Computer and Internet Law

On October 5, 2009, the Federal Trade Commission announced revisions to its Guides Concerning the Use of Endorsements and Testimonials in Advertising, effective Tuesday, December 1, 2009. [Federal Register Notice] [Revised Guides]

Some of the more significant changes include:

Advertisements that feature a consumer conveying atypical experiences with a product or service must now disclose the results that consumers can generally expect.

Material connections between advertisers and endorsers (which include, but not limited to, bloggers and reviewers) must also be disclosed. The material connections may include, but are not limited to, payments, free products and ‘comp’ products.

Both advertisers and endorsers may be liable for false or unsubstantiated claims made in an endorsement, and for failing to disclose any material connections between them.

Earlier this week, the Ninth Circuit issued a decision in Boschetto v. Hansing et al., No. 06-16595, 2008 WL 3852676 (9th Cir. Aug. 20, 2008), pertaining to the courts’ exercise of personal jurisdiction over out-of-state eBay sellers (i.e., whether an out-of-state eBay seller may be sued in a particular court). [Decision]

In Boschetto, the plaintiff (a California resident) purchased an automobile on eBay from an out-of-state seller. When the automobile arrived, the plaintiff discovered several purported deficiencies, and brought an action against the seller in the Northern District of California.

The district court dismissed the action for lack of personal jurisdiction. The Ninth Circuit affirmed the dismissal, and held that the plaintiff had failed to establish the first element of jurisdiction: namely, that the defendants had purposely availed themselves of the privilege of conducting business in California. The Ninth Circuit also declined to apply the Cybersell sliding scale analysis (which looks at the nature and quality of the defendants’ Internet conduct), since such analysis would have been directed toward eBay rather than the defendants.

However, as a cautionary note, the Ninth Circuit did not rule out personal jurisdiction for all out-of-state eBay sellers. Rather, it emphasized these sellers’ “one-shot” contact with California (the single eBay item and the contract thereon), and noted that there was no evidence or allegation that the sellers’ eBay posting was part of broader e-commerce activity. It acknowledged other legal authorities holding that regular eBay sellers “using the platform as a broader vehicle for commercial activity” (e.g., ‘power sellers’) may be subject to personal jurisdiction.

CNN posted an article earlier this week about Yahoo Shortcuts tagging an article concerning Ashley Dupre (the call girl involved in the Eliot Spitzer scandal) with a link to Flickr images depicting purportedly underage girls. [Article] The same article also notes an earlier incident involving the Google AdSense system, which advertised luggage next to a news story of a murder victim found in a suitcase.

These incidents emphasize the continued need for businesses with online presences (such as websites, e-mail addresses, etc.) to control how they present themselves to the online public. The vast number of free widgets, applets and features available online may seem appealing any new business. For example, automatic content provides substantial ‘bulk’ for an otherwise sparse website. Advertising generates revenue for continued website maintenance and development. Free e-mail addresses, data depositories, etc. save businesses the time, effort and cost of setting up those resources themselves.

However, almost all of these features require a participating business to trust a substantial part of their carefully cultivated image to another person, entity or software routine, whether in terms of content generation or control, or the placement of advertisements by the features’ sponsors. As demonstrated by the CNN article, lapses in this trust may be embarrassing.

Furthermore, lapses may subject the business to various forms of derivative liability. For example, the mechanisms offered by Yahoo Shortcuts and Google AdSense for controlling some of the automatic content (albeit limited) may give rise to an argument that the business knew, should have known, or at least had the ability to control and restrict the objectionable content. While derivative liability is a multifaceted issue, and protections may be available under federal law for interactive computer service providers, it is better for businesses in the long run to exert stronger control over their own online presences as a means of avoiding, or at least minimizing, the issues seen above – even if they must expend some resources in the short term to do so.

The following is another news item sitting in my perpetual ‘time permitting’ stack, pertaining to eBay, Tiffany, trademark infringement and the obligation of websites owners to police suspected trademark infringements on their sites:

The Honorable Judge Richard J. Sullivan his decision in the action of Tiffany (NJ) Inc. et al. v. eBay, Inc., No. 1:04-CV-04607-RJS, 2008 WL 2755787 (S.D.N.Y. July 14, 2008) last month. [Decision] The Court first found that eBay’s use of the Tiffany mark to denote goods manufactured (or purportedly manufactured) by Tiffany, and its sponsorship of link purchases using such mark, constituted nominative fair use.

The Court also clarified a website owner’s obligations to police the third-party contents of its website, and its exposure to a potential claim for contributory trademark infringement if it fails to do so. Specifically, a manufacturer or distributor may be liable for contributory infringement if it intentionally induces another person or entity to infringe upon a trademark, or continues to supply its product or service to a person or entity whom it knows, or has reason to know, is engaged in trademark infringement.

With respect to eBay, the issue was whether eBay had sufficient knowledge concerning the existence of potentially infringing activities on its website. The Court found that generalized knowledge of infringement (or a ‘reasonable anticipation’) is insufficient. Instead, there must be some specific knowledge of infringement, and a failure to act in the face of such knowledge, before liability may be imposed for contributory infringement. The Court summarized the requirement as follows:

The law does not impose liability for contributory trademark infringement on eBay for its refusal to take such preemptive steps in light of eBay’s ‘reasonable anticipation’ or generalized knowledge that counterfeit goods might be sold on its website. Quite simply, the law demands more specific knowledge as to which items are infringing and which seller is listing those items before requiring eBay to take action.

The Court also found that Tiffany, as the holder of the trademark rights, had the burden of policing its trademarks in Internet commerce. Without specific knowledge, or reason to know, of an infringement – and with only a generalized knowledge or suspicion that trademark infringement might be occurring somewhere on its website – eBay had no affirmative duty to ferret out potentially infringing activity, or liability for its failure to do so.

[Note: Tiffany filed a Notice of Appeal on August 11, 2008, so we will see how the district court's ruling fares on appeal.]

On July 22, 2008, Robert Soloway was sentenced to 47 months in federal prison for violation of the federal CAN-SPAM Act of 2003. [Article] This sentence follows two civil judgments in 2005 against Mr. Soloway related to the sending of spam mail – one in favor of Microsoft for over $7 million dollars, and a second in favor of an Oklahoma internet service provider for over $10 million. [Article]

Mr. Soloway is not the first person to fall afoul to the CAN-SPAM Act, nor will he be the last. Since the CAN-SPAM Act may serve as a basis for both civil and criminal liability, it is important that all business owners advertising via e-mail, either directly or through an ‘affiliate’ program or third-party advertiser, understand its provisions.

The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003, 15 U.S.C. § 7701 et seq.) restricts, but does not prohibit, the sending of unsolicited commercial electronic mail messages. A commercial electronic mail message is defined as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” (15 U.S.C. § 7702.) Unsolicited commercial electronic mail messages must comply with certain requirements, including, but not limited to: accurate e-mail header information; non-deceptive subject lines; clear and conspicuous identification of the e-mail as an advertisement or solicitation, or as containing adult materials, if appropriate; provision of a valid unsubscribe or opt-out mechanism; and the inclusion of the sender’s postal address. (15 U.S.C. § 7704.) Furthermore, the sender must comply with opt-out requests within a certain short period of time.

It is also important to note that the CAN-SPAM Act does not only apply to the e-mail sender. Instead, a person or business whose products are being promoted by the e-mails may also be liable under the CAN-SPAM Act if the person or business: knew, or should have known, that the products were being promoted in the e-mails; received, or expected to receive, an economic benefit from the promotion; and took no reasonable action to prevent the transmission, or detect the transmission and report it to the FTC. (15 U.S.C. § 7705.)

Finally, while the CAN-SPAM Act expressly supersedes many state laws that regulate commercial e-mail messages (see 15 U.S.C. § 7707), it permits states to maintain laws governing false or deceptive commercial e-mail messages, laws not specific to e-mail, and laws related to fraud and computer crime. Furthermore, other states have enacted statutes to protect the privacy rights of children, Internet users, etc.

[Note: The FTC occasionally updates the CAN-SPAM Act. Its most recent update (16 C.F.R. § 316, effective July 7, 2008) supplements several definitions and clarifies some ambiguities - and perhaps most importantly, bars an e-mail sender from imposing opt-out fees, and limits the number of steps that the recipient must undertake in order to opt out of future e-mails.]