depicting Zimmerman

with a black eye and his motorcycle before and after an accident. Additionally, there are

photographs of Zimmerman wearing shorts, and his scar from this accident is clearly

visible. Weis Markets argues that this is relevant because at his deposition, Zimmerman

claimed he never wears shorts because he is embarrassed by his scar. Based on what was

observed on the publicly available portions of Zimmerman’s Facebook and MySpace pages,

Weis Markets believes there may be other relevant information as to Zimmerman’s damage

claims on the non-public portions of his Facebook and MySpace pages.

Zimmerman argues that his privacy interests outweigh the need to obtain the discovery

material.2…

I…

[The court discussed an analogous precedent, Romano v. Steelcase, Inc., 907 N.Y.S.2d 650

(Suffolk Co. 2010), which said:]

Thus, it is reasonable to infer from the limited postings on Plaintiff’s public

Facebook and MySpace profile pages, that her private pages may contain

materials and information that are relevant to her claims or that may lead to

the disclosure of admissible evidence. To deny Defendant an opportunity [to]

access to these sites not only would go against the liberal discovery policies of

New York favoring pre-trial disclosure, but would condone Plaintiff’s attempt

to hide relevant information behind self-regulated privacy settings.

2 In the alternative, Zimmerman also argued that the Court should conduct an in-camera review and decide

what materials should be provided to Weis Markets. This argument is flatly rejected as an unfair burden to

place on the Court, which would not only require the time and resources necessary to complete a thorough

search of these sites, but also would require the Court to guess as to what is germane to defenses which may be

raised at trial.

407.

II

The plaintiff in Romano contended that production of her entries on Facebook and MySpace

would violate her right to privacy, which outweighed the defendant’s need for the

information. However, as Romano aptly noted, “[t]he Fourth Amendment’s right to privacy,

protects people, not places” citing Katz v. United States, 389 U.S. 347 (1967) and the

reasonableness standard imposed thereunder (i.e. a reasonable expectation of privacy). As

noted by Romano, it was stated by the United States District Court of New Jersey in Beye

v. Horizon Blue Cross Blue Shield of New Jersey, 06-5337 (D.N.J. December 14, 2007):

“[t]he privacy concerns are far less where the beneficiary herself chose to disclose the

information.” Further, Romano found both California and Ohio courts that rejected the

notion of a reasonable expectation of privacy as to MySpace postings. See Moreno v.

Hanford Sentinel Inc., 172 Cal. App. 4th 1125 (Cal. App. 5 Dist. 2009) and Dexter v. Dexter,

2007 WL 1532084 (Ohio App. 11 Dist. 2007). All the authorities recognize that Facebook

and MySpace do not guarantee complete privacy. Facebook’s privacy policy explains that

users post any content on the site at their own risk and informs users that this information

may become publicly available.6 The Romano court therefore concluded:

Thus, when Plaintiff created her Facebook and MySpace accounts, she

consented to the fact that her personal information would be shared with

others, notwithstanding her privacy settings…Since Plaintiff knew that her

information may become publicly available, she cannot now claim that she

had a reasonable expectation of privacy.

In view of the sound, logical approach of the court in Romano, this Court is likewise

persuaded that the argument of Zimmerman that his privacy interests outweigh the

discovery requests is unavailing.

It is well recognized that the Pennsylvania Rules of Civil Procedure, like New York, provide

for liberal discovery: “Generally, discovery is liberally allowed with respect to any matter,

not privileged, which is relevant to the cause being tried.” Zimmerman placed his physical

condition in issue, and Weis Markets is entitled to discovery thereon. Based on a review of

the publicly accessible portions of his Facebook and MySpace accounts, there is a

reasonable likelihood of additional relevant and material information on the non-public

portions of these sites. Zimmerman voluntarily posted all of the pictures and information on

his Facebook and MySpace sites to share with other users of these social network sites, and

he cannot now claim he possesses any reasonable expectation of privacy to prevent Weis

Markets from access to such information. By definition, a social networking site is the

interactive sharing of your personal life with others; the recipients are not limited in what

they do with such knowledge. With the initiation of litigation to seek a monetary award

based upon limitations or harm to one’s person, any relevant, non-privileged information

about one’s life that is shared with others and can be gleaned by defendants from the

internet is fair game in today’s society. Accordingly, Weis Markets’ Motion to Compel is

granted.

6 It is well publicized that Facebook’s privacy policy and its revisions have been the subject of criticism and

controversy that may be never ending. One need only “Google” search the terms “Facebook privacy” for an

exhaustive list of access to articles on the topic.

408.

Based on the foregoing, the following Order is entered:

AND NOW, this 19th day of May, 2011, it is hereby ORDERED that Plaintiff shall provide

all passwords, user names and log-in names for any and all MySpace and Facebook

accounts to Defendant within twenty (20) days from the date hereof. It is FURTHER

ORDERED that Plaintiff shall not take steps to delete or alter existing information and

posts of his MySpace or Facebook accounts.

409.

Farley v. Callais & Sons LLC, 2015 WL 4730729 (E.D. La. 2015)

Before the Court is a Motion to Compel Production of Facebook Records filed by Defendant,

Callais & Sons, LLC (“Callais”). That motion seeks an order compelling personal-injury

plaintiff, Carl M. Farley (“Farley”), to produce:

all of his Facebook activity and records subsequent to the alleged incident on

May 24, 2014….

At first blush, it appears Callais seeks broad discovery from Farley of “all Facebook

activity” from his accident date through the present. Actually, it seeks something more —

by virtue of its request that this Court compel Farley to provide password and log-in

information and execute the authorization it included as part of its requests, it seeks

unsupervised and ongoing entry into (and even “real-time” monitoring of) the

“private”1 portions of Farley’s Facebook account(s) in order to conduct its own survey and

analysis of what might be helpful to it in this litigation….

The Court suspects that even a casual reader would view these requests as intrusive,

particularly given the fact that the combination of requests for log-in and password

information and an accompanying request for an authorization that Facebook turn over all

the sought-after information would essentially render moot any exercise of discretion by

Farley or his counsel in determining what, if any, information was actually discoverable. If

this were a “traditional” document request, that would certainly be the case. But these are

requests for “social media”-based information, so the suggestion has been made that a new,

perhaps yet-to-be-determined, set of discovery principles and rules should apply here. The

Court disagrees.

No doubt the proliferation of activity on social networking sites (“SNS”) is affecting what

have been fairly well-established conventions when it comes to formal discovery in federal-

court litigation. Smart, opportunistic lawyers are now routinely seeking to exploit the

“brave new world” feel of this ever-evolving aspect of how many average Americans go

about their daily lives to gain an advantage in litigation. This Court’s recent experience and

research confirms this observation, evident not only in the cascade of motions like the one

now before this Court that seek surprisingly broad disclosure of “private” online discourse,

but in the relative paucity of on-all-fours precedent that might otherwise guide us as to how

a litigant’s social-media activity and conduct fit into what lawyers and judges already

understand about the breadth and limits of discovery under the Federal Rules of Civil

Procedure.

….[Callais makes] a rather bold argument, the tagline of which is “[i]f the plaintiff has

nothing to hide, then he should not object to producing his Facebook records.” This

statement reveals a fundamental misunderstanding of the general scope of discovery and

where SNS information fits within that scope.

1 As the Court noted and counsel agreed at the hearing on this motion, any information on Plaintiffs “public”

Facebook area is, by definition, already available to Callais and that information is not the subject of this

motion.

410.

The present motion is about discovery of social media communications, which some lawyers

and litigants apparently perceive to be different in kind than “other” discovery we are more

accustomed to seeing. The Federal Rules do not allow for that distinction. The question

created by the present motion and counsel’s argument in support of it is whether the

manner in which something is communicated to a select group of people (“friends” in the

SNS parlance) matters under Rule 26. When it comes to one of the key indices of

discoverability — relevance — is there a meaningful difference between typing a message

into a cellphone or a computer keyboard, as opposed to speaking it out loud to another

person or writing it on paper? In this Court’s view, the answer to that question must be

“no.”…

[A prior Kansas district court opinion, Smith v. Hillshire Brands, discussed similar issues:]

The next request was problematic for the court, raising a “more complex issue, as it seeks

documentation of all of plaintiff’s activity on the named social networks since January 1,

2013, regardless of whether the activity has anything at all to do with this case or the

allegations made in plaintiff’s complaint.” The Smith Court found this request facially

flawed, as it sought clearly irrelevant information:

Although it is apparent to the court that plaintiff’s social networking activity

that references in any way defendant or matters asserted in plaintiff’s

complaint is relevant, it is less apparent why unfettered access to plaintiff’s

social media activity over the past year-and-a-half is relevant. The burden

therefore falls on defendant to establish relevancy….

Information on social networking sites is not entitled to special protection, but a discovery

request seeking it nevertheless must meet Fed. R. Civ. P. 26’s requirement that it be

tailored “so that it ‘appears reasonably calculated to lead to the discovery of admissible

evidence.’” Citing a decision from the Western District of Pennsylvania, the Smith Court

aptly described the concern raised by such overbroad requests:

Ordering plaintiff to permit access to or produce complete copies of his social

networking accounts would permit defendant to cast too wide a net and

sanction an inquiry into scores of quasi-personal information that would be

irrelevant and non-discoverable. Defendant is no more entitled to such

unfettered access to plaintiff’s personal email and social networking

communications than it is to rummage through the desk drawers and closets

in plaintiff’s home….

[In a different case, a judge wrote:]

Simply placing their mental and physical conditions at issue is not sufficient

to allow [Defendant] to rummage through [Plaintiffs’] social media sites.

Almost every plaintiff places his or her mental or physical condition at issue,

and this Court is reticent to create a bright-line rule that such conditions

allow defendants unfettered access to a plaintiff’s social networking sites that

he or she has limited from public view

This observation is notably applicable here because Callais, through counsel, has argued in

the present motion that the broad Facebook discovery it seeks is proper and relevant

411.

because Plaintiff has placed both his physical and mental condition at issue in this case.

While this Court concludes this “placing at issue” by Plaintiff makes some of his SNS

information discoverable, that rather predictable decision by Plaintiff cannot and does not

justify the broad discovery sought by Callais in this motion.

Based on all the foregoing authority and the facts of this case, the Court finds the following

categories of information discoverable from Farley’s Facebook account, from March 24, 2014

(the date of accident) to the present:

1) postings by Farley that refer or relate to the accident in question;

2) postings that refer or relate to emotional distress that Farley alleges he

suffered as a result of the accident and any treatment that he received

therefor;

3) postings or photographs that refer or relate to alternative potential

emotional stressors or that are inconsistent with the mental injuries he

alleges here;

4) postings that refer or relate to physical injuries that Farley alleges he

sustained as a result of the accident and any treatment that he received

therefor;

5) postings that refer or relate to other, unrelated physical injuries suffered

or sustained by Farley; and

6) postings or photograph that reflect physical capabilities that are

inconsistent with the injuries that Farley allegedly suffered as a result of the

accident.

In considering this matter, the Court declines to require Plaintiff to share his log-in or

password information with Callais or to require him to sign any type of authorization to

allow Callais to seek this information directly from Facebook….[T]he Court directs that

Plaintiff’s postings be made immediately available to Plaintiff’s counsel and that they be

reviewed by Plaintiff’s counsel — not Plaintiff himself — to determine whether they fit into

one or more of the categories set forth above….11

NOTES AND QUESTIONS

Are the Zimmerman and Farley opinions reconcilable? If not, what explains the differences?

Which solution do you find more sensible?

Why did the Farley judge say the plaintiff’s counsel, and not plaintiff, should sort the

postings? Do you share the judge’s apparent confidence in the plaintiff’s counsel integrity?

Impact of Privacy Settings. In civil case discovery, it normally doesn’t matter if social media

posts have been made to the world, the poster’s “friends,” or some subset. See Forman v.

Henkin, 22 N.Y.S.3d 178 (N.Y. Ct. App. 2018) (“we reject the notion that the account

11 Counsel for Callais suggested at the hearing that this Court conduct an in camera review of all of Farley's

Facebook data to determine what should be produced. While in camera review is often appropriate to resolve

claims of privilege, for reasons too numerous to list here, this Court declines to adopt a policy of reviewing

documents in camera for relevance.

412.

holder’s so-called “privacy” settings govern the scope of disclosure of social media

materials”).

In criminal cases, social media services are only required to disclose third parties’ “public”

posts to criminal defendants. See Facebook, Inc. v. Superior Court of San Francisco (ex rel

Hunter), 4 Cal.5th 1245 (Cal. 2018).

The Trend to Limit Access to Social Media Evidence. Like the Farley opinion, other courts

have begun to question the legitimacy of broad access to social media evidence:

Social media presents some unique challenges to courts in their efforts to

determine the proper scope of discovery of relevant information and

maintaining proportionality. While it is conceivable that almost any post to

social media will provide some relevant information concerning a person’s

physical and/or emotional health, it also has the potential to disclose more

information than has historically occurred in civil litigation. While we can

debate the wisdom of individuals posting information which has historically

been considered private, we must recognize people are providing a great deal

of personal information publicly to a very loosely defined group of “friends,” or

even the entire public internet. People have always shared thoughts and

feelings, but typically not in such a permanent and easily retrievable format.

No court would have allowed unlimited depositions of every friend, social

acquaintance, co-employee or relative of a plaintiff to inquire as to all

disclosures, conversations or observations. Now far more reliable disclosures

can be obtained with a simple download of a social media history. A few clicks

on the computer and you shortly have what can consist of hundreds of pages

of recorded postings and conversations of a party. There can be little doubt

that within those postings there will be information which is relevant to some

issue in the litigation. It is equally clear that much of the information will be

irrelevant.

Just because the information can be retrieved quickly and inexpensively does

not resolve the issue. Discovery can be burdensome even as it is inexpensive.

Courts have long denied discovery of information which was easy to obtain,

but which was not discoverable….

The Defendant correctly observes that there would be very little time or

expense involved in the initial production of Plaintiff’s Facebook history.

That’s true on the front end. The problem is that such vast information has

the potential to generate additional discovery or impact trial testimony. It’s

not difficult to imagine a plaintiff being required to explain every statement

contained within a lengthy Facebook history in which he or she expressed

some degree of angst or emotional distress or discussing life events which

could be conceived to cause emotion upset, but which is extremely personal

and embarrassing. There is also substantial risk that the fear of humiliation

and embarrassment will dissuade injured plaintiffs from seeking recovery for

legitimate damages or abandon legitimate claims. That being said, Defendant

has a legitimate interest in discovery which is important to the claims and

damages it is being asked to pay. Information in social media which reveals

413.

that the plaintiff is lying or exaggerating his or her injuries should not be

protected from disclosure. Courts must balance these realities regarding

discovery of social media and that is what most of the courts which have

addressed this issue have done….

Granting access to Plaintiff’s entire Facebook history would provide minimal

relevant information while exposing substantial irrelevant information. As

such the discovery would exceed the proper limits of proportionality.

Gordon v. T.G.R. Logistics, Inc., 321 F.R.D. 401 (D. Wy. 2017); see also Forman v. Henkin,

22 N.Y.S.3d 178 (N.Y. Ct. App. 2018) (“Directing disclosure of a party’s entire Facebook

account is comparable to ordering discovery of every photograph or communication that

party shared with any person on any topic prior to or since the incident giving rise to

litigation – such an order would be likely to yield far more nonrelevant than relevant

information.”),

The Forman court offered one approach to balancing the competing interests:

courts should first consider the nature of the event giving rise to the

litigation and the injuries claimed, as well as any other information specific

to the case, to assess whether relevant material is likely to be found on the

Facebook account. Second, balancing the potential utility of the information

sought against any specific “privacy” or other concerns raised by the account

holder, the court should issue an order tailored to the particular controversy

that identifies the types of materials that must be disclosed while avoiding

disclosure of nonrelevant materials. In a personal injury case such as this it

is appropriate to consider the nature of the underlying incident and the

injuries claimed and to craft a rule for discovering information specific to

each. Temporal limitations may also be appropriate – for example, the court

should consider whether photographs or messages posted years before an

accident are likely to be germane to the litigation. Moreover, to the extent the

account may contain sensitive or embarrassing materials of marginal

relevance, the account holder can seek protection from the court. Here, for

example, Supreme Court exempted from disclosure any photographs of

plaintiff depicting nudity or romantic encounters.

Exception for Evidence of Mental or Emotional States. If a plaintiff’s claim or damages

request relates to his or her mental or emotional state, the defense might be able to seek

many of their social media posts as contemporaneous evidence of those states:

On relevancy, common sense dictates that information in Ms. Crossman’s

social media, including her Facebook and Instagram accounts, relates to her

contemporaneous mental and emotional states and therefore relates to the

injuries she claims she suffered at the hands of Carrington Mortgage,

including loss of enjoyment of life….On privacy, she has ceded some by

sharing her personal information with others on social media and by bringing

this lawsuit subject to the public right of access. To the extent she has not, a

confidentiality agreement suffices to protect her interests, and the obligations

of members of the Court’s bar suffices to deter misuse of the information.

414.

Crossman v. Carrington Mortgage Services, LLC, 2020 WL 2114639 (M.D. Fla. 2020).

Social Media and Dual Personae. The caselaw is filled with examples where litigants make

a claim in court and make contradictory statements online. See, e.g., People v. Franco, 2009

WL 3165840 (Cal. App. Ct. 2009):

At about 10:30 a.m. on June 6, 2006, Franco and Henry Chavez were seen

racing each other in their Mustang vehicles on the Ventura Freeway, each

reaching speeds of approximately 100 miles per hour. Franco applied her

brakes while Chavez was directly behind her, causing him to lose control of

his vehicle. The vehicle travelled to the other side of the freeway, flipped, and

landed in a strawberry field. Chavez was killed. Franco did not stop.

Franco testified that she was driving approximately 75 miles an hour on the

freeway when Chavez began tailgating her. When she changed lanes, he

followed her. Noticing that her speed had increased, she tapped on her brakes

to slow down. Chavez veered to avoid hitting her, then lost control of his

vehicle. She saw a plume of dust but kept driving as her boyfriend advised

when she called him on her cell phone. The day before the accident, however,

Franco had written on her MySpace page, “If you find me on the freeway and

you can keep up I have a really bad habit of racing random people.”

Then again, the strong possibility that people are maintaining dual personae could

undermine the credibility of social media evidence. See Hawes v. Holland, 2015 WL

4112405 (E.D. Cal. 2015):

Petitioner contends trial counsel was ineffective for failing to obtain

information from M.’s electronic and social media activity. He asserts that, at

the time of his arrest, M. described her life as “perfect” on her Facebook

profile and that emails and messages between M. and her friends would

support petitioner’s theory that M.’s story was “ever changing.”…

It is not surprising that a teenage girl would describe her life as “perfect” on

social media but in reality experience horrific circumstances at home. Here,

M had resisted telling anyone about the molest for a lengthy period of time. It

is therefore not surprising, or worthy of an evidentiary hearing, to view

records where M had not presented herself as an unwilling participant in

years of abuse. A recordation of abuse would have meant that M had

determined to turn her stepfather over to authorities—a decision that would

inevitably involve M in reliving all of the abuse, and having such abuse

become the focal point of her life for months in a criminal process. This is a

decision that is seldom made at the start of an abusive relationship.

Moreover, it is beyond cavil that most youths like to portray themselves as

attractive to other persons. A recoded chronology of being abused would have

made M very unattractive to many persons, making most persons shy away—

either not wanting to be vicariously involved in what was undeniably a

criminal situation, or not having a relationship with someone who would be

415.

most certainly psychologically scarred. Reflecting that her life was “perfect”

on social media is no different than her saying “good,” when asked by anyone

“how are you doing?”

In addition, petitioner’s reasoning for seeking M.’s text messages—that she

texted her friends a lot—does not describe a unique characteristic of M.

Indeed M., like any teenage girl with a cell phone, sent text messages to her

friends. There is no indication that a review of those text messages would

have lead [sic] to relevant, exculpatory evidence….

416.

The next case shows the legal consequences of a teenager’s poor online choices.

In re Rolando S., 197 Cal. App. 4th 936 (Cal. App. Ct. 2011)

…FACTUAL AND PROCEDURAL BACKGROUND

Appellant was one of several recipients of an unsolicited text message providing the

password to the victim’s email account. Appellant used the victim’s email password and

account to gain access to her Facebook account, where he posted, in her name, prurient

messages on two of her male friends’ pages (walls) and altered her profile description in a

vulgar manner.2 The victim found out about the messages and informed her father, who

removed the messages from her account and later called the police.

Appellant admitted to the police that he posted the messages from the victim’s Facebook

account and altered her profile. A juvenile petition was filed alleging one count of violating

section 530.5, subdivision (a) (willfully obtaining personal identifying information and

using it for an unlawful purpose). After a contested jurisdiction hearing, the juvenile court

found beyond a reasonable doubt that appellant had committed the crime charged and

sustained the petition.

At the disposition hearing, the juvenile court denied appellant’s motion to reduce the crime

from a felony to a misdemeanor, without prejudice. The court noted its concern with the

short time span between this offense and the disposition of a prior offense—assault with a

deadly weapon (a car), where appellant had driven his car at three girls with the intent of

scaring them. The court found the maximum confinement time for the offense to be three

years, and found the aggregated maximum confinement time to be three years and three

months. The court ordered appellant committed to the Kings County Juvenile Academy

Alpha Program for 90 days to a year, and put him on probation.

DISCUSSION

Section 530.5(a) states in pertinent part:

Every person who willfully obtains personal identifying information, as

defined in subdivision (b) of Section 530.55, of another person, and uses that

information for any unlawful purpose, including to obtain, or attempt to

obtain, credit, goods, services, real property, or medical information without

the consent of that person, is guilty of a public offense....

The offense is a “wobbler,” punishable either as a misdemeanor or a felony. Section 530.55,

subdivision (b) includes “unique electronic data” as “personal identifying information.”

2 Appellant posted, as the victim, on a male classmate’s wall: “I want to stick your dick in my mouth and then in

my pussy and fuck me really hard and cum on my face.” On another male classmate’s wall he posted: “When we

were dating we should have had sex. I always thought you had a cute dick, maybe we can have sex sometime.”

On the victim’s profile description, appellant posted: “Hey, Face Bookers, [ sic ] I’m [S.], a junior in high school

and college, 17 years young, I want to be a pediatrician but I’m not sure where I want to go to college yet. I have

high standards for myself and plan to meet them all. I love to suck dick.”

417.

“[T]o be guilty under section 530.5, subdivision (a), the defendant must (1) willfully obtain

personal identifying information of another person, and (2) use the identifying information

for an unlawful purpose without the person’s consent.” The facts here are not in dispute.

Appellant asserts the facts fail to satisfy the elements of section 530.5(a). We disagree.

A. Appellant Willfully Obtained the Victim’s Email Account Password

Appellant essentially argues that because he made no effort to obtain the password, instead

passively receiving the text message on his cell phone “without his prior knowledge or

consent,” he did not “willfully” obtain the victim’s email account password for purposes of

the statute. Respondent focuses its argument on asserting that appellant “obtained” the

password, and evidenced his willfulness by using the password, rather than deleting it

when he received it. We conclude appellant willfully obtained the victim’s password when

he chose to remember the password from the text message, and later affirmatively used the

password to gain access to the victim’s electronic accounts.

…Appellant freely accepted the password information provided in the text message. While

the text message itself was unsolicited, no evidence suggests appellant was forced to

remember the password or otherwise keep a record of it so that he could use it later, as he

admitted to doing. On the record before us, we conclude that appellant willfully obtained

the password information from the text message, knowing that he was continuing to

possess the password, intending to do so, and was a free agent when securing the password

for his future use.

Moreover, appellant used the email password he willfully obtained from the text message to

then willfully obtain the victim’s Facebook account password. Facebook accounts are linked

to a user’s email account. If the user forgets his or her Facebook password, he or she can

regain access to his or her Facebook account by having Facebook email a verification

procedure to the user’s email address. By completing the Facebook verification procedure,

the user is directed to a Facebook page where they can then reset his or her Facebook

password by entering a new one, which then logs him or her back into the Facebook account

with the new password.

The victim’s father testified the victim’s Facebook password was being changed dozens of

times over several weeks and it was only after they deleted her email account that they

were able to regain control over her Facebook account. Appellant admitted to Officer Lucio

that he used the email account password he received from the text message to gain access

to the victim’s Facebook account. By resetting the victim’s Facebook account password

himself using the above-described process, appellant would have been able to log in to her

account and pose as the victim as he posted on her friends’ walls and on her profile. The

record makes no indication appellant received the victim’s Facebook account password in

another manner. It is reasonable to infer he used this process of resetting the password

through the victim’s email account to gain access to the victim’s Facebook account. Not only

did appellant willfully obtain the email password from the text message, he also willfully

obtained the Facebook account password by purposely using the email account as a vehicle

to alter the Facebook account password.

418.

B. Appellant Used the Victim’s Information for an Unlawful Purpose

Appellant next contends his conduct fails to satisfy the second element of section 530.5(a),

that he “use[d] [the victim’s] information for any unlawful purpose.” He argues that at most

he “possibly defamed” the victim, but asserts that civil torts do not constitute an “unlawful

purpose” for purposes of the statute. Respondent argues appellant’s conduct was unlawful

under section 647.6, subdivision (a)(1) (annoying or molesting a child). In the alternative,

respondent contends that civil torts constitute an unlawful purpose, and appellant’s

conduct amounted to libel under Civil Code section 45. We disagree with respondent that

appellant’s conduct constituted unlawful behavior under section 647.6, subdivision (a)(1).

However, we hold that intentional civil torts, such as libel, constitute an “unlawful purpose”

for purposes of section 530.5(a), and affirm the judgment.

1. Appellant’s Conduct Was Not Unlawful Under Section 647.6

Section 647.6, subdivision (a)(1) makes it a misdemeanor when a person, “annoys or molests

any child under 18 years of age.” Our Supreme Court has held that the statute requires “(1)

conduct a ‘“normal person would unhesitatingly be irritated by”’ [citations], and (2) conduct

‘“motivated by an unnatural or abnormal sexual interest”’ in the victim [citations].” We

agree with appellant that the facts fail to demonstrate the prosecution satisfied the second

element….

Here, appellant posted three sexually explicit comments from the victim’s account. The

record makes no indication he attempted to contact the victim previously, or that he had

prior encounters with her that would indicate he was motivated by his sexual interest,

abnormal or otherwise. The juvenile court noted he had a girlfriend, and the probation

officer’s report indicates appellant intended his comments to be taken as a joke. We

conclude there is insufficient evidence to support the prosecution’s assertion that

appellant’s conduct was motivated by an unnatural or abnormal sexual interest in the

victim and therefore unlawful under section 647.6.

2. “Any Unlawful Purpose” Includes Causes of Action Under Civil Tort Law

Appellant contends the Legislature intended to limit “any unlawful purpose” to strictly

criminal conduct. We disagree….

Prior to the amendment, identity theft was a misdemeanor crime and had to specifically

involve the perpetrator’s use of the victim’s information “to obtain, or attempt to obtain,

credit, goods, or services” in the name of the victim without his or her consent. In adding

“for any unlawful purpose, including” before the clause beginning “to obtain,” the

amendment expanded the range of unlawful purposes for which a perpetrator could be

found guilty of committing identity theft and specifically denoted the non-exclusive nature

of the list of unlawful purposes set forth in the statute. The Legislature clearly intended to

greatly expand the scope of unlawful conduct underlying the identity theft offense.6…

6 In his reply brief, appellant raised for the first time the argument that section 528.5, which makes it a

misdemeanor to impersonate another person through an internet website for the purposes of harming,

intimidating, threatening, or defrauding another person, makes appellant’s conduct criminal. He argues that

his conduct was not criminal before section 528.5’s effective date, that is, before January 1, 2011.

419.

Libel is an intentional tort. Civil Code section 45 defines the civil tort of libel: “Libel is a

false and unprivileged publication by writing, printing, picture, effigy, or other fixed

representation to the eye, which exposes any person to hatred, contempt, ridicule, or

obloquy, or which causes him to be shunned or avoided, or which has a tendency to injure

him in his occupation.” Appellant practically concedes the point, arguing the “prosecution

proved only that [appellant] humiliated, embarrassed, and defamed [the victim].” Here,

appellant wrote sexually explicit and vulgar comments on the victims’ friends’ walls,

accessible by the victims’ friends and acquaintances, and purportedly as her. Appellant

clearly exposed the victim to hatred, contempt, ridicule and obloquy with his actions.9

3. Appellant’s Actions Establish an Unlawful Purpose Under Section 653m

Even assuming that a civil intentional tort failed to constitute an “unlawful purpose” for

purposes of section 530.5, appellant’s conduct was sufficient to satisfy section 530.5 based

on his conduct constituting a criminal offense under section 653m, subdivision (a)

(hereafter section 653m(a)).

Section 653m(a) states in pertinent part: “Every person who, with intent to annoy ... makes

contact by means of an electronic communication device with another and addresses to or

about the other person any obscene language ... is guilty of a misdemeanor.”

Section 653m, subdivision (c) (hereafter section 653m(c)) states in pertinent part: “Any

offense committed by use of an electronic communication device or medium, including the

Internet, may be deemed to have been committed when and where the electronic

communication or communications were originally sent or first viewed by the recipient.”

Appellant’s fraudulent posts as the victim would have shown up on her personal Facebook

page. He also altered her profile on her personal Facebook page. Section 653m(c) makes

clear the offense is committed as of sending the communication. Therefore, appellant

willfully obtained the victim’s Facebook password and then used that information for the

unlawful purpose of violating section 653m(a).

We note, however, that section 530.5 has different elements from section 528.5. Section 530.5 requires that

a person willfully obtain personal identifying information and use it for an unlawful purpose. Section 528.5 does

not include a requirement that a perpetrator obtain personal identifying information. As a result, a person could

violate section 528.5 by merely posting comments on a blog impersonating another person. There is no

requirement, under these circumstances, that the person obtain a password—a key distinction.

Further, section 528.5 does not require the perpetrator act with an unlawful purpose—merely that he or

she acted with the purpose of harming, intimidating, threatening, or defrauding a person. At least the terms

“harming” and “intimidating” do not necessarily have to be done for an unlawful purpose.

The act of willfully obtaining someone else’s password, and then using it for an unlawful purpose, justifies

more harsh treatment under section 530.5. We believe if appellant had committed these same acts after

January 1, 2011, he could have been charged under both sections 528.5 and 530.5. 9 At the disposition hearing, the victim’s mother read a statement from the victim, which stated: “[l]astb year,

when this started, I had people at school call me a slut and a whore. I had no idea what was going on or what I

had done to be called those names. [¶] After [appellant] was found guilty, some of his friends at school started

wearing “Team [Appellant]” shirts, saying I had made this up to get [appellant] in trouble.” She further related

that, “[appellant’s friends] have ruined half of my junior year and, now, my senior year of school. I used to love

going to school. Now, I dread dealing with this every day.”

420.

NOTES AND QUESTIONS

Unquestionably, the defendant engaged in bad behavior. Combined with the driving

incident, it also appears the defendant was making a series of poor choices. However, don’t

lose sight of the conclusion. This court says that the defendant feloniously stole the victim’s

identity by misusing a password to log into the victim’s Facebook account and post fake

messages in her name. Do you know anyone who has ever done something like that? Have

you? What percentage of teenagers would do something similar to Rolando’s prank if they

obtained a high school peer’s Facebook password?

Do you think there are, or should be, any constitutional limits on a prosecution like this?

As a further example of how broadly this ruling could apply to ordinary juvenile behavior,

see

Identity Theft, Redux. In In re E.D. 2019 WL 4060198 (Cal. App. Ct. 2019), a 12-year old

girl committed identity theft (violating both 530.5 and 528.5) by creating a fake Instagram

profile of her teacher.

In contrast to California’s, Oregon’s identity theft crime requires an intent to defraud, and

that element changed the outcome in this case:

Defendant created a Facebook account under the name of a teacher at Falcon

Heights Academy, A. To create the profile, defendant took pictures from A's

Facebook page—which was a public profile—as well as her first name. Once

the account was set up, defendant began contacting former students of A. The

messages were sexual and flirtatious…. Defendant claimed that he had

created the account in an effort to gain information about a woman he once

dated and used A’s pictures because it gave him “greater access.”

The court dismisses the identity theft charge:

it can be inferred that defendant intended to contact A’s former students for

personal reasons and that he intended to deceive them. It also can be inferred

that defendant did so with an awareness of the fact that he would injure A’s

reputation. However, “intent to defraud” requires more than a knowing or

even reckless mental state; it requires that a defendant act with a specific

intent—that is, a conscious objective—of causing the injury to another’s legal

rights or interest. On this record, no reasonable factfinder could infer that

defendant had the specific intent to cause injury to legal rights or interests of

A or her former students

State v. Horton, 291 Or. App. 65 (Or. Ct. App. 2018).

421.

The book concludes with a classic Internet Law opinion that offers many lessons for

us as lawyers and citizens.

Moreno v. Hanford Sentinel, Inc., 172 Cal. App. 4th 1125 (Cal. App. Ct. 2009).

The issue presented by this appeal is whether an author who posts an article on

myspace.com can state a cause of action for invasion of privacy and/or intentional infliction

of emotional distress against a person who submits that article to a newspaper for

republication. The trial court concluded not and sustained the demurrer to appellants’

complaint without leave to amend.

Appellants contend the republication constituted a public disclosure of private facts that

were not of legitimate public concern and thus was an invasion of privacy. Appellants note

that the republication included the author’s last name whereas the myspace.com posting

did not. Appellants further argue that the person who submitted the article to the

newspaper did so with the intent of punishing appellants and thus they have a claim for

intentional infliction of emotional distress.

As discussed in the published portion of this opinion, the trial court properly sustained the

demurrer without leave to amend to appellants’ invasion of privacy cause of action. The

facts contained in the article were not private. Rather, once posted on myspace.com, this

article was available to anyone with internet access. As discussed in the nonpublished

portion, the trial court should have overruled the demurrer to the intentional infliction of

emotional distress cause of action. Under the circumstances here, a jury should determine

whether the alleged conduct was outrageous. Accordingly, the judgment will be affirmed in

part and reversed in part.

[Cynthia Moreno guest-lecturing at Prof. Eric Goldman’s Internet Law course, Santa Clara

University School of Law, 2012]

422.

BACKGROUND…

Following a visit to her hometown of Coalinga, appellant, Cynthia Moreno, wrote “An ode to

Coalinga” (Ode) and posted it in her online journal on myspace.com. The Ode opens with

“the older I get, the more I realize how much I despise Coalinga” and then proceeds to make

a number of extremely negative comments about Coalinga and its inhabitants. Six days

later, Cynthia removed the Ode from her journal. At the time, Cynthia was attending the

University of California at Berkeley. However, Cynthia’s parents, appellants David and

Maria Moreno, and Cynthia’s sister, appellant Araceli Moreno, were living in Coalinga.

Araceli was a student at Coalinga High School.

Respondent, Roger Campbell, was the principal of Coalinga High School and an employee of

respondent, Coalinga-Huron Unified School District. The day after Cynthia removed the

Ode from her online journal, appellants learned that Campbell had submitted the Ode to

the local newspaper, the Coalinga Record, by giving the Ode to his friend, Pamela Pond.

Pond was the editor of the Coalinga Record.

The Ode was published in the Letters to the Editor section of the Coalinga Record. The Ode

was attributed to Cynthia, using her full name. Cynthia had not stated her last name in her

online journal.

The community reacted violently to the publication of the Ode. Appellants received death

threats and a shot was fired at the family home, forcing the family to move out of Coalinga.

Due to severe losses, David closed the 20-year-old family business.

Based on the publication of the Ode, appellants filed the underlying complaint alleging

causes of action for invasion of privacy and intentional infliction of emotional distress. In

addition to respondents, appellants named Lee Enterprises, Inc., Lee Enterprises

Newspapers, Inc., and Hanford Sentinel, Inc., the publishers of the Coalinga Record, as

defendants. However, these publisher defendants were dismissed following their motion to

strike the complaint as a SLAPP suit (strategic lawsuits against public participation)

pursuant to Code of Civil Procedure section 425.16. Appellants abandoned their appeal

from this judgment.

DISCUSSION

1. Appellants did not state a cause of action for invasion of privacy….

Here, the allegations involve a public disclosure of private facts. The elements of this tort

are: “‘(1) public disclosure (2) of a private fact (3) which would be offensive and objectionable

to the reasonable person and (4) which is not of legitimate public concern.’” The absence of

any one of these elements is a complete bar to liability.

a. Having been published on myspace.com, the Ode was not private.

As noted above, a crucial ingredient of the applicable invasion of privacy cause of action is a

public disclosure of private facts. A matter that is already public or that has previously

become part of the public domain is not private.

423.

Here, Cynthia publicized her opinions about Coalinga by posting the Ode on myspace.com,

a hugely popular internet site. Cynthia’s affirmative act made her article available to any

person with a computer and thus opened it to the public eye. Under these circumstances, no

reasonable person would have had an expectation of privacy regarding the published

material.

As pointed out by appellants, to be a private fact, the expectation of privacy need not be

absolute. Private is not equivalent to secret. “[T]he claim of a right of privacy is not ‘“so

much one of total secrecy as it is of the right to define one’s circle of intimacy—to choose

who shall see beneath the quotidian mask.”’ Information disclosed to a few people may

remain private.” Nevertheless, the fact that Cynthia expected a limited audience does not

change the above analysis. By posting the article on myspace.com, Cynthia opened the

article to the public at large. Her potential audience was vast.

That Cynthia removed the Ode from her online journal after six days is also of no

consequence. The publication was not so obscure or transient that it was not accessed by

others. The only place that Campbell could have obtained a copy of the Ode was from the

internet, either directly or indirectly.

Finally, Cynthia’s last name was not a private fact. Although her online journal only used

the name “Cynthia,” it is clear that her identity was readily ascertainable from her

MySpace page. Campbell was able to attribute the article to her from the internet source.

There is no allegation that Campbell obtained Cynthia’s identification from a private

source. In fact, Cynthia’s MySpace page included her picture. Thus, Cynthia’s identity as

the author of the Ode was public. In disclosing Cynthia’s last name, Campbell was merely

giving further publicity to already public information. Such disclosure does not provide a

basis for the tort.

b. The other members of Cynthia’s family do not have an independent cause of action for

invasion of privacy.

Based on the direct damages they allegedly incurred due to publication of the Ode,

Cynthia’s parents, David and Maria, and Cynthia’s sister, Araceli, argue that they have

standing to sue for invasion of privacy. However, because the publication of the Ode was

not an invasion of Cynthia’s privacy, these appellants cannot state a claim based on the

same alleged invasion.

Moreover, the right of privacy is purely personal. It cannot be asserted by anyone other

than the person whose privacy has been invaded. Thus, even if Cynthia did have an

invasion of privacy claim, David, Maria and Araceli would not have standing. The Coalinga

Record did not identify David, Maria and Araceli when it published the Ode. Their invasion

of privacy claim is primarily based on their relationship to Cynthia and the community

reaction to Cynthia’s opinions, not on respondents’ conduct directed toward them.

424.

In sum, because the Ode was not private, appellants’ claim is precluded under California

privacy tort law.4 Accordingly, the trial court properly sustained the demurrer to the

invasion of privacy cause of action.

2. A jury must determine whether respondents’ conduct was sufficiently extreme and

outrageous to result in liability for intentional infliction of emotional distress.*

“The elements of a cause of action for intentional infliction of emotional distress are (1)

outrageous conduct by the defendant, (2) intention to cause or reckless disregard of the

probability of causing emotional distress, (3) severe emotional suffering, and (4) actual and

proximate causation of the emotional distress.”

To be outrageous, conduct must be so extreme that it exceeds all bounds of that usually

tolerated in a civilized community. However, conduct that might not otherwise be

considered extreme and outrageous may be found to be so if a (1) defendant abuses a

relation or position that gives him power to damage the plaintiff’s interest; (2) knows the

plaintiff is susceptible to injuries through mental distress; or (3) acts intentionally or

unreasonably with the recognition that the acts are likely to result in illness through

mental distress.

It is for the court to determine in the first instance whether the defendant’s conduct may

reasonably be regarded as so extreme and outrageous as to permit recovery. In making this

determination, the court employs an objective standard applied to the actual conduct, i.e.,

how reasonable people might view it, excluding from that category those who are either

overly sensitive or callous. But, “‘[w]here reasonable men may differ, it is for the jury,

subject to the control of the court, to determine whether, in the particular case, the conduct

has been sufficiently extreme and outrageous to result in liability.’” Here, the trial court

concluded that Campbell’s conduct did not meet the standard of outrageousness necessary

to constitute a cause of action for intentional infliction of emotional distress as a matter of

law.

In stating their claim for intentional infliction of emotional distress, appellants alleged that

Campbell submitted the Ode to the Coalinga Record, knowing he did not have permission

to do so. Appellants further alleged that Campbell engaged in this act to punish appellants

for the contents of the Ode and intended to cause them emotional distress. Appellants

contend that this conduct was extreme and outrageous, especially in light of Campbell’s

position as Araceli’s principal.

Since this appeal is from the sustaining of a demurrer without leave to amend, this court

must assume the truth of appellants’ allegations against Campbell. Based on these

allegations, we conclude that reasonable people may differ on whether Campbell’s actions

were extreme and outrageous. Accordingly, it is for a jury to make this determination.

Thus, the trial court erred in sustaining the demurrer to the intentional infliction of

emotional distress cause of action….

4 Whether the publication of the Ode infringed on any federal copyright protection the Ode may have had is not

before this court and we express no opinion on that issue. * [Editor’s note: this portion of the opinion was not certified for publication.]

425.

NOTES AND QUESTIONS

The Full Text of Moreno’s Post as Published in the Coalinga Record:

An ode to Coalinga

So, after three years, I decided to go to Coalinga for the football homecoming.

I didn’t go to see who I would run into, because running into friends from the

past is inevitable. I have to say, that the older I get, the more I realize how

much I despise Coalinga.

Every time I look at where I am at, where I am going and what I have

become, I can’t help but look at everyone else as if they haven’t matured nor

broken out of the Coalinga norms; I don’t blame them. Its actually a little

pathetic and sad! These people have a lot, and I mean, a lot to learn, alot to

experience, and more to overcome. They are merely beginning new phases in

their lives that will prove more difficult as time goes by. I don’t give them my

sympathy for I was always two steps ahead of the game; always had the

advantage of being far and secluded from everyone in Coalinga because I had

ambitions and aspirations that kept me focused. I never diverted from what

was more important in my life; and with that note, I still haven’t.

I’m on my way to becoming a lawyer. One bad *** corporate latina lawyer

who is not going to take *** from anyone, or anything. Ill be up there soon

enough to help out mi rata in every way possible. Looking back at the people

I saw in Coalinga this weekend...I pity them. They say that the friendships

you make in college are the ones that are true and the ones that last a

lifetime. I’m a firm believer in that.

When I look back to my friends from Coalinga, I don’t miss a single moment

with them because the moments were never real. Instead, I find that here in

college, I am immersed in an intellectual environment where individuals here

value hard work and commitment in all aspects of their lives, and who have

worked their asses off to come to a school as prestigious as UCB...those are

the friends I admire; the people who can hold conversations of substance and

value…people whom are going to be doctors, and lawyers, politicians,

psychologists, etc...in a society where we will all stand aside one another

because we have all been through the educational struggles similarly.

I don’t care much for Coalinga. or the people that reside there or the friends I

used to have while being there. In comparison to my college friends, they are

nothing, were nothing, and remain nothing. In a nutshell, their histories and

reputations are so denigrating and their focuses are set on such superficial

and unimportant things that breaking out of it for an instant scares

them....it’s no wonder they always come back to Coalinga...they can never be

strong enough to befriend any one else in other places, unless its through

others, or stand alone or for themselves to become accomplished. They can’t

do it without their “cliques” their “gossip” and especially their ‘jealousy.” The

426.

sight of success is unbeknownst to them, just as much as their fervor for

being involved with others businesses abhors me. Why don’t they focus on

themselves and see their status in society? Its nothing...so get over

yourselves. How terribly sad. It must be a small town thing...or maybe a

close-minded group of individuals who are afraid of change. I think inside

these individuals (and you all know who you are) know they can’t make it in

life. Their only way of success is by criticizing those around them, as if doing

so will make them feel better about themselves. You all have alot to learn...I

pray to God that you see the light one day. Because when you do, (even if you

never do), we are all going to be on top. You think you got us fooled? Im a

smarter cookie than you think.

So for an ode to Coalinga; I have none. I only value the few that have

contributed to my success, those teachers, mentors and family who have kept

the positive path looking brighter and brighter. Who the hell wouldn’t want

to get out of Coalinga to come to a school like CAL...and experience

everything that I have thus far? That’s right ******...envy me because thats

all you can do....literally, that is all you can do...and I mean that on more

than one symbolic level and interpret and talk about this like you never have

before, because that is all that you really can do...talk nonsense **** because

you are nothing....

So glad to be out of that damn town!

Gracias a dios,

Cynthia Moreno

Editor’s Note

It saddens us to know that a product of this community, a community that

takes such pride in its youth, would have such negative thoughts of what was

once their home. This article was found on the Internet and submitted for

publication.

Questions. In addition to the claims discussed above, did Moreno have any other claims she

could have brought? Did MySpace have any legal claims?

Moreno claims she had configured MySpace’s privacy settings so that her Ode was only

shared with her “friends,” about 300 people, and not the world at large. If true, do you think

that should change the legal analysis? Is it possible to share something “privately” with

hundreds of people?

Denouement. In September 2010, a jury ruled that Campbell acted outrageously but did not

award any damages. Separately, Principal Campbell was promoted to superintendent of the

Coalinga-Huron Joint Unified School District.

Pamela Pond was fired from the newspaper for her decision to republish Moreno’s post.

Moreno academically disqualified from UC Berkeley due to the stress caused by the

newspaper publication and community reaction, but she regained admittance after some

427.

time at a local community college and ultimately graduated. She became a reporter for the

Fresno Spanish-language newspaper Vida en el Valle and a television personality for

Univision. As of 2020, she works in California’s Department of Motor Vehicles as a public

relations executive. However, she has not (yet) become a bad-ass corporate Latina lawyer.

Further, as of 2012 (7 years after the posting), her family still was wrestling with the

consequences of the post, especially her sister Araceli.

For more on Cynthia Moreno’s story, see:

 a video of her guest lecture to Prof. Eric Goldman’s Internet Law course, November

2012: https://youtu.be/pg2JNZlMbk0

 PowerPoint slides from her 2012 guest lecture:

http://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?filename=0&article=1211&co

ntext=historical&type=additional

 photos from her 2012 guest lecture:

https://secure.flickr.com/photos/81901130@N03/sets/72157632273484970/

428.

REVIEW QUESTION ANSWERS

Chapter 1, Q1: (c), (d) and (e) are all examples of Internet exceptionalism. Applying

employment laws to sharing economy services doesn’t purport to treat Uber any differently

than offline transportation services. Imposing a bed tax on hotels, both online and off, isn’t

exceptionalism, even if Airbnb doesn’t function like a normal hotel. In (c), (d) and (e), the

rules treat the actor differently solely because it works online.

Chapter 1, Q2: All of them! With respect to credit card numbers, the first few digits of

Mastercard and Visa numbers tell you what bank issued the card. See, e.g.,

https://www.nerdwallet.com/article/credit-cards/how-to-decode-credit-card-number. Using

this information, it’s possible to determine the bank’s country of origin. Because banks

typically issue credit cards only in that country, the credit card number could be used to

determine the user’s country.

With respect to social security numbers, the first few digits are dictated by the registrant’s

geography. See, e.g., https://www.eff.org/pages/structure-social-security-numbers.

Chapter 2, Q1: (e). Typically, the ability to make purchases from an e-commerce website

does not create general jurisdiction in the buyer’s state because there’s no physical presence

or the virtual equivalent of it. Furthermore, specific jurisdiction should not be available for

a slip-and-fall case because there is no connection between the website and the tort.

Chapter 3, Q1: Yes. See CX Digital Media, Inc. v. Smoking Everywhere, Inc., 2011 WL

1102782 (S.D. Fl. 2011).

Chapter 3, Q2:

(a) I think this is a properly executed clickthrough agreement and the terms of the “user

agreement” are part of the contract.

(b) I think this is not a contract and that courts would characterize it as an unenforceable

“browsewrap.”

(c) This implementation is missing a call-to-action connecting the “terms and conditions” in

the scrollbox to the checkbox or the “continue” button. As a result, users are only bound to

the language to the right of each checkbox, not the “terms and conditions.” See Small

Justice v. Xcentric Ventures, 99 F. Supp. 3d 190 (D. Mass. 2015); see also Sgouros v.

TransUnion Corp., 817 F.3d 1029 (7th Cir. 2016).

(d) Yes. See Pincaro v. Glassdoor, Inc., 2017 WL 4046317 (S.D.N.Y. 2017). However, this is

an old-school implementation that could be modified to increase its odds of enforceability.

What changes would you recommend Glassdoor make?

Chapter 4, Q1: Under California law, there probably is no common law trespass to chattel

claim unless Shamazon can show that it suffered some damage to its computer systems. If

the independent contractor automated the price gathering process and the automated

inquiries overloaded Shamazon’s systems, showing harm to the computer systems might be

a possibility. Otherwise, a California-based common law trespass to chattels claim will fail.

429.

Outside of California, Shamazon’s common law trespass to chattels claim might succeed if

it can show that it provided sufficient notice to the independent contractor that it didn’t

want their activity. The disclosure in the terms of use might be sufficient, though a judge

could feel it was too obscure and more prominent disclosures were required. A cease-and-

desist letter from Shamazon would likely constitute sufficient notice even if the terms of

use didn’t. A court might also want to see Shamazon take some form of technological self-

help, such as efforts to block the contractors’ IP addresses, before granting an injunction.

Note the ambiguity about whether Shamazon could pursue Bet directly, or if Shamazon’s

only recourse would be against the independent contractors. Unless the contractors are

Bet’s agents, it’s possible there would be no legal theory extending common law liability to

Bet.

Also note the public policy concerns hanging over Shamazon’s actions. Bet’s activities are

designed to promote price competition, so Shamazon’s actions are fundamentally anti-

consumer. Would the public policy implications sway a judge?

Shamazon’s CFAA success may depend on whether it can show (1) $5,000 worth of damage,

and (2) a lack of authorization. Nosal I indicated that a website’s terms of use, without

more, can’t deprive a user of authorization, so arguably there is no CFAA violation.

However, Nosal II suggests that Bet could still be in trouble if it relied upon contractors to

deliberately work around its lack of authorization. Furthermore, the Power Ventures ruling

suggests that Shamazon could easily remove authorization with a cease-and-desist letter.

If the notice was sufficient, Shamazon would seemingly have a prima facie case under

Penal Code § 502, at least against the contractor.

Chapter 4, Q2: First, has the bank suffered any damage for CFAA purposes? In Scenario

(a), it’s hard to see any harm to the bank. In Scenario (b), we’d need to know if Karen will

bear all of the loss of the looting or if the bank will bear some or all of the responsibility. If

the bank bears no responsibility, has it suffered a cognizable loss?

If we believe Nosal I, then Karen’s violation of its Terms of Use should not constitute a lack

of authorization. Even in Scenario (b), where Joe is accessing the bank account for improper

purposes, it’s not clear the Terms of Use delimit his server access rights. Of course, in

Scenario (b), Joe likely broke many other laws, but the CFAA may not apply.

Chapter 5, Q1: all of these are potentially eligible for copyright protection except the Yelp

star rating, which as a single number shouldn’t have sufficient expression to qualify as a

work of authorship. Advertisements, emails, text messages, and even tweets may be

copyrightable if they have sufficient expression to constitute a work of authorship. A single

word text message shouldn’t be copyrightable, but a text message or email with a few

sentences probably would be. An individual emoji is potentially copyrightable, though it

may be debatable who owns the copyright. See Eric Goldman, Emojis and the Law, 93

WASH. L. REV. 1227 (2018), https://ssrn.com/abstract=3133412. A selfie is typically

copyrightable by the photographer.

430.

Chapter 5, Q2: (e). The designation of an agent with the Copyright Office is a prerequisite

for the safe harbor, so the failure to make the designation categorically bars the safe

harbor. A subsequent designation can potentially start the safe harbor at the point of

designation but won’t revitalize the safe harbor for any user-caused infringement before the

designation. Because the designation is a separate required formality, (a) is incorrect. See

BWP Media USA, Inc. v. Hollywood Fan Sites LLC, 115 F. Supp. 3d 397 (S.D.N.Y. 2015).

Lesson: if you want the § 512(c) safe harbor, check, double-check and triple-check that you

comply with each and every requirement—and make sure you track the expiration of

designations.

Chapter 6, Q1: all of these items could become a trademark with the possible exception of

a meme GIF, which rarely acts as a designator of the source of goods/services in the

marketplace. Meme GIFs are more likely protectable (if at all) under copyright law. For the

other items to qualify for trademark protection, they would need to be used in commerce as

source designators; and if they are descriptive, they would need to achieve secondary

meaning (i.e., consumers recognize the brand as uniquely identifying one vendor in the

marketplace). That may be tricky for some items, like a hashtag, which is rarely used as a

source designator and, if descriptive, may not achieve secondary meaning. See Alexandra J.

Roberts, Tagmarks, 105 CALIF. L. REV. 599 (2017).

Chapter 8, Q1: Unless the claim fits into one of the statutory exceptions (IP, ECPA,

federal criminal prosecutions, FOSTA), Section 230 should apply to all of these scenarios.

Chapter 8, Q2: Yes. See, e.g., Fields v. Twitter, Inc., 217 F. Supp. 3d 1116 (N.D. Cal. Nov.

18, 2016); Cohen v. Facebook, Inc., 252 F. Supp. 3d 140 (E.D.N.Y. 2017); Crosby v. Twitter,

Inc., 303 F. Supp. 3d 564 (E.D. Mich. 2018).

Chapter 8, Q3: None of these. Regarding (a), Google has adopted a voluntary policy to

delete social security numbers (see

https://support.google.com/websearch/answer/2744324?hl=en), but it cannot be compelled to

do so. Regarding (b), if the photo was a selfie, or if the depicted individual otherwise owns

the copyright, then Section 512(c)/(d)’s notice-and-takedown provision would apply; but

most people don’t own the copyrights to the photos of themselves, so ordinarily the depicted

individual can’t scrub a photo of themselves. Regarding (e), even if California’s online

eraser law applied, the takedown right does not extend to third-party sites the content may

have migrated to.