Defendant listed a domain name for sale using DomainAgents. After a couple rounds of negotiation, plaintiff accepted defendant’s counteroffer to sell the domain name. But when the time came to put the domain name in escrow to enable transfer, defendant backed out of the deal, saying he had changed his mind. Plaintiff sued for breach of contract and sought a temporary restraining order that would prohibit defendant from transferring the domain name.
The court granted the motion. It agreed with plaintiff that it was appropriate to determine the motion ex parte (that is, without giving notice to the defendant) because the defendant could transfer the domain name in the meantime, thereby depriving plaintiff of the ability to procure an irreplaceable asset.
It found plaintiff would likely succeed on the merits of the breach of contract claim, because plaintiff had shown that a valid contract likely existed, that plaintiff was willing to perform its end of the bargain, that defendant had breached by refusing to go through with the transaction, and that plaintiff had been damaged due to the loss of the ability to procure the domain name from defendant.
The court further found a likelihood of irreparable harm to plaintiff, in that defendant’s communicated belief that he was not bound by the purchase agreement indicated he would sell the domain name to another interested party. If that were to happen, plaintiff would have no recourse against that purchaser, who was not in privity of contract with plaintiff.
Moreover, the court found the balance of equities favored plaintiff. The temporary restraining order would only be in place until a further hearing on injunctive relief could be had, and defendant would not otherwise be restricted from using the domain name in the meantime.
Finally, the court held that the public interest favored granting injunctive relief. The public interest strongly favors enforcing contracts.
Jump Operations, LLC v. Merryman, 2022 WL 1082641 (D. Nev., April 8, 2022)
Back in the 1990s, Congress recognized that stalkers were aided in their crimes by using victims’ driver’s license information, and states were selling driver’s license information to marketers. So Congress passed the Driver’s Privacy Protection Act, 18 U.S.C. § 2721, et seq. (the “DPPA”). This statute makes it unlawful for any person to knowingly disclose personal information from a motor vehicle record for any use other than certain uses that the statute permits.
Defendant had more than 27 million Texas driver’s license records that it stored on an external unencrypted server. In 2020, it announced that a third party had accessed the records without authorization. As expected, the class action lawyers jumped on board and sued under the DPPA.
The lower court dismissed the DPPA claim in response to defendant’s motion to dismiss for failure to state a claim. Plaintiffs sought review with the Fifth Circuit Court of Appeals. On appeal, the court affirmed the dismissal.
It held that plaintiffs failed to plausibly allege that storing the data on an unencrypted server amounted to a “disclosure”. More specifically, although plaintiffs argued that defendants had placed the information on a server that was readily accessible to the public, that assertion was nowhere in the complaint, nor was it supported by the facts alleged in the complaint.
In finding there to be no disclosure, the court observed that the storage of the data, as alleged, did not make it visible to a digital “passer-by”. This made the case different from Senne v. Village of Palatine, Ill.,695 F.3d 597 (7th Cir. 2012), in which a police officer disclosed information by putting a traffic ticket on a windshield, which any passer-by could see. The court also looked to Enslin v. Coca-Cola Co., 136 F. Supp. 3d 654 (E.D. Pa. 2015), in which that court held there to be no disclosure under the DPPA when someone stole an unencrypted laptop containing information protected under the statute.
Plaintiff sued YouTube after the platform took down one of plaintiff’s videos in response to a DMCA takedown notice. She claimed YouTube failed to follow the procedures in 17 U.S.C. §512 by, for example, not providing her with a physical signature of the copyright owner and otherwise not following the “exact course of the DMCA guidelines.” YouTube moved to dismiss and the court granted the motion.
It held that §512 serves to provide safe harbor protections from copyright infringement liability to platforms. Section 512 does not, however, give rise to a standalone basis to sue a platform.
When a copyright owner sends a DMCA takedown notice to a platform, it must include substantially the following:
A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site.
Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material.
Information reasonably sufficient to permit the service provider to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted.
A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
If the notification does not include substantially these items, then if the platform leaves the content up, the insufficient notification will not be considered to have placed the platform on notice of the alleged infringing activity. So if the copyright holder sues the platform for copyright infringement, it will have to plead other facts showing that the platform is liable for infringement. Relatedly, if the platform acts expeditiously to remove or disable access to allegedly infringing content when it gets knowledge via a valid takedown notice, it will have an affirmative defense to a claim of copyright infringement.
In this case, the court confirmed the notion that the DMCA provides this safe harbor to the platform but does not give the person whose content has been taken down the right to sue the platform. The court does not mention – but it remains relevant – that one whose content has been taken down can seek a remedy under 17 U.S.C. §512(f) against a party who sends a takedown notice while knowingly materially misrepresenting that the content is infringing. But that is not the course plaintiff in this case took – she sued YouTube for not following the requirements that apply to copyright holders. And she lost.
Finley v. YouTube, 2022 WL 704835 (N.D. Cal., March 9, 2022)
Biometric identifiers extracted from a photo are not public in the same way the photo itself is
Plaintiffs filed a class action lawsuit against a facial recognition technology company and related individual defendants, asserting violations of the Illinois Biometric Information Privacy Act (“BIPA”). Plaintiffs alleged that defendants covertly scraped over three billion photographs of faces from the internet and then used artificial intelligence algorithms to scan the face geometry of each individual depicted to harvest the individuals’ unique biometric identifiers and corresponding biometric information. One of the defendants then created a searchable database containing this biometric information and data that enabled users of its proprietary platform to identify unknown individuals by uploading a photograph to the database. Accordingly, plaintiffs alleged that defendants collected, captured, or otherwise obtained their biometric data without notice and consent, and thereafter, sold or otherwise profited from their biometric information, all in violation of BIPA.
Unconstitutional restriction on public information?
Defendants moved to dismiss the BIPA claim on a number of grounds, including an argument that BIPA violated defendants’ First Amendment rights. More specifically, defendants maintained that the capture and analysis of faceprints from public images was protected speech, and thus, BIPA was unconstitutional because it inhibited the ability to collect and analyze public information. Plaintiffs, however, asserted that the capturing of faceprints and the action of extracting private biometric identifiers from the faceprints was unprotected conduct. The court sided with plaintiffs and rejected defendants’ argument.
The court held that defendants’ argument oversimplified plaintiffs’ allegations. Although defendants captured public photographs from the internet, they then harvested an individual’s unique biometric identifiers and information – which are not public information – without the individual’s consent. Put differently, plaintiffs asserted that the defendants’ business model was not based on the collection of public photographs from the internet, some source code, and republishing information via a search engine, but the additional conduct of harvesting nonpublic, personal biometric data. And, as plaintiffs further alleged, unlike fingerprints, facial biometrics are readily observable and present a grave and immediate danger to privacy, individual autonomy, and liberty.
An intermediate approach to biometric privacy
Accordingly, the court looked at defendants’ conduct as involving both speech and nonspeech elements. Looking to the test set out in the Supreme Court case of United States v. O’Brien, 391 U.S. 367 (1968), the court evaluated how when “elements are combined in the same course of conduct, a sufficiently important governmental interest in regulating the nonspeech element can justify incidental limitations on First Amendment freedoms.” The court applied the intermediate scrutiny standard set out in O’Brien, namely, a regulation does not violate the First Amendment if (1) it is within the power of the government to enact, (2) furthers an important government interest, (3) the governmental interest is unrelated to the suppression of free expression, and (4) any incidental restriction on speech is no greater than is necessary to further the government interest.
The first element was easy to dispense with because the parties did not argue that the Illinois General Assembly lacked the power to enact BIPA. On the second element, the court found that the General Assembly enacted BIPA to protect Illinois residents’ highly sensitive biometric information from unauthorized collection and disclosure. Regarding the third element, the court noted that BIPA, including its exceptions, does not restrict a particular viewpoint, nor does it target public discussion of an entire topic. And on the fourth O’Brien element, the court found BIPA to be narrowly tailored by legitimately protecting Illinois residents’ highly sensitive biometric information and data, yet allowing residents to share their biometric information through its consent provision. And BIPA is not overly-broad, in the court’s view, because it does not prohibit a substantial amount of protected speech.
Defendant asked the court to redact his bitcoin address and transaction information from exhibits used at trial, which ordinarily would become part of the public record. He argued that for each transaction recorded on the blockchain, one could reverse engineer the entire transaction if he or she knows the individual associated with one of a number of pieces of information, including transaction ID and public bitcoin address. “[O]nce a particular individual is associated [with] any of this information, it is essentially akin to providing that individual’s financial account number.”
The court allowed the redaction of the bitcoin address and bitcoin transactions. It found that defendant had demonstrated good cause to support the redactions. The court balanced the public’s right of access to court information against defendant’s interest in keeping the information confidential. It agreed with defendant’s assertion that the bitcoin information he sought to redact is akin to a financial account number or personally identifiable information.
Kleiman v. Wright, 2022 WL 390702 (S.D. Fla., February 9, 2022)
NameFind is a GoDaddy company that holds registrations of domain names and seeks to make money off of them by placing pay-per-click ads on parked pages found at the domain names. Global Licensing owns the DEJA VU trademark that is used in connection with strip clubs and other adult-related services. When NameFind used the domain name dejavushowgirls.com to set up a page of pay-per-click ads, Global Licensing sued, raising claims under the federal Anticybersquatting Consumer Protection Act (ACPA), 15 U.S.C. 1125(d).
Arguing that the cybersquatting claim had been insufficiently pled, NameFind moved to dismiss. The court denied the motion.
To establish a “cybersquatting” claim under the ACPA, a plaintiff must establish that: (1) it has a valid trademark entitled to protection; (2) its mark is distinctive or famous; (3) the defendant’s domain name is identical or confusingly similar to, or in the case of famous marks, dilutive of, plaintiff’s mark; and (4) defendant used, registered, or trafficked in the domain name (5) with a bad faith intent to profit. DaimlerChrysler v. The Net Inc., 388 F.3d 201 (6th Cir. 2004) (citing Ford Motor Co. v. Catalanotte, 342 F.3d 543, 546 (6th Cir. 2003)).
Identical or confusingly similar
NameFind first argued that the court should dismiss the ACPA claim because there were no “non-conclusory” allegations explaining how the content on its website could be confusingly similar to plaintiff’s entertainment services. The court found this argument unpersuasive, however, because the content of the website was not important in evaluating this element. Instead, the court was to make a direct comparison between the protected mark and the domain name itself, rather than an assessment of the context in which each is used or the content of the offending website. It found the disputed domain name and plaintiff’s mark to be identical or confusingly similar because the disputed domain name incorporated plaintiff’s mark, and there were no words or letters added to plaintiff’s mark that clearly distinguished it from plaintiff’s usage.
Bad faith intent to profit
The court likewise rejected NameFind’s second argument, which was that plaintiff had not sufficiently pled NameFind’s bad faith intent to profit. The main point of the argument was that most of plaintiff’s allegations were made “on information and belief”. (That phrase is used in lawsuits when the plaintiff does not know for sure whether a fact is true, so it hedges a bit.) The court observed that allegations made on information and belief are not per se insufficient.
In this case, the court stated that the “on information and belief” allegations should not be considered in isolation, but should be considered in the context of the entire Complaint, including the factual allegations that: (1) NameFind had no intellectual property rights in or to the DEJA VU mark; (2) the disputed domain name was essentially identical to plaintiff’s mark and did not contain defendant’s legal name; (3) plaintiff did not authorize or consent to such use; (4) the domain name was configured to display pay-per-click advertisements to visitors, which provided links to adult-related entertainment sites; (5) as such, the disputed domain name was likely to be confused with plaintiff’s legitimate online location and other domain names, and deceive the public; and, (6) defendant’s website harmed plaintiff’s reputation and the goodwill associated with its marks by causing customers to associate plaintiff with the negative qualities of defendant’s website.
Plaintiff is an artist who designs macabre items, including a bat-themed mug. Defendant (Michaels, the well-known retail craft store) started selling a vase that plaintiff claimed infringed its bat mug copyright. So he sued for copyright infringement. Michaels moved to dismiss, arguing there was no substantial similarity between the works. And even if there were substantial similarity, according to Michaels, plaintiff had not sufficiently alleged that Michaels actually copied the work. The court rejected Michaels’ arguments and denied the motion to dismiss.
Actual copying can be shown by indirect evidence. To adequately plead indirect evidence of actual copying, one must allege, among other things, that the accused infringer could reasonably access the plaintiff’s copyrighted work.
In this case, the artist alleged facts sufficient to establish that Michaels could reasonably access the vampire bat mug. Specifically, plaintiff alleged that it advertised its products, including the vampire bat mug, on various social media platforms, such as Facebook, Pinterest, Instagram, and Tumblr. Through these social media accounts, plaintiff had allegedly reached at least 30,000 followers. In addition to its social media presence, plaintiff alleged it advertised the mug on the internet more generally, and sold it through online retailers, including Etsy, eBay, and Amazon. The court credited plaintiff’s allegations that plaintiff’s reach over the internet extended to customers all over the world, in particular customers in China, where designers and advertisers purportedly saw the mug. These allegations were sufficient to show that defendant could have reasonably accessed plaintiff’s work.
After plaintiff Uber user was denied a ride because of her guide dog, she sued Uber for discrimination under Maine law. Uber sought to have the matter sent to arbitration and the court denied that motion. So Uber sought appeal with the Maine supreme court. That court affirmed the denial of the arbitration motion, finding that Uber’s terms of service were not binding on plaintiff.
First, plaintiff was not placed on reasonable notice that the terms existed. The hyperlink was not underlined and was muted by gray coloring. Its placement on the screen was “relatively inconspicuous.” There was a greater focus on entering payment information.
Second, the court found that even if the registration process had provided reasonable notice that the terms existed, the process was insufficient to place plaintiff on notice that her registration would constitute her assent to those terms. Merely clicking the “DONE” button in the signup process, in the court’s view, could merely have meant that plaintiff thought she was done entering her information, not signing up for an account. And that button appeared on the screen “as far as possible” from the notice and hyperlink to the terms, which were at the bottom of the screen.
One could characterize the recent case of Association of American Physicians & Surgeons, Inc. v. Schiff as addressing the issue of vaccine information censorship. The court considered whether letters written by Congressman Adam Schiff to Big Tech platforms, and statements he made in a Congressional hearing, caused the companies to deplatform a medical trade association and otherwise disfavor its content in search results.
The Association of American Physicians and Surgeons (AAPS) publishes online content that it characterizes not as “anti-vaccine,” but rather in favor of “informed consent based on disclosure of all relevant legal, medical, and economic information.” In 2019, California Representative Adam Schiff wrote letters to Google, Facebook, Amazon and Twitter, complaining about what he characterized as inaccurate information on vaccines, and requested answers to questions about what these platforms were doing to combat vaccine misinformation. In a later congressional hearing, he questioned whether Section 230 immunity for these sorts of technology platforms should be changed (a statement that AAPS characterized as a threat to these Big Tech platforms).
Thereafter, Amazon kicked AAPS out of its associates program, and AAPS’s web traffic to its vaccine information pages dropped (which it blames on Google and Facebook disfavoring the content). AAPS sued Schiff, seeking damages, claiming that his statements and actions caused these platforms to treat it disfavorably. The trial court dismissed the case on a motion to dismiss, finding that AAPS lacked standing. AAPS sought review with the District of Columbia Court of Appeals.
On appeal, the court affirmed the lower court’s dismissal for lack of standing. The court affirmed the dismissal primarily for two reasons. First, if found that AAPS had not sufficiently alleged that it suffered any injury in the form of an impairment of its ability to negotiate with Amazon. Secondly, the court found that any injury AAPS suffered from it being deplatformed and its content disfavored, as alleged by AAPS, was not sufficiently traceable to Schiff’s conduct.
Schiff had also argued that he could not be sued (i.e., that the court lacked subject matter jurisdiction) because his actions giving rise to the lawsuit were legislative acts and therefore protected by the Speech or Debate Clause of the Constitution. Because AAPS had not established that it had standing, the court did not need not reach the separate jurisdictional issue of immunity under this constitutional clause.
Stained glass window at Pokagon State Park in Angola, Indiana, near where the underlying events in this case took place.
In 2019, Indiana joined a number of other states and enacted a statute that makes it a crime for a person to distribute an “intimate image” when he or she knows or reasonably should know that an individual depicted in the image does not consent to the distribution. In March 2020, defendant sent a video of himself receiving oral sex to his ex-girlfriend via Snapchat. After being charged under the statute, defendant moved to dismiss, arguing in part that the statute violates both the Indiana and U.S. constitutions. The trial court agreed and dismissed the case. But the state appealed to the Indiana Supreme Court.
What part of the Indiana constitution applied?
The court’s analysis under the Indiana constitution is particularly interesting. Indiana’s constitutional protection in this area reads quite a bit differently than the language of the First Amendment.
Article 1, Section 9 of the Indiana constitution reads as follows:
No law shall be passed, restraining the free interchange of thought and opinion, or restricting the right to speak, write, or print, freely, on any subject whatever: but for the abuse of that right, every person shall be responsible.
The court first had to evaluate whether videos – and in particular the video at issue – were covered by the applicable Indiana constitutional provision. “Our encounters with Article 1, Section 9 have always involved words, thus invoking the ‘right to speak’ clause.” The court held that the video content was protected under the “free interchange” clause of the state’s constitution. “We understand the free interchange clause to encompass the communication of any thought or opinion, on any topic, through ‘every conceivable mode of expression.’” And the court quickly ascertained that being prosecuted for the distribution of the video was a “direct and substantial burden” on defendant’s right to self-expression.
Abuse of rights?
But defendant’s expressive activity in this case – though within his right to free interchange as expressed in the constitution – was an abuse of that right. Looking through the lens of the natural rights philosophy that informed the drafting of the Indiana constitution, the court cited to previous authority (Whittington v. State, 669 N.E.2d 1363 (Ind. 1996)) that explained how “individuals possess ‘inalienable’ freedom to do as they will, but they have collectively delegated to government a quantum of that freedom in order to advance everyone’s ‘peace, safety, and well-being.'” Thus, the court observed that the purpose of state power is “to foster an atmosphere in which individuals can fully enjoy that measure of freedom they have not delegated to government.”
Citing to State v. Gerhardt, 145 Ind. 439 (Ind. 1896), the court evaluated how “[t]he State may exercise its police power to promote the health, safety, comfort, morals, and welfare of the public.” And citing to other authority, the court noted that “courts defer to legislative decisions about when to exercise the police power and typically require only that they be rational.” So the question became whether – approached from the standpoint of rationality – the statute’s restriction on the right to self-expression was appropriate to promote the health, safety, comfort, morals and welfare of the public.
Rationality favored public protection
“Under our rationality inquiry, we have no trouble concluding the impingement created by the statute is vastly outweighed by the public health, welfare, and safety served.” In reaching this conclusion, the court examined, among other things, the tremendous harms of revenge porn – including its connection to domestic violence and psychological injury. Accordingly, the court found the statute did not violate the Indiana constitution.
The court also found that the statute did not violate the First Amendment of the U.S. Constitution. It held that the statute is content-based and therefore subject to strict scrutiny. Even under this standard, the court found that it served a compelling government interest, and was narrowly tailored to achieve that compelling interest.
State v. Katz, 2022 WL 152487 (Ind., January 18, 2022)
