App terms of service said that arbitrator – not court – should determine whether arbitration is proper.
The family of a man killed on a Lime scooter sued Lime over the man’s death. Lime looked to its user agreement – which provided that disputes are subject to arbitration – and asked the court to compel such arbitration. The court granted the motion.
The court found that the agreement structure was not a clickwrap or browsewrap, but instead a “sign-in wrap”. Underneath the Facebook button one can use to sign up within the Lime app was a notice that stated, “[b]y singing up, I confirm that I am at least 18 years old, and that I have read and agreed to Lime’s User Agreement & Terms of Service.” The words “User Agreement” and “Terms of Service” were in darker boldface than the rest of the sentence, and they provided a hyperlink to Lime’s user agreement.
If found that a the hyperlink to the user agreement on Lime’s sign-up screen was reasonably conspicuous and placed the deceased on notice of the user agreement. The sign-up screen was visible on one page, and the hyperlink was in close proximity to the two sign-up buttons. Moreover, the notice was legible, and the hyperlinked words “User Agreement & Terms of Service” were in dark, bold font, making them stand out from both the white screen and the surrounding gray text. Based on these circumstances, the court found, a “reasonably prudent smartphone user” would understand that by signing up for Lime, he or she was assenting to the user agreement.
Further, the court found that compelling arbitration – even for purposes of determining the question of whether arbitration was what the parties had agreed to – was appropriate. By stating that the arbitration provider’s rules would govern the arbitration proceedings, the parties “clearly and unmistakably” reserved the determination of arbitrability for the arbitrator.
Phillips v. Neutron Holdings, Inc., No. 18-3382, 2019 WL 4861435 (N.D. Texas, October 2, 2019)
Oath, Inc., the successor to Yahoo! Inc., filed an action under the Uniform Domain Name Dispute Resolution Policy (UDRP) against a domainer that acquired ymobile.com earlier in 2019. The split 3-member FORUM panel denied the complaint, finding that Oath failed to demonstrate that the respondent lacked rights or legitimate interests in the disputed domain name, and failed to show it registered and used the disputed domain name in bad faith.
On the question of rights or legitimate interests, the panel found that the respondent’s purchase and sale of the domain name comprised of the generic term “mobile” prefixed by “y” was legitimate, so long as the respondent did not intend to capitalize on Oath’s YMOBILE mark, which is registered in Japan. The panel accepted the respondent’s assertion that it had no notice of the YMOBILE mark prior to acquiring the disputed domain name.
Regarding bad faith registration and use, the panel similarly found that the respondent was not targeting the Y! or YMOBILE mark, and that it had no knowledge of the YMOBILE mark’s existence prior to acquiring the disputed domain name.
One of the panelists dissented, arguing that the disputed domain name should have been transferred. He emphasized how the respondent was using the disputed domain name – which the panel found was identical to a mark the complainant owns – to display pay-per-click ads for goods and services competitive with the complainant’s. Some of the ads, for example, were for online games and downloadable software. And on the issue of bad faith, this panel member observed that although the respondent claimed to not know of the complainant’s YMOBILE mark, a simple web search would have revealed it.
Federal agents served a search warrant on plaintiff’s doctor’s office and thereby obtained access to plaintiff’s medical records, which were shared with a number of other parties involved in the criminal investigation of plaintiff’s doctor. Plaintiff sued under the Computer Fraud and Abuse Act (CFAA). Defendants moved to dismiss that claim. The court granted the motion. The CFAA prohibits unauthorized access to a “protected computer”. In dismissing the case, the court found, among other things, that there were no specific allegations that defendants accessed plaintiff’s computer.
Micks-Harm v. Nichols, No. 18-12634, 2019 WL 4781342 (E.D. Michigan, September 30, 2019)
About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.
Court held this was an “exceptional case” and that trial court judge should have awarded plaintiff its attorneys’ fees under the Lanham Act.
While it is fairly common for successful litigants in copyright cases to be awarded the attorneys’ fees they incur in bringing or defending the case, that fee-shifting is not as common in trademark cases. There is a higher standard that must be met in trademark cases – the prevailing party must show that it has won an “exceptional case”. That recently occurred in the Seventh Circuit Court of Appeals.
Plaintiff home remodeling company and defendants – a manufacturer of storm shelters and one of its owners individually – found themselves in a trademark dispute over rights to use a mark plaintiff had developed to use as a distributor of defendants’ storm shelters.
Defendants disregarded on oral license agreement it had with plaintiff and used the mark for years outside the territorial scope of the license. The evidence showed that defendants intended to just buy the mark in the event plaintiff noticed defendants’ out-of-scope use.
Plaintiff indeed noticed and sued. The trademark infringement case went to trial. The trial court – though it found in plaintiff’s favor on the liability question and awarded more than $17 million in damages to plaintiff – declined to order defendants to pay plaintiff’s attorneys fees. Plaintiff sought review of the denial of attorney’s fees with the Seventh Circuit.
On appeal, the court reversed and remanded. It found that the trial court’s findings made this an “exceptional case” and thus appropriate for an award of attorneys’ fees.
Specifically, the court found that defendants’ conduct was willful, egregious and intentional. Likewise, defendants had acted in bad faith and maliciously, and refused to cease infringing activity, causing plaintiff unnecessary trouble and expense.
About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.
Plaintiff – one of the millions of people who have played Fortnite – sued Fortnite developer Epic Games based on a data vulnerability in the Fortnite platform and an apparent hacking incident that took place in 2018. After the case was moved from state court in Illinois to federal court there, and then to federal court in North Carolina, defendant moved to dismiss for failure to state a claim.
This young man is feeling anxiety and anguish. He probably would not have standing in a data breach case.
The court dismissed the case, finding that the court lacked subject matter jurisdiction, since plaintiff had not sufficiently alleged that he had suffered an “injury-in-fact”.
It held that the mere existence of a data vulnerability does not constitute injury-in-fact. Instead, a complaint must allege a sufficient factual basis from which to conclude either that plaintiff’s compromised data has been misused, or that it will be misused, such that concrete harms are actual or imminent.
In this case, plaintiff’s complaint contained no facts showing, or even suggesting, that his personal data had been used as a result of the cyber vulnerability. Plaintiff’s complaint did not even state that his data was taken, only that Fortnite had a cyber vulnerability that could have allowed hackers to access his data.
Plaintiff’s only alleged harms were “time and effort to mitigate the risk of identity theft” and “anxiety and anguish”. The court held that anxiety and anguish resulting from data breaches do not confer standing. And without a single fact alleged to show that future harms were certainly impending, the money, time, and effort spent by plaintiff were merely self-imposed harms in response to a speculative threat. In the court’s view, the threat of future injury was wholly speculative and insufficient for standing.
Krohm v. Epic Games, Inc., No. 19-173, 2019 WL 4861101 (E.D. N. Carolina, October 1, 2019)
About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.
Plaintiff sued defendant for violation of the Computer Fraud and Abuse Act (“CFAA”). For almost 20 years, defendant had worked for a company that developed plaintiff’s proprietary software system. In this capacity, defendant had access to plaintiff’s customer database, accounting system and other confidential information. After leaving the work he was performing for plaintiff, defendant founded his own competing venture.
Defendant moved to dismiss the CFAA claim. The court granted the motion to dismiss. The court held that defendant did not exceed the scope of his authorized access by accessing certain of plaintiff’s documents, files or drives for the benefit of his own venture. Citing to United States v. Nosal, 676 F.3d 854, (9th Cir. 2012), the court observed that the Ninth Circuit has defined “exceeds authorized access” narrowly to include only someone who is authorized to access only certain data or files but accesses unauthorized data or files – or to put it simply: hacking.
In this case, defendant was authorized to access plaintiff’s systems by virtue of the work he was hired to do in connection with plaintiff’s proprietary software systems. Plaintiff had attempted to draw a distinction between the work he was doing for his former employer and the actions he was undertaking to benefit his new venture (even though those actions were one and the same conduct). The court rejected this reasoning: “[E]ven if defendant accessed [plaintiff’s] information for the eventual benefit of [defendant’s new venture], that does not mean he could not have also accessed it for [his former employer’s] authorized purpose of building software.”
It is worth noting that the contours of “exceeding authorized access” under the CFAA give rise to a circuit split. It is fruitful to consider whether the outcome of this case may have been different, for example, in the Seventh Circuit, under the doctrines set out in Int’l Airport Ctr., L.L.C. v. Citrin, 440 F.3d 418 (7th Cir.2006).
Regal West Corporation v. Nguyen, No. 19-5374, 2019 WL 4748393 (W.D.Washington, September 30, 2019)
Facebook’s ability to decisively police the integrity of its platforms was without question a pressing public interest.
Plaintiffs provided software-as-a-service to help their clients locate social media content, gain approval to use that content, and then re-purpose it in the clients’ own advertising and marketing activities.
Previously, plaintiffs had operated in partnership with Facebook, whereby plaintiffs had access to the Facebook Open Graph API. In late August 2019 (a few weeks after a Business Insider article identified plaintiffs as misusing the Instagram platform) Facebook terminated the marketing partnership and access to the API.
After efforts to informally resolve the situation failed, plaintiffs, perhaps emboldened by the Ninth Circuit’s recent decision in hiQ v. LinkedIn, sued Facebook and Instagram asserting a number of claims, including breach of contract and tortious interference, and also sought a declaratory judgment that plaintiffs did not violate the Computer Fraud and Abuse Act. Plaintiffs sought a temporary restraining order that would have restored access to the platforms pending the case’s determination on the merits. But the court denied the motion.
No irreparable harm likely
The court rejected plaintiffs’ argument that they would suffer irreparable harm if access was not restored. It found that plaintiffs’ allegations of imminent harms shared a common fatal flaw in that they merely alleged speculative harm – they did not sufficiently demonstrate that irreparable harm was likely to occur.
Plaintiffs did establish for purposes of this motion that much (though not all) of the work they conducted for clients before losing API access involved Facebook. But the court found that plaintiffs had not sufficiently shown that they would actually lose current customers, or fail to acquire new prospective customers, if access were not restored.
Further, the court found that plaintiffs’ CEO’s statement that “this will soon reach a tipping point where [plaintiffs] can no longer operate” was not specific enough to demonstrate there was irreparable harm. “The extraordinary relief of a pre-adjudicatory injunction demands more precision with respect to when irreparable harm will occur than ‘soon.’ Such vague statements are insufficient evidence to show a threat of extinction.”
Not in the public’s interest
The court also found that the “public’s interest caution[ed] against issuing injunctive relief at this time.”
Plaintiffs argued that the public interest favored an injunction because one would prevent the imminent destruction of plaintiffs’ business, preserve employee jobs, and generally allow plaintiffs to continue operating. Additionally, they argued that the public interest would be served by enjoining defendants’ wrongful conduct.
Defendants argued that the public had an interest in allowing Facebook to exclude those who act impermissibly on its platform and jeopardize user privacy by, in this instance, automating data collection and scraping content en masse. Defendants argued that the public has an interest in allowing them latitude to enforce rules preventing abuse of their platforms.
The court decided that awarding injunctive relief at this stage would compel Facebook to permit a suspected abuser of its platform and its users’ privacy to continue to access its platform and users’ data for weeks longer, until a preliminary injunction motion could be resolved. Moreover, as precedent within Facebook’s policy-setting organization and potentially with other courts, issuing an injunction at this stage could handicap Facebook’s ability to decisively police its social-media platforms in the first instance. Facebook’s enforcement activities would be compromised if judicial review were expected to precede rather than follow its enforcement actions.
And although the public certainly has some interest in avoiding the dissolution of companies and the accompanying loss of employment, the court found that Facebook’s ability to decisively police the integrity of its platforms was without question a pressing public interest. In particular, the court noted, the public has a strong interest in the integrity of Facebook’s platforms, policing of those platforms for abuses, and protection of users’ privacy.
Stackla, Inc. v. Facebook Inc., No. 19-5849, 2019 WL 4738288 (N.D. Cal., September 27, 2019)
Plaintiff sued some unknown defendants for breach of contract and violations of the Computer Fraud and Abuse Act, based on the defendants’ deceptive conduct that tricked some internet users into signing up for plaintiff’s paid services. The unknown defendants would receive affiliate commissions from operating this scheme. This caused reputation problems for plaintiff.
Plaintiff sought early discovery to ascertain the identities of the unknown defendants. The court denied the motion.
The Federal Rules of Civil Procedure do not permit a party to seek discovery from the adverse parties in the case until all parties have conducted an initial conference under Rule 26(f). But when the defendants are unknown, that conference cannot take place. So the plaintiff needs to conduct discovery to find out who they are. In situations like these, for the required early discovery to occur and the unknown defendants to be identified (so that the conference can take place), the court must enter an order permitting early discovery.
A court can authorize early discovery to identify unknown defendants if there is good cause. In determining whether there is good cause, courts consider whether the plaintiff:
can identify the missing party with sufficient specificity such that the court can determine that defendant is a real person or entity who could be sued in federal court;
has identified all previous steps taken to locate the elusive defendant;
has articulated claims against defendant that would withstand a motion to dismiss; and
has demonstrated that there is a reasonable likelihood of being able to identify the defendant through discovery such that service of process would be possible.
In this case, the court found that plaintiff failed to identify the defendants with sufficient specificity, and did not demonstrate that each defendant was a real person or entity who would be subject to jurisdiction in the Northern District of California. Plaintiff had not explained why defendants would be subject to the jurisdiction of the court, as defendants’ activities seemed directed at Argentina, and plaintiff’s harm was felt in Argentina and other parts of Latin America. The only apparent connection defendants had with the Northern District of California was that they used domain name services from California companies. Plaintiff provided no authority to suggest this was sufficient to create jurisdiction.
Plaintiff also failed to explain what steps it had taken to locate defendants. Citing to Columbia Ins. Co. v. seescandy.com, 185 F.R.D. 573 (N.D. Cal. 1999), the court noted that “[t]his element is aimed at ensuring that plaintiffs make a good faith effort to comply with the requirements of service of process and specifically identifying defendants.”
In its motion, plaintiff only stated that there were no more practical measures that would permit it to identify the unknown defendants, but did not identify what measures – if any – were taken. For example, plaintiff was apparently able to identify defendants as affiliates, and that a contract existed, giving rise to legal liability. It was therefore not clear why plaintiff was unable to identify defendants based on the contract.
Binbit Argentina, S.A. v. Does 1-25, No. 19-5384, 2019 WL 4645159 (N.D. Cal., September 24, 2019)
Plaintiff sued defendant for copyright infringement over unlicensed use of plaintiff’s musical works in advertisements that defendant created and uploaded to YouTube. Defendant argued that the language and structure of plaintiff’s website – from which the works were downloaded – resulted in an express license or at least an implied license to use the musical works for commercial purposes. The court rejected these arguments and awarded summary judgment to plaintiff.
No express license
The basis for defendant’s argument that plaintiff’s website gave rise to an express license is not clear. In any event, plaintiff argued that a browsewrap agreement in place on the website established that the works could not be used for commercial purposes without the payment of a license fee. Citing to the well-known browsewrap case of Specht v. Netscape, 306 F.3d 17 (2d Cir. 2002), defendant argued that it did not have notice of the terms and conditions of the browsewrap agreement.
The court distinguished this case from Specht. In this case, plaintiff’s home page contained – similar to the case of Major v. McCallister, 302 S.W.3d 227 (Mo. Ct. App. 2009) – “immediately visible” hyperlinks that referenced terms of use and licensing information. A user did not have to scroll to find these links. So the terms and conditions of the browsewrap agreement were enforceable. Since the browsewrap agreement contained provisions requiring a license for commercial use, no reasonable jury could find that plaintiff had granted defendant an express license to use the musical works for commercial purposes free of charge.
No implied license
Defendant argued in the alternative that plaintiff had granted defendant an implied license to use the musical works, based on (1) plaintiff’s company name “Freeplay,” and (2) the absence of any conspicuous warning that the works were not available for commercial use.
The court found these arguments to be “easily disposed of.” Citing to I.A.E., Inc. v. Shaver, 74 F.3d 768 (7th Cir. 1996), the court noted that an implied license exists only when:
a person (the licensee) requests the creation of a work,
the creator (the licensor) makes that particular work and delivers it to the licensee who requested it, and
the licensor intends that the licensee-requestor copy and distribute his work.
The court found that defendant failed to prove any of these elements. Defendant never asked plaintiff to create any works. Nor did plaintiff make any works at defendant’s request to be used in defendant’s YouTube videos. Moreover, given plaintiff’s paid license requirements for business use of the copyrighted works available on its website, it could not be said that plaintiff intended that defendant download and distribute those works free of charge. Accordingly, the court found that no implied license existed.
Freeplay Music, LLC v. Dave Arbogast Buick-GMC, Inc., No. 17-42, 2019 WL 4647305 (S.D. Ohio, September 24, 2019)
About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.
Plaintiff freelance photojournalist sued defendant website publisher for copyright infringement over photos plaintiff took of a luxury maximum security prison in Norway in 2010. Defendants posted the photos on its website in 2011 without permission, in connection with a widely-publicized story of a notorious mass shooter being relocated there. Plaintiff registered the copyright in his photos in 2015 and filed suit in 2018, claiming that he did not learn of the alleged infringement until 2016.
Each party filed motions for summary judgment. Plaintiff claimed that the court should enter summary judgment in his favor because he had a valid copyright to the photographs, and there was no dispute that defendant published several of them without authorization. Defendant asserted that plaintiff’s claims were time-barred by the Copyright Act’s three-year statute of limitations, because he knew, or should have known, of the infringement when interest in the photos spiked following the remand of the alleged mass murderer to the prison where the photos were taken.
Photos included in copyright registration
The court found there was no genuine issue as to any material fact concerning plaintiff’s ownership of the copyright in the photos. And defendant conceded it published the photos without authorization. Defendant had challenged whether plaintiff’s copyright registration covered the photos at issue. Plaintiff had not introduced the deposit materials, but had submitted a sworn statement saying the photos had been included in the registration. The court found the sworn statement to carry the issue – had the defendant filed a motion to compel or sought the deposit materials from the copyright office, it may have been able to show the photos were not included. But on these facts, it was clear to the court that the copyright registration covered the photos.
Statute of limitations – no duty to scour
The court denied defendant’s motion for summary judgment, finding that the copyright infringement claims were not barred by the statute of limitations. Civil actions for copyright infringement must be “commenced within three years after the claim accrued.” 17 U.S.C. § 507(b). The Second Circuit has stated that the “discovery rule” governs when the statute of limitations begins to run: an infringement claim does not ‘accrue’ until the copyright holder discovers, or with due diligence should have discovered, the infringement.
The court found that plaintiff’s knowledge about general interest in the prison following the news stories about the mass shooter being relocated there was not sufficient to constitute constructive discovery that his photographs of that prison were being infringed. Plaintiff did not have knowledge of any infringement of his work and there was no reason for him to think, or duty for him to scour the internet to find out if, anyone was using his photographs without his consent. The court cited Wu v. John Wiley & Sons, Inc., 2015 WL 5254885 (S.D.N.Y. Sept. 10, 2015) to observe that “[i]f that were the expectation, then stock photo agencies and photographers likely would spend more money monitoring their licenses than they receive from issuing licenses.”
Masi v. Moguldom Media Group, 2019 WL 3287819 (S.D.N.Y., July 22, 2019)
