Blog

April 9, 2020 Anonymity, Copyright, Electronic Discovery, Litigation, Uncategorized

Identifying unknown online copyright infringers: guidance

unmasking online copyright infringers

A recent case addressed the problem of identifying unknown online copyright infringers. Plaintiff sued some unknown “John Doe” defendants who infringed plaintiff’s copyrights. To keep the lawsuit moving forward, plaintiff needed to serve the complaint on the defendants. But this presented a challenge, since plaintiff did not know to whom it should deliver the documents. So plaintiff filed a motion with the court, asking for permission to send interrogatories and to take depositions that would help unmask the anonymous infringers. Plaintiffs sought to get information from parties including PayPal, Cloudflare and various domain name registrars. The court’s response provides guidance to parties seeking to learn the identities of unknown parties.

To identify unknown online copyright infringers: early discovery

The rules of procedure in federal court do not permit discovery requests until the parties have had an initial conference with each other. But they cannot have that conference if the defendant is unknown. So the plaintiff needs to send discovery requests earlier than what the rules generally allow. It needs the court’s permission to do so.

A court will not permit early discovery in every instance. But courts have made exceptions, permitting limited discovery after a plaintiff files the complaint to permit the plaintiff to learn the identifying facts necessary to permit service on the defendant. Courts allow these requests upon a showing of good cause.

What constitutes good cause for early discovery?

This court applied the three part test for good cause set out more than 20 years ago in the case of Columbia Ins. Co. v. Seescandy.com, 185 F.R.D. 573 (N.D. Cal. 1999). The party seeking early discovery should be able to:

  • Identify the missing party with sufficient specificity such that the court can determine that the defendant is a real person or entity who could be sued in federal court;
  • Identify all previous steps taken to locate the elusive defendant; and
  • Establish to the court’s satisfaction that the suit against defendant could withstand a motion to dismiss.

Early discovery was appropriate in this case

Under the first prong of the test, the court found that plaintiff identified the missing parties with as much clarity as possible. Plaintiff stated that those missing parties were persons or entities, and that those parties had been observed and documented as infringing on plaintiff’s copyrights. Thus, as real persons or entities, those Doe parties could be sued in federal court.

As for the second prong, the only information plaintiff had regarding the defendants was the existence of accounts relating to the operations of the defendants’ websites. Therefore, there were no other measures plaintiff could take to identify the defendants other than to obtain their identifying information from the parties from whom it was sought.

Finally, on the third prong, for identifying unknown copyright infingers, the court found that plaintiff had pled the required elements of direct and contributory copyright infringement. Plaintiff claimed (1) it owned and had registered the copyrighted work at issue in the case; (2) defendants knew of the infringing activity and were conscious of their infringement; and (3) defendants actively participated in this infringement by inducing, causing and contributing to the infringement of plaintiff’s copyrighted work. Since plaintiff had alleged each of these elements properly, this cause of action could withstand a motion to dismiss.

MG Premium Ltd. v. Does, 2020 WL 1675741 (W.D. Wash. April 6, 2020)

Related: 

April 6, 2020 Cybersquatting, Trademarks

Domain disputes under federal law can be inefficient

A recent case from a federal court in Kentucky shows why the Anticybersquatting Consumer Protection Act (15 U.S.C. 1125(d) – the “ACPA”) can be – compared to the Uniform Domain Name Dispute Resolution Policy (“UDRP”) – a relatively inefficient way of resolving domain name disputes under federal law.  

domain disputes under federal law

Defendant was an infringer

Here is a quick rundown of the facts. Defendant owned a business directly competitive to plaintiff ServPro. Plaintiff had used its mark and trade dress since the 1960’s. Defendant set up a website using plaintiff’s color scheme, bought Google AdWords triggering ads showing plaintiff’s mark, and registered a domain name identical to plaintiff’s mark – servpro.click. These facts supported the court’s entry of summary judgment in plaintiff’s favor on the question of trademark infringement. But the ACPA claim got the  court got hung up because of some hard-to-believe facts the defendant put forward.  

What the ACPA requires

The ACPA requires a plaintiff to prove bad faith intent to profit from the disputed domain name. And it gives courts a list of nine things that a court can consider in determining this bad faith. In other words, this list is not the be-all and end-all guide for determining ACPA bad faith. Here are the nine things a court should consider in resolving domain name disputes under federal law: 

  • (I) the trademark or other intellectual property rights of the person, if any, in the domain name; 
  • (II) the extent to which the domain name consists of the legal name of the person or a name that is otherwise commonly used to identify that person; 
  • (III) the person’s prior use, if any, of the domain name in connection with the bona fide offering of any goods or services; 
  • (IV) the person’s bona fide noncommercial or fair use of the mark in a site accessible under the domain name; 
  • (V) the person’s intent to divert consumers from the mark owner’s online location to a site accessible under the domain name that could harm the goodwill represented by the mark, either for commercial gain or with the intent to tarnish or disparage the mark, by creating a likelihood of confusion as to the source, sponsorship, affiliation, or endorsement of the site; 
  • (VI) the person’s offer to transfer, sell, or otherwise assign the domain name to the mark owner or any third party for financial gain without having used, or having an intent to use, the domain name in the bona fide offering of any goods or services, or the person’s prior conduct indicating a pattern of such conduct; 
  • (VII) the person’s provision of material and misleading false contact information when applying for the registration of the domain name, the person’s intentional failure to maintain accurate contact information, or the person’s prior conduct indicating a pattern of such conduct; 
  • (VIII) the person’s registration or acquisition of multiple domain names which the person knows are identical or confusingly similar to marks of others that are distinctive at the time of registration of such domain names, or dilutive of famous marks of others that are famous at the time of registration of such domain names, without regard to the goods or services of the parties; and 
  • (IX) the extent to which the mark incorporated in the person’s domain name registration is or is not distinctive and famous within the meaning of [the Lanham Act]. 

The court’s decision on cybersquatting

The court found that factors I through IV and IX weighed in plaintiff’s favor. But the court found there to be a genuine issue as to factor V and denied summary judgment. It found that defendant had an intent to divert plaintiff’s customers. 

Defendant asserted he did not purchase the servpro.click domain name intending to divert customers from plaintiff for defendant’s gain. Instead, he alleged that he registered the domain name to collect information and perform analytical research for running Google AdWords. He also alleged that the website the domain name pointed to did not advertise that it was ServPro. And the contact information on the website pointed to his personal cellphone. He alleged that when answering calls made to that number, he identified himself as affiliated with his company and never identified himself as affiliated with plaintiff. 

The court probably had difficulty denying summary judgment 
in a situation where the facts alleged are so hard to believe. A court’s role at the summary judgment stage, however, is not to weigh the evidence, but merely to determine whether there is a factual issue for trial. The time for really ascertaining the truth of defendant’s assertions will come later.  

Was the ACPA too cumbersome for this case?

In any event, these flimsy arguments remaining alive far into expensive litigation underscores how domain disputes under federal law are more cumbersome . The marshaling of evidence, briefing and argument in federal court can easily rack up six-figures in attorney’s fees and costs. Even after that effort, the summary judgment standard provides little assurance a party arguing against thin facts will get relief. Had the parties resolved this dispute under the UDRP and not the ACPA, plaintiff’s arguments would have had more success.  

ServPro Intellectual Property, Inc. v. Blanton, 2020 WL 1666121 (W.D. Ky. April 3, 2020) 

Related:

April 5, 2020 Contracts

Influencer agreements: what needs to be in them

If you are a social media influencer, or are a brand looking to engage an influencer, you may need to enter into an influencer agreement. Here are five key things that should be in the contract between the influencer and the brand: 

  • Obligations 
  • Payment 
  • Content ownership 
  • Publicity rights 
  • Endorsement guidelines compliance 

Obligations under the influencer agreement.

The main thing that a brand wants from an influencer is for the influencer to say certain things about the brand’s products, in a certain way, and at certain times. What kind of content? Photos? Video? Which platforms? What hashtags? When? How many posts? The agreement should spell all these things out.

Payment.

Influencers are compensated in a number of ways. In addition to getting free products, they may be paid a flat fee upfront or from time to time. And it’s also common too see a revenue share arrangement. That is, the influencer will get a certain percentage based on sales of the products she is endorsing. These may be tracked by a promo code. The contract should identify all these amounts and percentages, and the timing for payment.

So what about content ownership? 

The main work of an influencer is to generate content. This could be pictures posted to Instagram, tweets, or video posted to her story. All that content is covered by copyright. Unless the contract says otherwise, the influencer will own the copyright. If the brand wants to do more with that content outside of social media, that needs to be addressed in the influencer agreement.

And then there are rights of publicity. 

Individuals have the right to determine how their image and name are used for commercial purposes. If the brand is going to feature the influencer on the brand’s own platform, then there needs to be language that specifies the limits on that use. That’s key to an influencer who wants to control her personal brand and reputation. 

Finally, endorsement guidelines and the influencer agreement. 

The federal government wants to make sure the consuming public gets clear information about products. So there are guidelines that influencers have to follow. You have to know what these guidelines are to stay out of trouble. And the contract should address what happens if these guidelines aren’t followed.

See also: When is it okay to use social media to make fun of people?

About the author: Evan Brown is an attorney helping individuals and businesses with a wide variety of agreements involving social media, intellectual property and technology. Call him at (630) 362-7237 or send email to ebrown@internetcases.com. 

April 1, 2020 Copyright, Litigation

Copyright registration certificate was invalid because of inaccurate information provided to Copyright Office

Although the author of a work owns the copyright the moment that work is created, Section 411 of the Copyright Act (17 U.S.C. 411) provides that the copyright owner must register the copyright before the owner can bring suit for infringement. If there is no valid registration certificate, the lawsuit cannot move forward.  A copyright registration certificate that is invalid can cause problems. 

copyright registration certificate was invalid

In a recent case from the Ninth Circuit, the defendant challenged the validity of the plaintiff’s registration certificate, and the lower court dismissed the matter on summary judgment. Plaintiff sought review with the Ninth Circuit. On appeal, the court affirmed the summary judgment.  

The appellate court agreed with the district court that plaintiff’s certificate of registration was invalid because: 

  • There was no genuine dispute that plaintiff knew that it included inaccurate information in its copyright application. Plaintiff falsely represented that the copy of its website it submitted was not how it looked on the publication date listed in the application.
  • The Register of Copyrights told the court that it would have refused registration had it known about the inaccurate information.  

Because Plaintiff’s certificate of registration was invalid, plaintiff failed to satisfy the registration precondition under Section 411 to bring a copyright infringement claim. 

SellPoolSuppliesonline.com, LLC v. Ugly Pools Arizona, Inc., 2020 WL 1527774 (9th Cir. March 31, 2020) 

Related: 
http://blog.internetcases.com/2016/11/23/is-a-copyright-registration-required-before-filing-an-infringement-lawsuit/

March 29, 2020 Section 230

Malware detection software provider gets important victory allowing it to flag unwanted driver installer

Despite a recent Ninth Circuit decision denying immunity to malware detection provider for targeting competitor’s software, court holds that Section 230 protected Malwarebytes from liability for designating software driver program as potentially unwanted program.

Plaintiff provided software that works in real time in the background of the operating system to optimize processing and locate and install missing and outdated software drivers. Defendant provided malware detection software designed to scan consumer’s computers and to report potentially unwanted programs. After defendant’s software categorized plaintiff’s sofware as a potentially unwanted program, plaintiff sued, putting forth a number of business torts, including business disparagement, tortious interference and common law unfair competition.

Defendant moved to dismiss under 47 U.S.C. 230(c)(2)(B), which provides that no provider of an interactive computer service shall be held liable on account of any action taken to enable or make available others the technical means to restrict access to material that the provider deems to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable.

The court granted the motion to dismiss, holding that Malwarebytes was immune from suit under Section 230. It differentiated the case from the Ninth Circuit’s recent decision in Enigma Software Group USA, LLC v. Malwarebytes, Inc., 946 F.3d 1040 (9th Cir. 2019), in which the court held that Section 230 immunity did not protect Malwarebytes for designating a competitor’s anti-malware software as “otherwise objectionable”. In this case, the court found that plaintiff’s software did not make it a competitor to defendant. Since the parties were not direct competitors, the limitations on Section 230’s protection did not apply.

The case can be met with a bit of a sigh of relief to those who, along with Professor Goldman expressed concern that the Enigma case would make it more difficult for anti-malware providers to offer their services. Though Enigma did limit Section 230 protection for these vendors, this decision shows that Section 230 immunity in this space is not dead.  

Asurvio LP v. Malwarebytes, Inc., 2020 WL 1478345 (N.D. Cal. March 26, 2020)

See also

Best practices for providers of goods and services on the Internet of Things

March 26, 2020 Computer Crime, Cybersquatting, Trademarks

How companies can use their trademarks to combat COVID-19-related phishing

Straightforward out-of-court domain name proceeding can provide efficient relief against fraudulent websites and email.

Google has seen a steep rise amid the Coronavirus pandemic in new websites set up to engage in phishing (i.e. fraudulent attempts to obtain sensitive information such as usernames, passwords and financial details). Companies in all industries – not just the financial sector – are at risk from this nefarious practice. But one relatively simple out-of-court proceeding may provide relief.

Varieties of Phish Species

Phishing schemes can take a variety of forms. A fraudster may register a domain name similar to the company’s legitimate domain name and use it to send email messages to the company’s customers, requesting payment and providing wire instructions. Distracted or untrained customers who receive the email may unwittingly wire funds as instructed in the fraudulent email to an account owned by the criminal. Or the phishing party may set up a legitimate looking but fake website at a domain name similar to the company’s legitimate domain name, and direct users there to purportedly log in, thereby disclosing their usernames, passwords, and perhaps additional sensitive information.

Taking Sites Down with the UDRP

Everyone who registers a domain has to agree, by contract, to have disputes over the domain name’s ownership resolved through an administrative proceeding (similar to arbitration). The Uniform Domain Name Dispute Resolution Policy (UDRP) governs disputes over .com, .net, .org and many other domain name registrations. The World Intellectual Property Organization (WIPO) provides administrative panels who decide disputes under the UDRP. These are decided “on the papers” with each party having the opportunity to submit arguments and supporting documentation. The time and expense of a UDRP proceeding is a small fraction of what one sees in typical litigation – UDRP cases usually conclude within weeks, and generally cost a few thousand dollars.

The UDRP Frowns Upon Phishing

To be successful in bringing a UDRP proceeding, a party has to prove (1) that it owns a trademark that is identical or confusingly similar to the disputed domain name, (2) that the party that registered the disputed domain name has no rights or legitimate interests in the disputed domain name, and (3) that the disputed domain name was registered and has been used in bad faith.

UDRP panels typically show little tolerance for blatant phishing efforts. Companies bringing UDRP actions against registrants of domain names registered for phishing purposes enjoy a high rate of success. A good phishing effort (that is, “good” in the sense that the fake domain name succeeds in deceiving) will require using words similar to the company’s mark. So the first element is usually a low hurdle. On the second and third elements, UDRP panels are readily persuaded that a party using a disputed domain name for phishing gains no rights or legitimate interests, and demonstrates clear bad faith. “Using the disputed domain name to send fraudulent email is a strong example of bad faith under the [UDRP].” Samaritan’s Purse v. Domains By Proxy, LLC / Christopher Orientale NA, WIPO Case No. D2019-2403 

March 25, 2020 Contracts

Technology vendors must be proactive in dealing with COVID-19 problems

Early action now on possible performance issues will “flatten the curve” of customer problems in the coming weeks and months. 

Here are three things technology and software vendors can do right now to get ahead of problems that may appear (if they are not already) with services such as development, implementation and support:

  • Check your contracts to see whether there are any “material assumptions” that have failed or will fail – perhaps because of some governmental action or unavailability of personnel.
  • Consider whether a change order would be appropriate to redefine the scope of services, timing for performance, or the fees to be charged.
  • See if any delay in your performance is excused on the basis of force majeure. If so, do you need to give notice to your customer that you are claiming force majeure?

Learn from IBM: Do what is required when there are failures of material assumptions.

In 2006, the State of Indiana signed a $1.3 billion contract with IBM to revamp the technology of the State’s welfare system. The economy went south in 2008. In the complicated breach of contract litigation that followed, IBM argued, among other things, that the economic downturn resulted in the failure of one of the material assumptions of the agreement. IBM urged the court to consider that failure of assumption when deciding whether IBM had materially breached its contract to develop and deploy the system.

The Indiana supreme court rejected IBM’s arguments. Why? Not because the economic downturn was not a failure of a material assumption. (It might have been.) Indeed, the contract specifically said that one of the parties’ material assumptions was that the economy would not take a downturn. But IBM did not do what the contract required in light of the downturn – it did not submit a change order request in response to the failure of the assumption, as the contract required.

Change orders anyway?

Even if your contract does not contain material assumptions, it may contain a procedure for procuring change orders. Parties include change order provisions so that they have an organized pathway for making changes to the scope, timing or pricing when circumstances – whether dramatic or trivial – change while the contract is being performed. Vendors should consider whether a simple change to the parties’ obligations can be made now to reduce bigger problems later. It is better for a ship to correct its course early in the journey rather than after many weary days at sea.

And from a practical, customer-focused perspective, the discussions around possible change orders gives a vendor the opportunity to communicate with its customer. This gives the vendor the chance to assure the customer that services are safe in the long run, and can work to build trust and goodwill that will be key in the further development and collaboration that is going to happen in the technology space once this COVID-19 episode has come to a close. 

Force majeure notice – it is critically important

In the litigation against the state of Indiana, IBM also claimed that severe flooding in the state in 2008 was a force majeure event that excused IBM’s performance. Again, as with the argument for failure of material assumption, IBM did not do what it was required to do under the terms of the contract to avail itself of this excuse in performance.

The court found that force majeure did not apply because IBM did not give appropriate notice as required under the agreement. This highlights a critical takeaway – if a vendor sees an upcoming need to claim that it cannot perform due to some circumstance arising from causes outside its control, it is better to place the customer on notice of that fact sooner rather than later.   

So, here are the key questions to ask right now:

  • Has a material assumption failed? If so, what must I do?
  • Would a request for change order be appropriate?
  • What do I need to do before claiming force majeure?

Being proactive now, in the early stages of the COVID-19 crisis, will – just as in the epidemiological context – flatten the curve of problems later.

State of Indiana v. IBM Corp., 51 N.E.3d 150 (Ind. 2016)

Scroll to top