The Computer Fraud and Abuse Act (CFAA) has a provision that makes it unlawful to “knowingly cause the transmission of a program, information, code, or command, and as a result of such conduct, intentionally cause damage without authorization, to a protected computer.” Can a person violate that provision of the CFAA by deleting data on his or her own computer? A recent federal case answered that question.
Plaintiff sued its former chief technology officer under the CFAA after it learned that the former executive wiped the hard drive of his personal laptop he had used for company business. Defendant moved to dismiss, arguing primarily that the purpose of the CFAA is to target hackers. And he argued that there is a circuit split over what it means for an employee to access a computer without authorization or in excess of authorization.
The court denied the motion to dismiss. It acknowledged there is a circuit split on what it means for an employee to access a computer without authorization or in excess of authorization. Int’l Airport Ctrs., LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006) and LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009) exemplify this split. But the court noted that this case did not present the question of authorization to access a computer. Instead, the relevant CFAA provision discusses unauthorized damage.
Looking at the plain language of the CFAA, the court found no basis to dismiss the complaint. So the court in effect said that a person can violate the CFAA by deleting data on his or her computer. The factual question of whether the particular defendant in this case did that will proceed to trial.
New Touch Digital Inc. v. Cabral, 2020 WL 5946067 (D.D.C. October 7, 2020)
A work of authorship is protected by copyright at the moment it is created. If you take a photo or write some software or draft some text, copyright law protects that work the moment it becomes fixed in a tangible medium of expression for more than a transitory duration. You do not need a registration to own a copyright. It exists automatically. But there are certain benefits conferred by registering a copyright.
Copyright registration allows the holder to sue for infringement.
One benefit from having a registration is that the holder of the copyright can sue for infringement. This is a requirement for litigation – a court will not let a copyright infringement case go forward unless the plaintiff shows that it has a registration certificate. And that registration certificate needs to be in hand — it is not enough for the plaintiff to have just applied to register the copyright. It actually needs to have the registration issued.
Better evidence.
A second benefit of having a copyright registration certificate is the evidentiary weight that it carries in court. If the registration is obtained in the five years following the first publication of the work, the judge will look at that registration certificate and give it great importance in ascertaining whether the plaintiff has a valid copyright in the work.
Statutory damages and attorney’s fees.
A third benefit of having a registration is that in certain circumstances the plaintiff can recover its costs and attorneys fees, and be entitled to recover statutory damages. These damages can range anywhere from $750 all the way up to $150,000 per work infringed.
To be entitled to these things the plaintiff must have obtained a timely copyright registration. To be timely, it has to either have been obtained before the infringement began, or if it was obtained after the infringement began, it was obtained within the first three months following the first publication of the work. The key is that timing matters — it is generally advisable to register a work within the first three months following first publication.
Need help with a copyright registration?
Please feel free to give me a call at (630) 362-7237, or send email to ebrown@internetcases.com.
About the author:
Evan Brown is a technology and intellectual property attorney in Chicago. This content originally appeared on evan.law.
Nondisclosure agreements (or NDAs) are important contracts. There are a number of reasons why parties may want to enter into them.
The first reason is probably the most obvious reason. Parties have proprietary or sensitive information that they don’t want to become publicly known, or known to a competitor. So they enter into nondisclosure agreements to put restrictions on how the parties use or disclose confidential information The agreement contains provisions that give remedies such as injunctive relief if there is a breach or a threatened breach of the nondisclosure agreement. This is an important tool.
A second reason for entering into a nondisclosure agreement is related to the first one. Having a nondisclosure agreement gives the parties the confidence to meaningfully collaborate. If there is a nondisclosure agreement in place, the parties can freely exchange information, and that makes the potential innovation from their collaboration much more robust.
And a third third reason for entering into a nondisclosure agreement relates to the law of trade secrets. The parties may trust one another completely, and may not even think for a moment that the other side would misuse its confidential information or disclose it in a way that is harmful. But it is important to enter into nondisclosure agreements to protect the trade secret status of information. The law of trade secrets only protects information that has been the subject of efforts to keep secret. So the nondisclosure agreement can be important evidence that the party has taken the right steps to protect its trade secrets.
Let’s talk
Nondisclosure agreements can be complex. There are a number of issues to consider and appropriate strategies to take. If you have questions about a nondisclosure agreement, give me a call at (630) 362-7237, or send me an email at ebrown@internetcases.com.
About the author:
Evan Brown is a technology and intellectual property attorney in Chicago. This content originally appeared on evan.law.
Twitter enjoyed Section 230 immunity for aiding and abetting defamation because plaintiffs’ claims on that point did not transform Twitter into a party that created or developed content.
An anonymous Twitter user posted some tweets that plaintiffs thought were defamatory. So plaintiffs sued Twitter for defamation after Twitter refused to take the tweets down. Twitter moved to dismiss the lawsuit. It argued that the Communications Decency Act (CDA) at 47 U.S.C. §230 barred the claim. The court agreed that Section 230 provided immunity to Twitter, and granted the motion to dismiss.
The court applied the Second Circuit’s test for Section 230 immunity as set out in La Liberte v. Reid, 966 F.3d 79 (2d Cir. 2020). Under this test, which parses Section 230’s language, plaintiffs’ claims failed because:
(1) Twitter was a provider of an interactive computer service,
(2) the claims were based on information provided by another information content provider, and
(3) the claims treated Twitter as the publisher or speaker of that information.
Twitter is a provider of an interactive computer service
The CDA defines an “interactive computer service” as “any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server.” 47 U.S.C. § 230(f)(2). The court found that Twitter is an online platform that allows multiple users to access and share the content hosted on its servers. As such, it is an interactive computer service for purposes of the CDA.
Plaintiffs’ claims were based on information provided by another information content provider
The court also found that the claims against Twitter were based on information provided by another information content provider. The CDA defines an “information content provider” as “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.” 47 U.S.C. § 230(f)(3). In this case, the court found that plaintiffs’ claims were based on information created or developed by another information content provider – the unknown Twitter user who posted the alleged defamatory content. Plaintiffs did not allege that Twitter played any role in the “creation or development” of the challenged tweets.
The claim treated Twitter as the publisher or speaker of the alleged defamatory information
The court gave careful analysis to this third prong of the test. Plaintiffs alleged that Twitter had “allowed and helped” the unknown Twitter user to defame plaintiffs by hosting its tweets on its platform, or by refusing to remove those tweets when plaintiffs reported them. The court found that either theory would amount to holding Twitter liable as the “publisher or speaker” of “information provided by another information content provider.” The court observed that making information public and distributing it to interested parties are quintessential acts of publishing. Plaintiffs’ theory of liability would “eviscerate” Section 230 protection because it would hold Twitter liable simply for organizing and displaying content exclusively provided by third parties.
Similarly, the court concluded that holding Twitter liable for failing to remove the tweets plaintiffs found objectionable would also hold Twitter liable based on its role as a publisher of those tweets, because deciding whether or not to remove content falls squarely within the exercise of a publisher’s traditional role and is therefore subject to the CDA’s broad immunity.
The court found that plaintiffs’ suggestion that Twitter aided and abetted defamation by arranging and displaying others’ content on its platform failed to overcome Twitter’s immunity under the CDA. In the court’s view, such activity would be tantamount to holding Twitter responsible as the “developer” or “creator” of that content. But in reality, to impose liability on Twitter as a developer or creator of third-party content – rather than as a publisher of it – Twitter would have to directly and materially contribute to what made the content itself unlawful.
Plaintiffs in this case did not allege that Twitter contributed to the defamatory content of the tweets at issue, and thus pled no basis upon which Twitter could be held liable as the creator or developer of those tweets. Accordingly, plaintiffs’ defamation claims against Twitter also satisfied the final requirement for CDA immunity: the claims sought to hold Twitter, an interactive computer service, liable as the publisher of information provided by another information content provider. Ultimately, Twitter had Section 230 immunity for aiding and abetting defamation.
Brikman v. Twitter, Inc., 2020 WL 5594637 (E.D.N.Y., September 17, 2020)
Evan Brown is an attorney in Chicago practicing copyright, trademark, technology and in other areas of the law. His clients include individuals and companies in many industries, as well as the technology companies that serve them. Twitter: @internetcases
Portland, Oregon yesterday passed a ban on facial recognition technology. Officials cited two primary reasons for the ban. First, current facial recognition technologies less accurately identify people who are not young, white and/or male. Second, everyone should have some sense of anonymity and privacy when in public places.
Should the facial recognition ban focus on disparate impact?
Do Portland’s efforts to “improve people’s lives, with a specific focus on communities of color and communities with disabilities” demonstrate an effective long-term commitment to keeping invasive facial recognition technology at bay? Such a focus implies that when facial recognition technologies get better and less biased, they should then be deployed full scale, because then everyone will be harmed equally.
That’s one of the problems with looking to ban a technology based on its nascent state and accompanying imperfect implementation. Given the choice between arguing (1) that a technology is being harmfully implemented now, and (2) that the technology, no matter how perfect it is, infringes some fundamental human right, I’d go with number (2) every time.
We will find ourselves halfway down the slippery slope
We know the accuracy of this technology will increase with the development of better cameras, smarter algorithms and more data. When that happens, if you are still seeking to argue against its harmful effects on fundamental rights such as anonymity and privacy, you will already have slid halfway down the slope. With your previous “best” argument made moot, your argument now – an appeal to fundamental rights – will have less impact.
So maybe we should focus on the real issues – the fundamental right of anonymity and privacy for everyone – rather than leading with a social justice argument. At some later point, having made it the primary argument and it having becoming moot, the rationale will be a liability.
About the author
Evan Brown is a technology and intellectual property attorney in Chicago. Follow him on Twitter at @internetcases. Phone: (630) 362-7237. Email: ebrown@internetcases.com.
Web scraping is that activity where a party uses automated software to crawl the internet and copy data and other content, usually so that it can compile that together and make its own product offering. This may be of concern to you because you are a company that does web scraping. Or you may be a web publisher and there are other parties that are scraping your content. Let’s examine some of the legal issues around web scraping.
Breach of contract
One of the questions that commonly arises around web scraping is whether the activity is a breach of contract. More specifically, the question is whether the use of automated software violates the terms of service of the website that is being scraped. You often see website terms of service prohibit the use of spider and other automated crawling software to access and use the site. Parties who own websites that are being scraped will often look to see whether the scraping of their site is a breach of contract.
Copyright infringement
Another common question arising when analyzing web scraping is lawful whether scraping constitutes copyright infringement. This is a difficult argument to make if all that is being scraped is data, because mere facts usually are not subject to copyright protection. But if there is other content being scraped, such as images or specific compilations of data, the question of copyright infringement becomes a bit easier to answer in that unauthorized copying is an likely an infringement.
Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act is another topic that often comes up in discussions about web scraping. This is a federal law that makes it unlawful for a person to access a protected computer without authorization, or in excess of a specific authorization. So the question becomes whether that access by the automated web scraper violates the Computer Fraud and Abuse Act. There are some important things that have to be proven for a plaintiff to succeed under the Computer Fraud and Abuse Act, and one of those is loss or damage that results from the unauthorized access. It is a very fact intensive inquiry that has to be made, but the Computer Fraud and Abuse Act is one thing that parties should think about in the context of web scraping.
Trade secrets
The question of trade secrets is another good one to raise in the context of web scraping. A trade secret is any information that a company has that gives that company a commercial advantage in the marketplace because it is secret. The information also has to be the subject of protective efforts — the company has to try to keep the information secret. For example, if information on a website is put there in a way that is behind certain protective barrier,s and the party doing the scraping circumvents those barriers, it could be that there is a misappropriation of trade secrets, particularly if that information is used for some competitive purpose.
Let’s talk
Web scraping legal issues can be complex. Scraping presents certain legal risks to the ones doing it, and the law provides certain powerful remedies when web scraping runs afoul of the rules. If you have questions about web scraping, give me a call at (630) 362-7237, or send me an email at ebrown@internetcases.com.
About the author
Evan Brown is a technology and intellectual property attorney in Chicago. This content originally appeared on evan.law.
Plaintiff ran a YouTube channel. Defendant sent takedown notices under the Digital Millennium Copyright Act (DMCA) to YouTube alleging that plaintiff infringed defendant’s copyright. Plaintiff sued defendant under 17 U.S.C. §512(f), which provides for recovery when a person sends a DMCA takedown notice based on “knowingly materially misrepresented” facts.
The district court granted defendant’s summary judgment motion. Plaintiff sought review with the Eleventh Circuit. On appeal, the court affirmed the lower court’s finding that defendant did not knowingly materially misrepresent facts when it sent the DMCA takedown notices to YouTube.
The DMCA’s good faith standard
The DMCA relieves online service providers (such as YouTube) of liability for storing copyright infringing content if, among other things, the service provider properly responds to the copyright holder’s takedown notice. The notice must state that the copyright holder has a “good faith belief” that the identified content infringes. The copyright holder can be liable for damages if it “knowingly materially misrepresents” that the identified content infringes. Copyright law provides that if use of content is fair use, then it is not infringing.
In 2016, the Ninth Circuit evaluated the questions of what it means for a DMCA takedown notice sender to have a “good faith belief” and to “knowingly materially misrepresent” that content infringes. In that case (Lenz v. Universal Music Corp., 815 F.3d 1145 (9th Cir. 2016)), the court held that having a “good faith belief” that certain content infringes requires that the copyright holder, before sending a takedown notice, consider if the potential infringement is a fair use. And the court held that failure to consider fair use before issuing a takedown notice is a misrepresentation of copyright infringement.
What diligence must a takedown notice sender undertake?
What kind of belief must the copyright holder have to be in line with the conduct required of the DMCA? The Lenz court held that a copyright holder’s subjective good faith belief that a use is both unauthorized and not fair use serves as a complete defense to a misrepresentation claim.
Counsel’s consideration of fair use was sufficient
In this case, defendant’s attorneys testified in affidavits that they investigated whether plaintiff’s YouTube uploads infringed. And they testified that they evaluated whether the uploads were fair use. So the court found that defendant, by relying on their attorneys’ investigations and opinions, reasonably believed in good faith that plaintiff’s videos infringed and did not constitute fair use, prior to filing the takedown notices.
The court found that plaintiff’s evidence did not show otherwise. Plaintiff testified in her deposition that she “knew” defendant did not consider fair use. She said that if defendant did consider fair use, it would not have sent the DMCA takedown notices. In the court’s view, this proffered evidence was just a bare and speculative statement, not evidence. It found that plaintiff failed to provide any meaningful evidence that defendant did not consider the fair use doctrine and that it did not have good faith when it submitted the takedown notices.
Johnson v. New Destiny Christian Center Church, Inc., 2020 WL 5289881 (11th Cir., September 4, 2020)
Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases.
In a couple of recent blog posts we have covered work made for hire generally and have looked at how it is defined. Let’s focus in this post on a key provision that should be in most independent contractor agreements because of the work made for hire doctrine.
The work made for hire framework
Remember that an employee will own the copyright in what an employee creates within the scope of his or her employment even without a written contract saying that. And with an independent contractor, certain kind of works can be work made for hire if the contract says that they are. There are at least two things to be concerned about because of this concept about work made for hire as it relates to independent contractors.
Why work made for hire creates concerns in contract drafting
The first concern is that if the independent contractor agreement is silent on the question of intellectual property ownership, the contractor, and not the hiring party, will own the copyright in the deliverables. Many hiring parties that have spent a lot of money for the work of an independent contractor have been distressed to learn this.
The second thing to be concerned about is the situation where the contract says the deliverables are to be work made for hire, but they are not a type of work that the Copyright Act says can be work made for hire. (We went through that list in part two of this series.) Software would in most circumstances probably fall into this category. If the contract just says the software will be a work made for hire, then the contract may not establish ownership in the party paying for the software to be developed, because it is not really a work made for hire when created by an independent contractor.
Contractor hereby assigns . . .
So you will often see contracts that say two things on this point. It will say that the deliverables are work made for hire. Then the contract will go on to say something along the lines of, to the extent the deliverables are not work made for hire, contractor hereby assigns all right, title and interest in and to the deliverables to the hiring party. If you have seen that language in an agreement before, you may have thought it was redundant but it serves a good purpose.
Evan Brown is an attorney in Chicago practicing copyright, trademark, technology and in other areas of the law. His clients include individuals and companies in many industries, as well as the technology companies that serve them. Twitter: @internetcases
In a recent post, we discussed how Section 230 protected a website from liability for trade libel. The court held that third parties, and not the website itself, provided the offending posts. If the court had believed the posts were written by the site itself (or one of its agents) that may have turned the site into an information content provider and thus outside Section 230’s protections.
Terms of service violation?
This case – East Coast Test Prep LLC v. Allnurses.com, Inc. – had some other interesting aspects of interest to website operators seeking to effectively regulate content. For example, plaintiff claimed the website breached its own terms of service by failing to take down content prohibited by those terms of service. And the site allegedly breached its terms by closing a discussion thread, denying plaintiff the opportunity to respond to libelous content. The court dismissed plaintiff’s breach of contract claims.
The website’s terms stated, in relevant part, that users were not allowed to post libelous information. And it said the site operator would immediately take down content violating the law or invading another’s privacy. The terms also said that the website promoted the “idea of lively debate”.
What the plaintiff claimed
When the site refused to take down the offending content, plaintiff (a member of the site who had agreed to the terms of service) claimed the site violated the terms of service. And he claimed that the site breached the terms by not allowing him to comment, thereby going against the site’s commitment to foster the “idea of lively debate”.
The court rejected these breach of contract claims. It held that defendant did not promise to identify and immediately remove any and all potentially false statements. Instead, it disallowed users from posting libelous information and merely informed users that it would remove illegal or inappropriate posts. And the statement that defendant promoted the idea of a lively debate was not a promise to keep the site’s discussion threads open, particularly in light of the provision that “[p]roblematic posts/threads may be deleted or closed.”
East Coast Test Prep LLC v. Allnurses.com, Inc., — F.3d —, 2020 WL 4809911 (8th Cir. August 19, 2020)
Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.
Section 230 protected a website from liability over content its users posted, in a recent case from the Eighth Circuit Court of Appeals.
Plaintiff sued defendant website operator for trade libel. The website had a forum board, and two forum board users posted that plaintiff was under federal investigation.
Likely recognizing Section 230 immunity would be an obstacle, plaintiff pled certain key facts about the posts’ authors. It claimed the two authors were longtime users. And it noted defendant occasionally paid its users to generate content. So plaintiff claimed the authors were “volunteers, employees, servants, contractors or agents of [defendant].” According to plaintiff’s logic, this would make the defendant website operator the “information content provider” of the offending posts.
The court did not buy that argument. Neither did the appellate court. The Communications Decency Act (at 47 U.S.C. §230) immunizes providers of interactive computer services against liability arising from content created by third parties. The Act provides that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”
The court held that these facts that plaintiff put forward did not plausibly show that defendant website operator was an information content provider. Since the facts only showed that independent parties created the offending posts, Section 230 immunity applied.
East Coast Test Prep LLC v. Allnurses.com, Inc., — F.3d —, 2020 WL 4809911 (8th Cir. August 19, 2020)
Do you need help with an internet law issue? Give me a call or drop me a line: (630) 362-7237 – ebrown@internetcases.com.
About the author
Evan Brown is an attorney in Chicago practicing copyright, trademark, technology and in other areas of the law. His clients include individuals and companies in many industries, as well as the technology companies that serve them. Twitter: @internetcases
Evan Brown is a technology and intellectual property attorney in Chicago. This content originally appeared on evan.law. 
