Fair Use, Good Faith and DMCA Takedown Notices
The Digital Millennium Copyright Act (DMCA) provides a process by which a copyright owner may demand the removal of its copyrighted materials from the systems of a service provider. See 17 U.S.C. § 512(c)(3)(A). To submit this demand, the copyright owner must, among other things, have a “good faith belief that use of the [copyrighted] material in the manner complained of is not authorized by the copyright owner, its agent, or the law.” 17 U.S.C. § 512(c)(3)(A)(v) (emphasis added). Material misrepresentations in this process may subject the copyright owner, or its agent, to damages, including costs and attorneys’ fees. 17 U.S.C. § 512(f).
Last week, the District Court for the Northern District of California issued a ruling in Lenz v. Universal Music Corp. et al., No. C-07-3783-JF, 2008 WL 3884333 (N.D.Cal. Aug. 20, 2008), denying Universal’s motion to dismiss the action filed by Stephanie Lenz. (This action pertains to Universal’s takedown notice against Lenz’s YouTube video of her daughter dancing to Prince’s “Let’s Go Crazy” song.) The District Court stated:
Here, the Court concludes that the plain meaning of ‘authorized by law’ is unambiguous. An activity or behavior ‘authorized by law’ is one permitted by law or not contrary to law. Though Congress did not expressly mention the fair use doctrine in the DMCA, the Copyright Act provides explicitly that ‘the fair use of a copyrighted work … is not an infringement of copyright.’ Even if Universal is correct that fair use only excuses infringement, the fact remains that fair use is a lawful use of a copyright. Accordingly, in order for a copyright owner to proceed under the DMCA with ‘a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law,’ the owner must evaluate whether the material makes fair use of the copyright. An allegation that a copyright owner acted in bad faith by issuing a takedown notice without proper consideration of the fair use doctrine thus is sufficient to state a misrepresentation claim pursuant to Section 512(f) of the DMCA.
(Internal citations omitted.)
Thus, it is important for copyright owners to consider all of the nuances and circumstances before issuing a takedown notice for their copyrighted works. Now, with that said, it is also important to note the procedural status of this case. The Court’s denial of Universal’s motion to dismiss does not represent an automatic, or clear cut, victory for Lenz. Instead, Lenz must still demonstrate that Universal transmitted the takedown notice in “subjective bad faith,” which may be difficult to prove in many circumstances.
[Note: An astute fellow blogger, Ethan Ackerman, noted that Universal had argued in its reply papers that its notice was not a DMCA takedown notice. [Article; Reply Papers (Hosted by the EFF)] Although the Court did not address that argument in its ruling, we can expect this to be an issue at trial, and in future cases, as copyright owners look for ways to limit their exposure to Section 512(f).]
Personal Jurisdiction Issues for eBay Sellers
Earlier this week, the Ninth Circuit issued a decision in Boschetto v. Hansing et al., No. 06-16595, 2008 WL 3852676 (9th Cir. Aug. 20, 2008), pertaining to the courts’ exercise of personal jurisdiction over out-of-state eBay sellers (i.e., whether an out-of-state eBay seller may be sued in a particular court). [Decision]
In Boschetto, the plaintiff (a California resident) purchased an automobile on eBay from an out-of-state seller. When the automobile arrived, the plaintiff discovered several purported deficiencies, and brought an action against the seller in the Northern District of California.
The district court dismissed the action for lack of personal jurisdiction. The Ninth Circuit affirmed the dismissal, and held that the plaintiff had failed to establish the first element of jurisdiction: namely, that the defendants had purposely availed themselves of the privilege of conducting business in California. The Ninth Circuit also declined to apply the Cybersell sliding scale analysis (which looks at the nature and quality of the defendants’ Internet conduct), since such analysis would have been directed toward eBay rather than the defendants.
However, as a cautionary note, the Ninth Circuit did not rule out personal jurisdiction for all out-of-state eBay sellers. Rather, it emphasized these sellers’ “one-shot” contact with California (the single eBay item and the contract thereon), and noted that there was no evidence or allegation that the sellers’ eBay posting was part of broader e-commerce activity. It acknowledged other legal authorities holding that regular eBay sellers “using the platform as a broader vehicle for commercial activity” (e.g., ‘power sellers’) may be subject to personal jurisdiction.
Software Freedom Law Center Releases Guide to GPL Compliance
The Software Freedom Law Center released its Practical Guide to GPL Compliance today. The Guide is written in an easy-to-read manner, and discusses, among other things, best practices and the various options available for compliance. Software developers who utilize code released under the GNU General Public License (GPL), or who suspect that their products may contain such code, may wish to look over the guide – especially given the recent decision of Jacobsen v. Katzer et al., No. 2008-100, 2008 WL 3395772 (Fed. Cir. Aug. 13, 2008).
Exceeding Authorized Access Under the Computer Fraud and Abuse Act
The following is another news item sitting in my perpetual ‘time permitting’ stack, pertaining to the Computer Fraud and Abuse Act, and what it means to “exceed[] authorized access” (at least in some districts):
Last month, the District Court for the Western District of Tennessee issued a ruling in Black & Decker (US), Inc. v. Smith, No. 07-1201, 2008 WL 2757081 (W.D.Tenn. Jul. 11, 2008), dismissing several claims asserted by Black & Decker against a former employee under the Computer Fraud and Abuse Act (18 U.S.C. § 1030).
In Smith, the plaintiff employer provided the defendant former employee with access to confidential and proprietary documents as part of the latter’s employment. When the defendant resigned to work for a competitor, he copied documents from the plaintiff’s secure servers. The plaintiff discovered the copies, and brought an action against the defendant, alleging, among other things, violations of the Computer Fraud and Abuse Act.
The defendant moved to dismiss several claims, including the ones arising from the Computer Fraud and Abuse Act. The district court acknowledged the split in legal authorities concerning employees who misuse information legitimately obtained via authorized access to a computer system, and whether such misuse gave rise to an action under the Act. The court then looked to the plain language of the Act, and found that it targeted the unauthorized procurement or alteration of information, not the misuse of information that an employee is authorized to access.
Since the plaintiff had authorized the defendant to access the computer systems, the court dismissed most of the Computer Fraud and Abuse Act claims. However, the court permitted the plaintiff to proceed on several other claims, including one under Section (a)(5)(A)(i) of the Act for “knowingly caus[-ing] the transmission of a program, information, code, or command, and as a result of such conduct, intentionally caus[-ing] damage without authorization, to a protected computer.”
Copyright Protection for Open Source Software
Yesterday, the Federal Circuit issued a ruling in Jacobsen v. Katzer et al., No. 2008-100, 2008 WL 3395772 (Fed. Cir. Aug. 13, 2008). The ruling vacated a decision by the district (lower) court, which had held that the remedy for violation of an open source license was limited to breach of contract. [Decision]
In Jacobsen, the defendants (a software developer and his company) copied portions of the plaintiff’s open source software without complying with the terms of the accompanying license (Artistic License). The plaintiff sought a preliminary injunction against the defendants. The district court denied the request for the injunction. It held that the plaintiff did not have a claim for copyright infringement, only for breach of contract.
On appeal, the Federal Circuit found that the plaintiff had stated a potential claim for copyright infringement. Specifically, it looked to the language of the Artistic License, and found that the terms were conditions – rather than mere contractual covenants – and that the defendants’ violation of those conditions exceeded the scope of the license. It also reiterated the long-standing recognition of the economic motives inherent in public licenses, even when the products released under those licenses are made available without charge, and profit is not immediate. The court ultimately remanded the case to the district court to determine whether the plaintiff had satisfied the other requirements for obtaining a preliminary injunction, and if so, to issue the injunction.
Jacobsen is significant because it expressly recognizes a claim for copyright infringement with respect to violations of an open source license. Such a claim allows an open source developer to seek an injunction and statutory damages, instead of the monetary damages available for a breach of contract claim (which are often difficult to prove, especially with respect to open source projects). While Jacobsen is limited to the Artistic License (which is only one of many open source licenses), and other open source licenses, such as the various Creative Commons licenses and GNU General Public License, must be interpreted according to their own respective languages, Jacobsen provides some much-needed teeth to those distributing their work under an open source license.
Software development companies should take this opportunity to review their development procedures with their programmers. It is not unknown for programmers to ‘borrow’ existing code (whether open source or not) as a shortcut in the software development cycle. While such shortcuts may save substantial time and money, the company must ensure that it is aware of all ‘foreign’ code in its products, and that it complies with all licenses governing such code.
Shortcuts, Third-Party Ads and the Dangers of Automatic Content
CNN posted an article earlier this week about Yahoo Shortcuts tagging an article concerning Ashley Dupre (the call girl involved in the Eliot Spitzer scandal) with a link to Flickr images depicting purportedly underage girls. [Article] The same article also notes an earlier incident involving the Google AdSense system, which advertised luggage next to a news story of a murder victim found in a suitcase.
These incidents emphasize the continued need for businesses with online presences (such as websites, e-mail addresses, etc.) to control how they present themselves to the online public. The vast number of free widgets, applets and features available online may seem appealing any new business. For example, automatic content provides substantial ‘bulk’ for an otherwise sparse website. Advertising generates revenue for continued website maintenance and development. Free e-mail addresses, data depositories, etc. save businesses the time, effort and cost of setting up those resources themselves.
However, almost all of these features require a participating business to trust a substantial part of their carefully cultivated image to another person, entity or software routine, whether in terms of content generation or control, or the placement of advertisements by the features’ sponsors. As demonstrated by the CNN article, lapses in this trust may be embarrassing.
Furthermore, lapses may subject the business to various forms of derivative liability. For example, the mechanisms offered by Yahoo Shortcuts and Google AdSense for controlling some of the automatic content (albeit limited) may give rise to an argument that the business knew, should have known, or at least had the ability to control and restrict the objectionable content. While derivative liability is a multifaceted issue, and protections may be available under federal law for interactive computer service providers, it is better for businesses in the long run to exert stronger control over their own online presences as a means of avoiding, or at least minimizing, the issues seen above – even if they must expend some resources in the short term to do so.
Contributory Trademark Infringement Issues for Sales Websites
The following is another news item sitting in my perpetual ‘time permitting’ stack, pertaining to eBay, Tiffany, trademark infringement and the obligation of websites owners to police suspected trademark infringements on their sites:
The Honorable Judge Richard J. Sullivan his decision in the action of Tiffany (NJ) Inc. et al. v. eBay, Inc., No. 1:04-CV-04607-RJS, 2008 WL 2755787 (S.D.N.Y. July 14, 2008) last month. [Decision] The Court first found that eBay’s use of the Tiffany mark to denote goods manufactured (or purportedly manufactured) by Tiffany, and its sponsorship of link purchases using such mark, constituted nominative fair use.
The Court also clarified a website owner’s obligations to police the third-party contents of its website, and its exposure to a potential claim for contributory trademark infringement if it fails to do so. Specifically, a manufacturer or distributor may be liable for contributory infringement if it intentionally induces another person or entity to infringe upon a trademark, or continues to supply its product or service to a person or entity whom it knows, or has reason to know, is engaged in trademark infringement.
With respect to eBay, the issue was whether eBay had sufficient knowledge concerning the existence of potentially infringing activities on its website. The Court found that generalized knowledge of infringement (or a ‘reasonable anticipation’) is insufficient. Instead, there must be some specific knowledge of infringement, and a failure to act in the face of such knowledge, before liability may be imposed for contributory infringement. The Court summarized the requirement as follows:
The law does not impose liability for contributory trademark infringement on eBay for its refusal to take such preemptive steps in light of eBay’s ‘reasonable anticipation’ or generalized knowledge that counterfeit goods might be sold on its website. Quite simply, the law demands more specific knowledge as to which items are infringing and which seller is listing those items before requiring eBay to take action.
The Court also found that Tiffany, as the holder of the trademark rights, had the burden of policing its trademarks in Internet commerce. Without specific knowledge, or reason to know, of an infringement – and with only a generalized knowledge or suspicion that trademark infringement might be occurring somewhere on its website – eBay had no affirmative duty to ferret out potentially infringing activity, or liability for its failure to do so.
[Note: Tiffany filed a Notice of Appeal on August 11, 2008, so we will see how the district court's ruling fares on appeal.]
MMORPGs, Bots, Copyrights and Tortious Interference with Contracts
The following is another news item sitting in my perpetual ‘time permitting’ stack, pertaining to Blizzard, the World of Warcraft game, bots, copyright law and tortious interference with contracts:
On October 25, 2006, MDY Industries filed an action against Blizzard Entertainment pertaining to MDY’s software application WoWGlider, an automated system, or ‘bot,’ for playing Blizzard’s World of Warcraft massive multi-player online role-playing game (MMORPG). MDY sought a declaractory judgment that WoWGlider was legal. Blizzard and Vivendi countersued for tortious interference with contract, contributory copyright infringement, vicarious copyright infringement, violation of the Digital Millennium Copyright Act (DMCA), trademark infringement, unfair competition and unjust enrichment.
On July 14, 2008, the Honorable Judge David G. Campbell issued an order for partial summary judgment in MDY Industries, LLC v. Blizzard Entertainment, Inc., No. CV-06-2555-PHX-DGC, 2008 WL 2757357 (D. Ariz. July 14, 2008) in favor of Blizzard on the contributory and vicarious copyright infringement claims, and on the claim for tortious interference with contract. [Decision]
With respect to the copyright infringement claims, the Court ultimately concluded the following:
The Court reaches the following conclusions on the basis of undisputed facts, construction of the EULA and TOU, and controlling Ninth Circuit law: Blizzard owns a valid copyright in the game client software, Blizzard has granted a limited license for WoW players to use the software, use of the software with Glider falls outside the scope of the license established in section 4 of the TOU, use of Glider includes copying to RAM within the meaning of section 106 of the Copyright Act, users of WoW and Glider are not entitled to a section 117 defense, and Glider users therefore infringe Blizzard’s copyright. MDY does not dispute that the other requirements for contributory and vicarious copyright infringement are met, nor has MDY established a misuse defense.
With respect to the the tortious interference claim, the Court noted that the only real issues were whether Blizzard suffered any damages arising from the players’ use of the WoWGlider software (which Blizzard was able to demonstrate), and whether MDY’s actions were improper. For the second issue, the Court looked at all seven factors of impropriety enumerated by the Restatement (Second) of Torts § 767 and Arizona law, and found in favor of Blizzard with respect to all of them.
This ruling raises substantial concerns for those involved in the ‘sub-economy’ surrounding popular MMORPGs. While MDY is (or was) merely an unlicensed third-party MMORPG application developer, it is not difficult to see the decision being cited against players utilizing those applications, and businesses involved in commercial transactions involving MMORPG items (e.g., game ‘farmers’ or ‘miners’ who gather and sell in-game assets or characters for real world money). While a MMORPG developer may not have the desire or resources to file legal actions against its individual players and customers, it may decide to pursue larger violators, such as the bot developers and farmers, to set examples.
[Note: This ruling also reminds me of Hernandez v. Internet Gaming Entertainment, Ltd. et al., a proposed class action currently pending before the United States District Court, Southern District of Florida (Case No. 1:07-CV-21403-JIC). Hernandez is a purported World of Warcraft player claiming to be an intended third-party beneficiary of Blizzard’s End User Licensing Agreement and Terms of Use, who alleges that IGE tortiously interfered with Blizzard’s EULA and TOU, and his enjoyment of the game, by ‘farming’ gold within the game. According to the court docket, the action is still alive and kicking as of this date, with the parties currently embroiled in a discovery dispute.]
Pending Orphan Works Legislation; Unauthorized Uses of Orphan Works
I had an IM (instant-messaging) discussion with a photographer friend last night concerning her practice of posting photographs on various wallpaper websites for free, non-commercial use. Among other things, we discussed legal protections for those photographs, and the difficulties of maintaining identification and copyright information associated with them – especially given the speed and ease with which data is distributed over the Internet, and with which attribution and licensing information may be lost or discarded.
During the discussion, I took another look at the Orphan Works bills currently pending before the United States Senate (S. 2913) and House of Representatives (H.R. 5889) – which she, and apparently many of her photographer colleagues, had not heard of. Both bills were introduced on April 24, 2008. The Senate version has been considered and revised in committee, and recommended for the entire Senate. However, the revisions do not appear to address all of the issues and concerns raised by the various photography and visual artist trade groups. (See, e.g., the Stock Artists Alliance Orphan Works Blog.)
While I will reserve my own judgment of the Act until it is enacted in its final form, I did recommend to my friend that she avoid letting her works become ‘orphans’ in the first place by embedding her identification and copyright information directly into her photographs as prominent watermarks. Up until now, she had simply included her contact information and licensing restrictions as separate text or meta-data.
While my recommendation would certainly decrease the visual appeal and popularity of her photographs, it may be the best preemptive measure in light of this pending legislation. Few downloaders will go through the trouble of separately copying unattached text for their records. Meta-tags do not guarantee the same level of ‘permanence,’ especially given the ease with which meta-tags may be inadvertently or intentionally removed by others. Of course, watermarks may also be removed with sufficient application of time and photo-editing expertise. However, that may require much more effort than most downloaders are willing to expend.
Commercial E-Mails and Violations of the CAN-SPAM Act
On July 22, 2008, Robert Soloway was sentenced to 47 months in federal prison for violation of the federal CAN-SPAM Act of 2003. [Article] This sentence follows two civil judgments in 2005 against Mr. Soloway related to the sending of spam mail – one in favor of Microsoft for over $7 million dollars, and a second in favor of an Oklahoma internet service provider for over $10 million. [Article]
Mr. Soloway is not the first person to fall afoul to the CAN-SPAM Act, nor will he be the last. Since the CAN-SPAM Act may serve as a basis for both civil and criminal liability, it is important that all business owners advertising via e-mail, either directly or through an ‘affiliate’ program or third-party advertiser, understand its provisions.
The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003, 15 U.S.C. § 7701 et seq.) restricts, but does not prohibit, the sending of unsolicited commercial electronic mail messages. A commercial electronic mail message is defined as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” (15 U.S.C. § 7702.) Unsolicited commercial electronic mail messages must comply with certain requirements, including, but not limited to: accurate e-mail header information; non-deceptive subject lines; clear and conspicuous identification of the e-mail as an advertisement or solicitation, or as containing adult materials, if appropriate; provision of a valid unsubscribe or opt-out mechanism; and the inclusion of the sender’s postal address. (15 U.S.C. § 7704.) Furthermore, the sender must comply with opt-out requests within a certain short period of time.
It is also important to note that the CAN-SPAM Act does not only apply to the e-mail sender. Instead, a person or business whose products are being promoted by the e-mails may also be liable under the CAN-SPAM Act if the person or business: knew, or should have known, that the products were being promoted in the e-mails; received, or expected to receive, an economic benefit from the promotion; and took no reasonable action to prevent the transmission, or detect the transmission and report it to the FTC. (15 U.S.C. § 7705.)
Finally, while the CAN-SPAM Act expressly supersedes many state laws that regulate commercial e-mail messages (see 15 U.S.C. § 7707), it permits states to maintain laws governing false or deceptive commercial e-mail messages, laws not specific to e-mail, and laws related to fraud and computer crime. Furthermore, other states have enacted statutes to protect the privacy rights of children, Internet users, etc.
[Note: The FTC occasionally updates the CAN-SPAM Act. Its most recent update (16 C.F.R. § 316, effective July 7, 2008) supplements several definitions and clarifies some ambiguities - and perhaps most importantly, bars an e-mail sender from imposing opt-out fees, and limits the number of steps that the recipient must undertake in order to opt out of future e-mails.]
