Blog

September 27, 2022 Contracts, Copyright

Company successfully defends against trade dress and copyright infringement claims over online software tool

trade dress

A federal court in Delaware dismissed most of the intellectual property infringement claims concerning a competing online room-planning software tool. The court held that plaintiff’s trade dress infringement and breach of contract claims failed, and that its copyright infringement claims failed, except for those allegations relating to the copying of computer code.

No trade dress protection where look and feel was functional

On the trade dress claim, plaintiff had identified fifteen elements that formed a cohesive “look and feel” of its software. And the court found – based on extensive use, wide advertisement and appearance in industry publications – that the trade dress had acquired secondary meaning. But the court found that the look and feel was merely functional and not subject to trade dress protection.

Copyright infringement – mixed bag

Similarly, the court dismissed the copyright infringement claim regarding the selection, arrangement and coordination of visual elements of the program. In the court’s view, these elements were merely functional and thus not subject to copyright protection. The court dismissed the copyright infringement claim as well concerning the tool’s graphics. On this point the court was even more bold – it found after a visual comparison of the works that they simply were not similar.

The court allowed the copyright infringement claim concerning the program’s code to move forward. It found that plaintiff had alleged both access and similarity. Plaintiff had also alleged that defendant repeatedly accessed the program to stress test the design, and that there were extensive similarities in the tools’ mechanics. These allegations were enough to survive a motion to dismiss.

Browsewrap not enough

Finally, the breach of contract claim failed, not on the basis of preemption as one might expect, but because the court found plaintiff had not sufficiently alleged that a contract had been formed. Plaintiff asserted that its website’s terms of service prohibited copying of the software, and that defendant’s employees should have been aware of those terms on a browsewrap theory – there was a link to the terms at the bottom of the page. But the court would not find that plaintiff alleged enough facts to plausibly allege that  defendant’s employees manifested assent to those browsewrap terms.

Design With Friends, Inc. v. Target Corporation, 2022 WL 4448197 (D. Delaware, September 23, 2022)

See also:

September 12, 2022 Right of Publicity

Court dismisses company executive’s name and likeness lawsuit over YouTube videos

name likeness

Strouse was the president and CEO of a company but departed with the company was sold. He did not approve of how the new company continued to use YouTube videos Strouse had made when he was with the company. So Strouse sued under Pennsylvania law for unauthorized use of his name and likeness. The company moved to dismiss the claim and the court granted the motion.

There are three elements to a claim for unauthorized use of name and likeness under Pennsylvania law:

  • a natural person’s name or likeness must have commercial value;
  • the accused party must make an unauthorized use of that name or likeness; and
  • the use is for commercial or advertising purposes.

The court found that Strouse’s claim failed on the first and second elements.

Although he claimed he suffered substantial damages due to the company’s supposed misappropriation, the court found he offered no explanation for how or why these damages occurred. He did not allege that his name had any special reputation or prestige such that mention of his name or use of his image in a video on the company’s website could confer an actionable benefit.

And the court found that Strouse’s pleadings did not establish that the company was using the videos without authorization. Strouse had made the videos as president and CEO of the company – he certainly authorized such use then. The acquiring company purchased the business’s assets, including the videos that were made.

Wurth Baer Supply Co. v. Strouse, 2022 WL 4125802 (M.D. Pennsylvania, September 9, 2022)

See also:

August 8, 2022 Employment, Privacy

Can a company snoop on its employee’s personal email account?

email snoop

Plaintiff was an administrative assistant at defendant company. When her supervisor got word that plaintiff had been asked to join a competing company started by some other former company employees, the supervisor allegedly logged onto plaintiff’s work computer and without authorization accessed plaintiff’s Gmail account to get more information confirming plaintiff’s plans. Plaintiff was later terminated.

So she sued under the federal Stored Communications Act (“SCA”) and the Federal Wiretap Act (under a part of that act often called the Electronic Communications Privacy Act (“ECPA”)). Defendant moved to dismiss both the claims. The court denied the motion to dismiss the SCA claim but dismissed the ECPA claim.

The SCA prohibits, among other things, the intentional unauthorized access of a “facility through which an electronic communication service is provided”—thereby obtaining access to an electronic communication while in electronic storage. 18 U.S.C. § 2701(a). A court may award actual damages, statutory damages, and punitive damages for violation of the SCA. If a plaintiff seeks statutory damages under the SCA, it must prove actual damages. But one need not prove actual damages to recover punitive damages. The ECPA prohibits, among other things, the “interception” of electronic communication. 18 U.S.C. § 2511(a). Courts have generally held that such “interception” must be contemporaneous with transmission.

The court held plaintiff could move forward with her SCA claim even though she had not pled actual damages. She had sufficiently pled that she should be awarded punitive damages. And the court tossed the ECPA claim because the facts as alleged showed that the email messages the employer allegedly accessed had already been delivered and therefore were not intercepted as the statute requires for liability.

Benz v. PHB Realty Co., 2022 WL 3098579 (D. Kansas, August 4, 2022)

See also:

July 17, 2022 Section 230

Section 230 immunity did not protect Omegle in product liability lawsuit

Section 230

When plaintiff was 11 years old, she was connected to a man in his late thirties using Omegle (a “free online chat room that randomly pairs strangers from around the world for one-on-one chats”). Before the man was arrested some three years later, he forced plaintiff to send him pornographic videos of herself, made threats against her, and engaged in other inappropriate and unlawful conduct with plaintiff.

Plaintiff sued Omegle, alleging product liability and negligence relating to how Omegle was designed, and for failure to warn users of the site’s dangers. Omegle moved to dismiss these claims, claiming that it could not be liable because it was protected by 47 U.S.C. §230.

The court found that that Section 230 did not apply because plaintiff’s claims did not seek to treat Omegle as the publisher or speaker of content. The court observed that to meet the obligation plaintiff sought to impose on Omegle, Omegle would not have had to alter the content posted by its users. It would only have had to change its design and warnings.

And the court found that plaintiff’s claims did not rest on Omegle’s publication of third party content. In the same way that Snapchat did not avoid liability on the basis of Section 230 in Lemmon v. Snap, Inc., 995 F.3d 1085 (9th Cir. 2021), Omegle’s alleged liability was based on its “own acts,” namely, designing and operating the service in a certain way that connected sex offenders with minors, and failed to warn of such dangers.

A.M. v. Omegle.com, LLC, 2022 WL 2713721 (D. Oregon, July 13, 2022)

See also:

June 18, 2022 Computer Crime

Is it unlawful to access someone else’s Google Drive content that is not password protected?

Plaintiff set up a Google Drive so that he could collect photos and other content related to a local school board controversy. He thought it was private, but it was actually configured so that anyone using the URL could access the content. After the local controversy escalated, plaintiff’s son emailed some photos to an opponent, and one of those photos contained the Google Drive’s URL. That photo made its way into the hands of defendant, who, using the URL, allegedly reviewed, downloaded, deleted, added, reorganized, renamed, and publicly disclosed contents of the Google Drive.

Google Drive CFAA

So plaintiff sued under the Computer Fraud and Abuse Act, 18 U.S.C. §1030, (the “CFAA”). Defendant moved to dismiss, arguing, among other things, that plaintiff had failed to adequately plead that defendant’s access to the Google Drive was without authorization.

Defendant had argued that her access using the URL could not be considered unauthorized under the CFAA, in accordance with the holding of hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180 (9th Cir. 2022). In that case, the Ninth Circuit reasoned that “the prohibition on unauthorized access is properly understood to apply only to private information – information delineated as private through use of a permission requirement of some sort.” Thus, for a website to fall under CFAA protections, it must have erected “limitations on access.” And if “anyone with a browser” could access the website, it had no limitations on access.

In this case, defendant merely used her web browser and the URL she obtained to access plaintiff’s Google Drive. The portion of the Google Drive was not password protected. And plaintiff had – though inadvertently – enabled the setting that allowed anyone with the URL to access the drive’s contents.

But in the court’s view, the Google Drive nonetheless had limitations that made defendant’s access unauthorized. The court differentiated the situation from one in which just “anyone with a web browser” might access the content, for example, via a web search. One needed to enter a 68-character URL to access the content. And the content was not indexed by any search engines. So the Google Drive was not “per se” public. And defendant’s access – as plaintiff had pled it – was not authorized.

Greenburg v. Wray, 2022 WL 2176499 (D. Ariz., June 16, 2022)

See also:

June 11, 2022 Copyright

Company president may be liable for vicarious copyright infringement

vicarious liability copyright

Plaintiff sued a company and its president for copyright infringement, over some photos that the company published online. The individual defendant moved to dismiss the claim against him, arguing that the complaint (1) did not plead any facts concerning action that he took, (2) did not try to pierce the company’s corporate veil, and (3) contained no facts to establish that the company is the alter ego of the individual defendant. Plaintiff conceded it was neither pursuing an alter-ego theory nor seeking to pierce the corporate veil. Instead, plaintiff argued that the individual defendant was vicariously liable for the company’s infringement. The court denied the motion to dismiss.

The court looked first to Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913 (2005), which provides that one infringes vicariously by profiting from direct infringement while declining to exercise a right to stop or limit it. But then it cited to later Tenth Circuit cases (e.g., Diversey v. Schmidly, 738 F.3d 1196 (10th Cir. 2013)) which state the test for vicarious liability a bit differently. Under  Diversey, “[v]icarious liability attaches when the defendant ‘has the right and ability to supervise the infringing activity’ and ‘has a direct financial interest in such activities.” There is no mention of declining to exercise the right to stop or limit the infringement under this test, as there is in Grokster.

The court found that the plaintiff’s claims for vicarious liability against the individual defendant survive because the complaint alleged that defendant was the owner and president of the company, had the ability to supervise and control content on the website, and received a financial benefit from the operation of the website. It rejected the individual defendant’s argument that the claim should fail because there were no allegations that he declined to exercise the right to stop or limit the infringement.

Great Bowery v. Best Little Sites, 2022 WL 2074253 (D. Utah June 9, 2022)

See also:

May 12, 2022 Defamation, Section 230

Can a person be liable for retweeting a defamatory tweet?

section 230 user retweet defamatory

Under traditional principles of defamation law, one can be liable for repeating a defamatory statement to others. Does the same principle apply, however, on social media such as Twitter, where one can easily repeat the words of others via a retweet?

Hacking, tweet, retweet, lawsuit

A high school student hacked the server hosting the local middle school’s website, and modified plaintiff’s web page to make it appear she was seeking inappropriate relationships. Another student tweeted a picture of the modified web page, and several people retweeted that picture.

The teacher sued the retweeters for defamation and reckless infliction of emotional distress. The court dismissed the case, holding that 47 USC §230 immunized defendants from liability as “users” of an interactive computer service. Plaintiff sought review with the New Hampshire Supreme Court. On appeal, the court affirmed the dismissal.

Who is a “user” under Section 230?

Section 230 provides, in relevant part, that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider”. Importantly, the statute does not define the word “user”. The lower court held that defendant retweeters fit into the category of “user” under the statute and therefore could not be liable for their retweeting, because to impose such liability would require treating them as the publisher or speaker of information provided by another.

Looking primarily at the plain language of the statute, and guided by the 2006 California case of Barrett v. Rosenthal, the state supreme court found no basis in plaintiff’s arguments that defendants were not “users” under the statute. Plaintiff had argued that “user” should be interpreted to mean libraries, colleges, computer coffee shops and others who, “at the beginning of the internet” were primary access points for people. And she also argued that because Section 230 changed common law defamation, the statute must speak directly to immunizing individual users.

The court held that it was “evident” that Section 230 abrogated the common law of defamation as applied to individual users. “That individual users are immunized from claims of defamation for retweeting content they did not create is evident from the statutory language. ”

Banaian v. Bascom, — A.3d —, 2022 WL 1482521 (N.H. May 11, 2022)

See also:

April 25, 2022 Contracts, Cybersquatting

Restraining order issued against domain name seller who refused to transfer

restraining order domain name

Defendant listed a domain name for sale using DomainAgents. After a couple rounds of negotiation, plaintiff accepted defendant’s counteroffer to sell the domain name. But when the time came to put the domain name in escrow to enable transfer, defendant backed out of the deal, saying he had changed his mind. Plaintiff sued for breach of contract and sought a temporary restraining order that would prohibit defendant from transferring the domain name.

The court granted the motion. It agreed with plaintiff that it was appropriate to determine the motion ex parte (that is, without giving notice to the defendant) because the defendant could transfer the domain name in the meantime, thereby depriving plaintiff of the ability to procure an irreplaceable asset.

It found plaintiff would likely succeed on the merits of the breach of contract claim, because plaintiff had shown that a valid contract likely existed, that plaintiff was willing to perform its end of the bargain, that defendant had breached by refusing to go through with the transaction, and that plaintiff had been damaged due to the loss of the ability to procure the domain name from defendant.

The court further found a likelihood of irreparable harm to plaintiff, in that defendant’s communicated belief that he was not bound by the purchase agreement indicated he would sell the domain name to another interested party. If that were to happen, plaintiff would have no recourse against that purchaser, who was not in privity of contract with plaintiff.

Moreover, the court found the balance of equities favored plaintiff. The temporary restraining order would only be in place until a further hearing on injunctive relief could be had, and defendant would not otherwise be restricted from using the domain name in the meantime.

Finally, the court held that the public interest favored granting injunctive relief. The public interest strongly favors enforcing contracts.

Jump Operations, LLC v. Merryman, 2022 WL 1082641 (D. Nev., April 8, 2022)

See also:

March 15, 2022 Privacy

Is storing protected information on an unencrypted server a disclosure of that information?

unencrypted server disclosure

Back in the 1990s, Congress recognized that stalkers were aided in their crimes by using victims’ driver’s license information, and states were selling driver’s license information to marketers. So Congress passed the Driver’s Privacy Protection Act, 18 U.S.C. § 2721, et seq. (the “DPPA”). This statute makes it unlawful for any person to knowingly disclose personal information from a motor vehicle record for any use other than certain uses that the statute permits.

Defendant had more than 27 million Texas driver’s license records that it stored on an external unencrypted server. In 2020, it announced that a third party had accessed the records without authorization. As expected, the class action lawyers jumped on board and sued under the DPPA.

The lower court dismissed the DPPA claim in response to defendant’s motion to dismiss for failure to state a claim. Plaintiffs sought review with the Fifth Circuit Court of Appeals. On appeal, the court affirmed the dismissal.

It held that plaintiffs failed to plausibly allege that storing the data on an unencrypted server amounted to a “disclosure”. More specifically, although plaintiffs argued that defendants had placed the information on a server that was readily accessible to the public, that assertion was nowhere in the complaint, nor was it supported by the facts alleged in the complaint.

In finding there to be no disclosure, the court observed that the storage of the data, as alleged, did not make it visible to a digital “passer-by”. This made the case different from Senne v. Village of Palatine, Ill.,695 F.3d 597 (7th Cir. 2012), in which a police officer disclosed information by putting a traffic ticket on a windshield, which any passer-by could see. The court also looked to Enslin v. Coca-Cola Co., 136 F. Supp. 3d 654 (E.D. Pa. 2015), in which that court held there to be no disclosure under the DPPA when someone stole an unencrypted laptop containing information protected under the statute.

Allen v. Vertafore, Inc., No. 21-20404 (5th Cir., March 11, 2022)

March 10, 2022 Copyright, DMCA

Can you sue a platform for not following DMCA takedown procedures?

platform DMCA takedown

Plaintiff sued YouTube after the platform took down one of plaintiff’s videos in response to a DMCA takedown notice. She claimed YouTube failed to follow the procedures in 17 U.S.C. §512 by, for example, not providing her with a physical signature of the copyright owner and otherwise not following the “exact course of the DMCA guidelines.” YouTube moved to dismiss and the court granted the motion.

It held that §512 serves to provide safe harbor protections from copyright infringement liability to platforms. Section 512 does not,  however, give rise to a standalone basis to sue a platform.

When a copyright owner sends a DMCA takedown notice to a platform, it must include substantially the following:

  • A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
  • Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site.
  • Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material.
  • Information reasonably sufficient to permit the service provider to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted.
  • A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
  • A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

If the notification does not include substantially these items, then if the platform leaves the content up, the insufficient notification will not be considered to have placed the platform on notice of the alleged infringing activity. So if the copyright holder sues the platform for copyright infringement, it will have to plead other facts showing that the platform is liable for infringement. Relatedly, if the platform acts expeditiously to remove or disable access to allegedly infringing content when it gets knowledge via a valid takedown notice, it will have an affirmative defense to a claim of copyright infringement.

In this case, the court confirmed the notion that the DMCA provides this safe harbor to the platform but does not give the person whose content has been taken down the right to sue the platform. The court does not mention – but it remains relevant – that one whose content has been taken down can seek a remedy under 17 U.S.C. §512(f) against a party who sends a takedown notice while knowingly materially misrepresenting that the content is infringing. But that is not the course plaintiff in this case took – she sued YouTube for not following the requirements that apply to copyright holders. And she lost.

Finley v. YouTube, 2022 WL 704835 (N.D. Cal., March 9, 2022)

See also: Is it defamation to accuse someone of sending a bogus DMCA takedown notice?

 

Scroll to top