Blog

Google can, at least for now, disregard Canadian court order requiring deindexing worldwide

U.S. federal court issues preliminary injunction, holding that enforcement of Canadian order requiring Google to remove search results would run afoul of the Communications Decency Act (at 47 U.S.C. 230)

canada-us
Canadian company Equustek prevailed in litigation in Canada against rival Datalink on claims relating to trade secret misappropriation and unfair competition. After the litigation, Equustek asked Google to remove Datalink search results worldwide. Google initially refused altogether, but after a Canadian court entered an injunction against Datalink, Google removed Datalink results from google.ca. Then a Canadian court ordered Google to delist worldwide, and Google complied. Google objected to the order requiring worldwide delisting, and took the case all the way up to the Canadian Supreme Court, which affirmed the lower courts’ orders requiring worldwide delisting.

So Google filed suit in federal court in the United States, seeking a declaratory judgment that being required to abide by the Canadian order would, among other things, be contrary to the protections afforded to interactive computer service providers under the Communications Decency Act, at 47 U.S.C. 230.

The court entered the preliminary injunction (i.e., it found in favor of Google pending a final trial on the merits), holding that (1) Google would likely succeed on its claim under the Communications Decency Act, (2) it would suffer irreparable harm in the absence of preliminary relief, (3) the balance of equities weighed in its favor, and (4) an injunction was in the public interest.

Section 230 of the Communications Decency Act immunizes providers of interactive computer services against liability arising from content created by third parties. It states that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” [More info about Section 230]

The court found that there was no question Google is a “provider” of an “interactive computer service.” Also, it found that Datalink—not Google—“provided” the information at issue. And finally, it found that the Canadian order would hold Google liable as the “publisher or speaker” of the information on Datalink’s websites. So the Canadian order treated Google as a publisher, and would impose liability for failing to remove third-party content from its search results. For these reasons, Section 230 applied.

Summarizing the holding, the court observed that:

The Canadian order would eliminate Section 230 immunity for service providers that link to third-party websites. By forcing intermediaries to remove links to third-party material, the Canadian order undermines the policy goals of Section 230 and threatens free speech on the global internet.

The case provides key insight into the evolving legal issues around global enforcement and governance.

Google, Inc. v. Equustek Solutions, Inc., 2017 WL 5000834 (N.D. Cal. November 2, 2017)

Court allows Microsoft to unmask unknown Comcast users accused of infringement

A federal court in Washington state has given the green light for Microsoft to subpoena records from Comcast to discover the identity of the person or persons associated with an IP address used to activate thousands of unauthorized copies of Microsoft software.

Statue_of_Anonymus_(Budapest,_2013)

Generally, in federal court litigation, a party cannot serve discovery requests or subpoenas until after the plaintiff and defendant have conferred (in a Rule 26(f) conference). But when the plaintiff does not know the identity of the defendant, there is a bootstrapping problem – discovery needs to be taken to find out the defendant with whom to conduct the conference. In situations like this, the plaintiff seeking to unmask an unknown defendant will file its complaint against one or more “John Does,” then ask the court for leave to serve discovery prior to the Rule 26(f) conference.

That is what happened in this case. It is a common tactic used by parties legitimately seeking to enforce intellectual property, as well as parties that may be considered copyright trolls. See, e.g., this early bittorrent case from 2011.

Microsoft filed its complaint and also filed a motion for leave to take discovery prior to the Rule 26(f) conference. Finding that good cause existed for the early discovery, the court granted the motion.

It held that

(1) Microsoft had associated the John Doe Defendants with specific acts of activating unauthorized software using product keys that were known to have been stolen from Microsoft, and had been used more times than were authorized for the particular software,

(2) Microsoft had adequately described the steps it took in an effort to locate and identify the John Doe defendants, specifically by utilizing its “cyberforensics” technology to analyze product key activation data, identifying patterns and characteristics which indicate software piracy,

(3) Microsoft had pleaded the essential elements to state a claim for copyright and trademark infringement, and

(4) the information proposed to be sought through a subpoena appeared likely to lead to identifying information that would allow Microsoft to serve the defendants with the lawsuit.

Microsoft Corp. v. John Does 1-10, 2017 WL 4958047 (W.D. Wash., November 1, 2017)

Image courtesy Dmitrij Rodionov under Creative Commons Attribution-Share Alike 3.0 Unported license. Licensed granted hereby under same terms.

Website liable for statutory damages and attorney’s fees for copyright infringement

Plaintiff photojournalism company sued defendant retail website operator for copyright infringement arising from the publication on the site of two celebrity photographs. Plaintiff moved for summary judgment on its copyright infringement claim. The court granted the motion.

Infringement Claim

Defendant argued that the copyright registration – which was a compilation of photographs taken over a couple of months – did not cover the photographs in question, because the registration made no specific mention of the photos. But the court rejected this argument, finding that the registration certificate for the compilation was valid because (a) all the photographs were by the same photographer, (b) all the photographs were published in the same calendar year, and (c) all the photographs had the same copyright claimant. Defendant could not point to any specific evidence in the record to cast doubt on the validity of the registration.

The parties did not dispute that defendant’s employees copied and reposted the photographs. Accordingly, the court found that plaintiff had established the elements required for a copyright infringement claim.

But defendant argued that it had a license to reuse the photographs, based on the terms of the E! website from which it obtained the photos. The court easily rejected this argument, noting that the defendant had not provided a copy of that purported license agreement, nor come up with any other evidence to support the claim.

Statutory Damages and Attorney’s Fees

The court awarded $750 in statutory damages – the minimum amount that the Copyright Act authorizes. The court based this in part on looking at the actual licensing fees charged for the photographs. Plaintiffs had charged E! a license fee of $75 for use of the photos. Even trebling this amount would not bring the damage calculation within the statutory minimum. So the court raised it to the lowest threshold permitted under the act.

As for attorney’s fees, the court found it appropriate to award fees to promote the stated purposes of the Copyright Act. Specifically, shifting fees here, in the court’s view, served to encourage and reward innovators for their contributions in the march toward progress rather than burdening them with the costs of defending their protected works.

Fameflynet, Inc. v. The Shoshanna Collection, — F.Supp.3d —, 2017 WL 4402568 (S.D.N.Y. October 2, 2017)

Confusing UDRP decision regarding proof required for showing of no rights or legitimate interests

(This is a cross-post from UDRP Tracker.)

In the case of BroadPath Healthcare Solutions / Jerry Robertson v. Maria Piro / Nova Nordisk, a one-member NAF Panel held that the Complainant failed to meet the second UDRP element, namely, it failed to establish that the Respondent lacked rights or legitimate interests in the disputed domain name <broad-path.org>.

The decision is confusing because the opinion appears to be self-contradictory. The Panel noted that the Complainant alleged (1) the Respondent is not commonly known by the disputed domain name, (2) that the Complainant had not authorized, licensed, or otherwise permitted the Respondent to use the Complainant’s mark, and (3) that the Respondent does not use the disputed domain name in connection with a bona fide offering of goods or services or legitimate noncommercial or fair use. Rather, the Complainant argued, the Respondent was attempting to pass off as the Complainant to facilitate fraud on Internet users.

Ordinarily, in an uncontested UDRP matter (such as this one, where the Respondent did not file a response), such allegations would be enough to establish a prima facie showing on the second UDRP element. It is unclear what more the Panel expected to see in terms of proof of lack of rights or legitimate interests. The prima facie showing requirement is used in light of the difficulty of proving a negative, which is what the second UDRP element calls for.

In any event, despite the Complainant’s allegations listed in the decision, the Panel concluded, in summary fashion without explanation, that the Complainant failed to make a legally cognizable argument under this second UDRP element. For this reason, the Panel did not go on to analyze the bad faith element, but instead denied the Complaint.

BroadPath Healthcare Solutions / Jerry Robertson v. Maria Piro / Nova Nordisk, Claim Number: FA1709001748692 (NAF October 31, 2017)

Court reinstates SCO’s misappropriation claim against IBM in long-running lawsuit

For almost a decade and a half, SCO and IBM have been fighting over their collaboration gone wrong concerning the development of a new version of UNIX for Intel processors. The case has garnered much attention, including from the open source community. You can read the backstory here on the Wikipedia page for the dispute. The case has been on appeal to the Tenth Circuit, which released its opinion on October 30. The decision was a mixed ruling – the court affirmed summary judgment in favor of IBM on most of the issues, but ruled in favor of SCO on one important claim – misappropriation.

SCO sued IBM for the tort of misappropriation (a form of unfair competition) arising from IBM’s alleged use in its own product of source code that SCO had contributed to the joint efforts to develop the new UNIX version. The district court granted IBM’s motion for summary judgment on the misappropriation claim, holding that such a claim was barred under New York law’s “independent tort doctrine”. SCO sought review with the Tenth Circuit Court of Appeals. The court reversed and remanded the case on the misappropriation claim.

This doctrine provides that a simple breach of contract is not to be considered a tort unless a legal duty independent of the contract itself has been violated. This separate duty must spring from circumstances extraneous to, and not constituting elements of, the contract, although it may be connected with and dependent upon the contract.

In this case, the court held that while IBM and SCO may not have had a formal partnership or joint venture as a matter of law, they surely enjoyed a business relationship in which each reposed a degree of trust and confidence in the other. In such a situation, there exists a duty not to take a business collaborator’s property in bad faith and without its consent in order to compete against that owner’s use of the same property.

SCO v. IBM, — F.3d —, 2017 WL 4872572 (10th Cir., October 30, 2017)

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Live by the browsewrap, die by the browsewrap

Company could not argue it was not bound by competitor’s browsewrap agreement, because it used a browsewrap agreement for its own website.

server_wrap

Oilpro filed a counterclaim for breach of contract against its competitor, DHI, arguing that DHI breached the agreement it had with Oilpro – such agreement being in a browsewrap agreement found on Oilpro’s website – to not scrape, crawl, or use other automated means to download data from Oilpro’s website. DHI moved to dismiss the breach of contract claim, arguing that Oilpro had insufficiently pled that DHI assented to the terms of the browsewrap agreement. The court denied the motion to dismiss.

In browsewrap cases, because there is no affirmative step to acknowledge assent to the agreement, the party claiming breach has to show that a valid contract exists by demonstrating that the breaching party had actual or constructive knowledge of the terms and conditions. Just having a link to the terms at the bottom of the page, or having them available for review (without having to affirmatively click on something) may not be enough (though there are exceptions to this).

Here, the court found that Oilpro was not relying only on the fact that the agreement was on the pages of the website and available. Instead, Oilpro pointed to DHI’s own web design practices to support its knowledge of the terms of the browsewrap agreement. In the court’s words:

Oilpro alleges constructive notice because DHI has a similar site with a similar browsewrap agreement. Thus, even if there are no allegations that DHI took affirmative action to acknowledge assent, the court finds that the allegations relating to DHI’s constructive knowledge provide more than that the agreement was available and raise the claim to plausible.

So the case stands for the proposition that a company that uses a browsewrap agreement on its own website is less likely to be able to argue it is unaware of other companies’ browsewrap agreements. Said another way, browsewrap-using companies may have a higher standard of diligence in their own online dealings.

It should be noted, however, that the conclusion in this case is likely to apply only in the B2B context, and will likely not affect the enforceability (or non-enforceability) of browsewrap agreements in consumer context. The court said “[t]his conclusion is confined, of course, to instances where both parties are sophisticated businesses that use browsewrap agreements on their websites.”

DHI Group, Inc. v. Kent et al., 2017 WL 4837730 (S.D. Texas, October 26, 2017).

Photo courtesy Flickr user Patrick Finnegan under this Creative Commons license.

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Online platform’s EULA barred software developer from claiming copyright ownership

Developer entered into an agreement with the TD Ameritrade platform that gave him access to the platform’s APIs so that he could develop his own analytical tools. He claimed that without his authorization, the platform incorporated his software routines into its own technology. Developer sued for copyright infringement. The platform moved to dismiss the claim and the court granted the motion.

Developer had presented to the court a registration certificate as evidence that he owned the copyright in the software he created. Such a registration certificate serves as prima facie evidence of copyright ownership, and establishes a rebuttable presumption of such ownership.

In its argument to dismiss developer’s claims, the platform pointed to its agreement with developer that stated, among other things, that use of the services “[would] not confer any title, ownership interest, or any intellectual property rights to me.” It also expressly prohibited the developer from creating derivative works from the services. The platform looked to these provisions in the agreement to rebut the presumption that the developer owned the copyright in the tools. The court agreed.

Developer argued that the platform had actually encouraged – and thereby authorized – the development of tools such as the ones he had created. But the court observed that while such a claim is “possible,” the developer had failed to allege any facts to demonstrate that the claim is “plausible.” So in sum, the court credited the terms of the agreement, and took those terms to preclude the developer from owning the copyright in the software he had developed.  It should be noted that the court left open the option for plaintiff to re-plead. But that does little to mitigate the extent to which the court’s reasoning here as to how the agreement could limit a claim of copyright is questionable.

TD Ameritrade v. Matthews, 2017 WL 4812035 (D. Alaska, October 25, 2017)

[Post updated 27 Oct 2017 at 8:08 CST to address option to re-plead.]

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

YouTube not liable for aiding ISIS in Paris attack

The Communications Decency Act provided immunity to Google in a suit brought against it by the family of an American college student killed in the November 2015 attack.

Plaintiffs filed suit against Google (as operator of YouTube) alleging violation of federal laws that prohibit providing material support to terrorists, arising from the November 2015 Paris attack that ISIS carried out. Plaintiffs argued that the YouTube platform, among other things, aided in recruitment and provided ISIS the means to distribute messages about its activities.

Google moved to dismiss the lawsuit, arguing that Section 230 of the Communications Decency Act (47 U.S.C. 230) provided immunity from suit. The court granted the motion to dismiss.

Section 230 Generally

Section 230(c) provides that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Accordingly, Section 230 precludes liability that treats a website as the publisher or speaker of information users provide on the website, protecting websites from liability for material posted on the website by someone else.

JASTA Did Not Repeal Section 230 Immunity

In response to Google’s arguments in favor of Section 230 immunity, plaintiffs first argued that a recent federal statute – the Justice Against Sponsors of Terrorism Act, or “JASTA” – effectively repealed the immunity conferred to interactive computer services by Section 230. Plaintiffs focused on language in the statute that stated that its purpose “is to provide civil litigants with the broadest possible basis, consistent with the Constitution of the United States, to seek relief” against terrorists and those who assist them.

The court rejected plaintiffs’ arguments that JASTA repealed Section 230 immunity. Significantly, the statute did not expressly repeal Section 230’s protections, nor did it do so implicitly by evincing any “clear and manifest” congressional intent to repeal any part of the Communications Decency Act.

Section 230 Need Not Be Applied Outside the United States

Plaintiffs also argued that Section 230 immunity did not arise because the Communications Decency Act should not apply outside the territorial jurisdiction of the United States. According to plaintiffs, Google provided support and resources to ISIS outside the United States (in Europe and the Middle East), ISIS’s use of Google’s resources was outside the United States, and the Paris attacks and plaintiffs’ relative’s death took place outside the United States.

The court rejected this argument, holding that Section 230’s focus is on limiting liability. The application of the statute to achieve that objective must occur where the immunity is needed, namely, at the place of litigation. Since the potential for liability, and the application of immunity was occurring in the United States, there was no need to apply Section 230 “extraterritorially”.

Immunity Protected Google

Google argued that plaintiffs’ claims sought to treat it as the publisher or speaker of the offending ISIS content, thus satisfying one of the requirements for Section 230 immunity. Plaintiffs countered that their lawsuit did not depend on the characterization of Google as the publisher or speaker of ISIS’s content, because their claims focused on Google’s violations of the federal criminal statutes that bar the provision of material support to terrorists.

But the court found that the conduct Google was accused of — among other things, failing to ensure that ISIS members who had been kicked off could not re-establish accounts — fit within the traditional editorial functions of a website operator. Accordingly, despite the plaintiffs’ characterization of its claims, the court found such claims to be an attempt to treat Google as the publisher or speaker of the ISIS videos.

The court similarly rejected plaintiffs’ arguments that Section 230 immunity should not apply because, by appending advertisements to some of the ISIS videos, Google became an “information content provider” itself, and thus responsible for the videos. This argument failed primarily because the content of the advertisements (which themselves were provided by third parties) did not contribute to the unlawfulness of the content of the videos.

Gonzalez v. Google, Inc., — F.Supp.3d —, 2017 WL 4773366 (N.D. Cal., October 23, 2017)

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Reverse engineering of competitor’s software cost company big

Companies developing software to mimic the functionality of competitors’ products should beware the broad scope of what may constitute reverse engineering. A recent federal case from the Fourth Circuit underscores this idea.

Background – the Development Process

Plaintiff SAS and defendant WPL are competitors in the market for software used to manage and analyze large and complex sets of data. Plaintiff for many years has distributed its proprietary software applications (the SAS System) that run programs written in the eponymous language SAS. WPL sought to create an application to compete with the SAS System, namely, an application it could take to market that would run programs written in SAS. It successfully developed such an application (called the WPS), and customers began dropping the SAS System in favor of the WPS.

As part of its efforts to develop the WPS, defendant obtained a license to use the “Learning Edition” provided by plaintiff – an environment designed for programmers to learn how to code in SAS. Among the provisions in the software license agreement for the Learning Edition was a restriction against reverse engineering the software.

In developing the WPS, defendant did not try to decompile the Learning Edition, or otherwise “tear it down” or “look under the hood.” Instead, it would run SAS code through both the Learning Edition and the WPS, evaluate the outputs from both systems, and tweak the C++ code comprising the WPS to get the outputs to match.

Trial Court Litigation

Plaintiff sued defendant in both U.S. federal court and the U.K. alleging a number of claims, including copyright infringement, breach of contract, deceptive trade practices, and fraud. Of particular importance was the breach of contract claim – plaintiff claimed that defendant’s method of developing the WPS, through adjusting the WPS code based on output compared with Learning Edition output – was reverse engineering prohibited under the terms of the Learning Edition license agreement.

The lower court agreed with plaintiff, and found defendant liable for breach of contract due to reverse engineering, at the summary judgment stage. The case proceeded to trial on other issues where, along with the damages for breach of contract and for deceptive trade practices, the court awarded almost $80 million in damages to plaintiff. Defendant sought review with the Fourth Circuit. On appeal, the court affirmed the lower court’s decision on the reverse engineering issue.

Appellate Court: This Was Reverse Engineering

More specifically, defendant had argued on appeal that the lower court’s summary judgment on the breach of contract/reverse engineering claim was improper because the term “reverse engineering” in the license agreement was ambiguous. Plaintiff and defendant offered competing definitions for what they thought reverse engineering ought to mean. Defendant proposed a narrow definition – essentially, that reverse engineering must have as its objective the re-creation of source code. Plaintiff, however, offered a broader definition, encompassing other efforts to “analyze a product to learn the details of its design, construction, or production in order to produce a copy or improved version.”

The differences in definitions were important – defendant had not sought to, nor did, access or copy the source code of the Learning Edition. If the definition of reverse engineering were limited to the re-creating of source code, then the development of the WPS should be okay.

But the court did not agree with defendant. Finding the language in the software license agreement to be unambiguous, the court observed that “nontechnical words are to be given a meaning consistent with the sense in which they are used in ordinary speech, unless the context clearly requires otherwise.” The court then consulted dictionary definitions for the term “reverse engineer” and also evaluated the broad vs. narrow definitions proposed by the parties in light of other prohibitions (e.g., against “reverse assembly” and “decompilation”) in the same provision of the license agreement. Simply stated, the court found that the agreement was clear on what conduct constitutes reverse engineering, and defendant’s actions fit within that scope.

SAS Institute, Inc. v. World Programming Ltd., — F.3d —, 2017 WL 4781380 (4th Cir. October 24, 2017)

See also:

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Court orders transfer of domain name at preliminary injunction stage of trademark case

Plaintiff sued a competitor under the Anticybersquatting Consumer Protection Act (15 U.S.C. 1125(d) (“ACPA”)) and brought other trademark-related claims concerning the competitor’s alleged online scam of selling infringing nutritional supplement products. Plaintiff also sued the domain name privacy protection service Namecheap, which the competitor had used to register the domain name. As part of the order granting plaintiff’s motion for preliminary injunction, the court ordered Namecheap to transfer the domain name to plaintiff.

The court noted that a preliminary injunction “is an extraordinary remedy never awarded as of right,” and that the “traditional purpose of a preliminary injunction is to protect the status quo and to prevent irreparable harm during the pendency of the lawsuit.” Given these parameters, one may be reasonably surprised that the court went so far as to transfer the domain name before the case could be taken all the way through trial. Usually the transfer of the domain name is part of the final remedy awarded in a cybersquatting case, whether under the ACPA or the Uniform Domain Name Dispute Resolution Policy.

The opinion did not address the issue of whether the domain name transfer prior to trial might go further than to “protect the status quo”. It would seem the court could have just as easily protected the status quo by ordering the domain name not be used. The court apparently found the evidence to be drastically in favor of plaintiff. And since the defendant-competitor did not show up for the hearing, plaintiff’s evidence went unrebutted.

Nutramax Laboratories, Inc. v. Nutra Max Labs, Inc., 2017 WL 4707447 (D.S.C. October 20, 2017)

See also:

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Scroll to top