Blog

March 23, 2011 Spam

Yahoo not liable for blocking marketing email

Section 230 of Communications Decency Act (47 U.S.C. 230) shields Yahoo’s spam filtering efforts

Holomaxx v. Yahoo, 2011 WL 865794 (N.D.Cal. March 11, 2011)

Plaintiff provides email marketing services for its clients. It sends out millions of emails a day, many of those to recipients having Yahoo email addresses. Yahoo used its spam filtering technology to block many of the messages plaintiff was trying to send to Yahoo account users. So plaintiff sued Yahoo, alleging various causes of action such as intentional interference with prospective business advantage.

Yahoo moved to dismiss, arguing, among other things, that it was immune from liability under Section 230(c)(2) of the Communications Decency Act. The court granted the motion to dismiss.

Section 230(c)(2) provides, in relevant part, that “[n]o provider or user of an interactive computer service shall be held liable on account of … any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable.”

Plaintiff argued that immunity should not apply here because Yahoo acted in bad faith by using “faulty filtering technology and techniques,” motivated “by profit derived from blocking both good and bad e-mails.” But the court found no factual basis to support plaintiff’s allegations that Yahoo used “cheap and ineffective technologies to avoid the expense of appropriately tracking and eliminating only spam email.”

The court rejected another of plaintiff’s arguments against applying Section 230, namely, that Yahoo should not be afforded blanket immunity for blocking legitimate business emails. Looking to the cases of Goddard v. Google and National Numismatic Certification v. eBay, plaintiff argued that the court should apply the canon of statutory construction known as ejusdem generis to find that legitimate business email should not be treated the same as the more nefarious types of content enumerated in Section 230(c)(2). (Content that is, for example, obscene, lewd, lascivious, filthy, excessively violent, harassing).

On this point the court looked to the sheer volume of the purported spam to conclude Yahoo was within Section 230’s protection to block the messages — plaintiff acknowledged that it sent approximately six million emails per day through Yahoo’s servers and that at least .1% of those emails either were sent to invalid addresses or resulted in user opt-out. On an annual basis, that amounted to more than two million invalid or unwanted emails.

March 19, 2011 Fraud/Misrepresentation

Court rules against woman accused of fraudulent misrepresentation for creating fake internet boyfriend

Bonhomme v. St. James, — N.E.2d —, (Ill.App. 2 Dist March 10, 2011.)

Perhaps the most famous legal case about someone creating a false persona online and using that to dupe someone is the sad case of Megan Meier, which resulted in the (unsuccessful) prosecution of Lori Drew. The facts of that case were hard to believe — a woman created the identity of a teenage boy from scratch by setting up a bogus MySpace profile, then engaged in sustained communications with young Megan, leading her to believe the two of them had a real relationship. After the “boy” broke that relationship off, Megan committed suicide.

Here’s a case that has not seen quite as much tragedy, but the extent and the nature of the alleged deception is just as incredible, if not more so, than that undertaken by Lori Drew.

The appellate court of Illinois has held that a woman who was allegedly the victim of an elaborate ruse, perpetrated in large part over the internet, can move forward with her fraudulent misrepresentation claim against the woman who created the fake persona of a “man” who became her “boyfriend”. The story should satisfy your daily requirement of schadenfreude.

Plaintiff first got to know defendant Janna St. James back in 2005 in an online forum for fans of the HBO show Deadwood. A couple months after they first began talking online, defendant set up another username on the Deadwood site, posing as a man named “Jesse”. Plaintiff and this “Jesse” (which was actually defendant) struck up an online romance which apparently got pretty intense.

To add detail to the ploy, defendant invented no less than 20 fictitious identities — all of whom were purportedly in “Jesse’s” social or family circle — which she used to communicate with plaintiff.

The interactions which took place, both online and through other media and forms of communication (e.g., phone calls using a voice disguiser) were extensive. “Jesse” and plaintiff planned to meet up in person once, but “Jesse” cancelled. Plaintiff sent $10,000 worth of gifts to “Jesse” and to the other avatars of defendant. It even went so far as “Jesse” and plaintiff planning to move to live with one another in Colorado. But before that could happen, defendant pulled the plug on “Jesse” — he “died” of liver cancer.

Some time after that, defendant (as herself) flew from Illinois to California to visit plaintiff. During this trip, some of plaintiff’s real friends discovered the complex facade. Plaintiff sued.

The trial court dismissed plaintiff’s fraudulent misrepresentation claim. Plaintiff sought appellate review. On appeal, the court reversed, sending the case for fraudulent misrepresentation back to the trial court.

The court said some interesting things about whether the facts that plaintiff alleged supported her claim for fraudulent misrepresentation. A plaintiff suing for fraudulent misrepresentation under Illinois law must show: (1) a false statement of material fact; (2) knowledge or belief of the falsity by the party making it; (3) intention to induce the plaintiff to act; (4) action by the plaintiff in justifiable reliance on the truth of the statement; and (5) damage to the plaintiff resulting from that reliance.

Defendant made a strange kind of circular argument as to the first element — falsity of a material fact. She asserted that plaintiff’s claim was based more on the fiction that defendant pursued rather than specific representations. And the concepts of “falsity” and “material fact,” defendant argued, should not apply in the context of fiction, which does not purport to represent actuality. So defendant essentially argued that so long as she knew the masquerade was fiction, there could be no misrepresentation. The court recognized how invalid this argument was. The logic would shift the element of reliance on the truth of the statement from the injured party to the utterer.

Though the appellate court ruled in favor of plaintiff, the judges disagreed on the question of whether plaintiff was justified in relying on the truth of what defendant (as “Jesse,” as the other created characters, and herself) had told plaintiff. One judge dissented, observing that “[t]he reality of the Internet age is that an online individual may not always be — and indeed frequently is not — who or what he or she purports to be.” The dissenting judge thought it simply was not justifiable for plaintiff to spend $10,000 on people she had not met, and to plan on moving in with a man sight-unseen. (In so many words, the judge seemed to be saying that plaintiff was too gullible to have the benefit of this legal claim.)

The majority opinion, on the other hand, found the question of justifiable reliance to be more properly determined by the finder of fact in the trial court. For the motion to dismiss stage, plaintiff had alleged sufficient facts as to justifiable reliance.

(Congratulations to my friend Daliah Saper for her good lawyering in this case on behalf of plaintiff.)

March 15, 2011 Computer Crime

School didn’t violate eighth grade hacker’s due process rights by suspending him over denial of service attack

Harris ex rel. Harris v. Pontotoc County School Dist., — F.3d —, 2011 WL 814972 (5th Cir., March 10, 2011)

Back in 2008, when Derek Harris was in eighth grade, he got suspended and had to attend “alternative school” for violating the school district’s technology use policy. School officials accused Derek of possessing a keylogger program, of launching a denial of service attack on the school’s network (from the computer his mom used in her job as secretary for the elementary school’s principal), and bypassing security to access the DOS prompt. (Kudos to the kid for getting in trouble for two kinds of “D-O-S” nefariousness!)

Derek’s parents, on his behalf, sued the school in federal court, arguing that the suspension and transfer to alternative school violated his due process rights under the Fourteenth Amendment to the Constitution. The school district moved for summary judgment. The court granted the motion.

It quickly dispensed with the argument that sending Derek to an alternative school violated his rights. It observed that a school district may not withdraw the right to a public education on grounds of misconduct absent fundamentally fair procedures to determine whether the misconduct has occurred. Since transferring him to an alternative education program did not deny access to public education, it did not violate his Fourteenth Amendment rights.

The court likewise held that the suspension was proper and did not violate Derek’s constitutional interests. It reviewed the suspension in light of the 1975 Supreme Court case of Goss v. Lopez, which requires that a student being suspended be given oral or written notice of the charges against him and, if he denies them, an explanation of the evidence the authorities have and an opportunity to present his side of the story.

In this case, the court found that Derek was notified of the charges on the day he was suspended. He had numerous opportunities to meet with school officials, to hear some of the charges, and to explain and respond. The processes he was afforded, the court found, were sufficient to satisfy the Fourteenth Amendment.

March 13, 2011 Defamation, Privacy

Woman mistaken for Spitzer prostitute in Girls Gone Wild internet video awarded $3 million

Arpaio v. Dupre, 2011 WL 831964 (D.N.J., Mar 3, 2011)

It has been three years since Eliot Spitzer resigned as governor of New York for getting busted for hooking up with a prostitute (time flies!). Shortly after he resigned, Girls Gone Wild offered Ashley Dupre, the high-priced prostitute Spitzer was accused of patronizing, a million dollars to be in a new Girls Gone Wild magazine spread and promotional tour. But when the producers realized they already had archival footage of her from years earlier, they revoked that offer.

Dupre sued Joseph Francis, the head of Matra Films (the producer of Girls Gone Wild) for $10 million alleging that he improperly used Dupre’s image from the archival footage. She claimed that because she was only 17 at the time, she didn’t understand the nature of what she was doing. Francis responded by releasing a video that made its rounds on the web (maybe NSFW) that showed the 17-year-old Dupree saying she was of age, and presenting a New Jersey driver’s license bearing the name of plaintiff Arpaio.

Plaintiff filed this lawsuit against Dupre and Girls Gone Wild alleging defamation and invasion of privacy. After none of the defendants responded to the lawsuit, the court entered default against the Girls Gone Wild defendants. Plaintiff never properly served the complaint on Dupre, so it did not enter default judgment against her.

The court awarded plaintiff $3 million in damages. It based this figure on her testimony and other evidence relating to plaintiff’s distress from being mistaken for Dupre, her concern that future employment would be jeopardized from employers doing a Google search on her and learning of the situation, the harm from plaintiff’s children (someday) being exposed to insulting material, and plaintiff’s symptoms consistent with post traumatic stress disorder.

March 12, 2011 Privacy

Court says you don’t need a person’s permission to tag them in a Facebook photo

Lalonde v. Lalonde, — S.W.3d —, 2011 WL 832465 (Ky. App., February 25, 2011)

Mother sought appellate review of the lower court’s order that awarded primary physical custody of her daughter to the child’s father. The mother argued, among other things, that the court improperly considered Facebook photos showing her drinking. This was not good because her psychologist had testified that alcohol would have an adverse effect on the medication she was taking for bipolar disorder. (Seems like there’s no shortage of cases involving drinkin’ photos on social media.)

The court rejected the mother’s assertion that the photos should not be considered as evidence. She argued that because Facebook allows anyone to post pictures and then “tag” or identify the people in the pictures, she never gave permission for the photographs to be published in this manner. The court held that “[t]here is nothing within the law that requires [one’s] permission when someone takes a picture and posts it on a Facebook page. There is nothing that requires [one’s] permission when she [is] “tagged” or identified as a person in those pictures.”

It might be easy to overstate the court’s conclusion here. Some instances of tagging might be part of something actionable. For example, the posting and tagging of photos in the right context might constitute harassment, infliction of emotional distress, or invasion of privacy. Use of another’s photo on the web without permission for commercial purposes might violate that person’s right of publicity. And of course there is the question of copyright as to the uploading of the photo in the first place — if the person appearing in the photo owns the copyright (e.g., it’s a self-portrait) there is the risk of infringement. But it’s interesting to see the court appear to validate ordinary tagging.

March 10, 2011 Contracts, Litigation

Drunk reality show participant’s invasion of privacy claim stays in court, for now

Amirmotazedi v. Viacom, Inc., — F.Supp.2d —, 2011 WL 802134 (D.D.C. March 9, 2011)

Plaintiff sued the producers of The Real World (MTV, Viacom and Bunim-Murray Productions) for, among other things, invasion of privacy and intentional infliction of emotional distress over the way that the show portrayed her in an episode and in outtakes posted on the web. Defendants moved to dismiss, claiming that the plaintiff signed a release on the night she visited the Real World house, and that the release’s arbitration clause meant the case did not belong in court. The court denied the motion.

To argue against the enforceability of the arbitration provision, plaintiff asserted that she was so drunk on the night of the filming that she lacked the mental capacity to understand the significance of the arbitration provision. (This is called the voluntary intoxication defense.)

The court sided with plaintiff, finding that plaintiff’s mental capacity defense went to the question of formation, or the “making” of the agreement to arbitrate, thus under the Federal Arbitration Act, the question of the arbitration provision’s enforceability must be decided by the court. That’s not to say that the court won’t ultimately kick the case into arbitration. It’s just that the case stays before the court for now to determine whether plaintiff’s voluntary intoxication defense requires the agreement to be voided.

Related: California court invalidates Alienware arbitration provision in online terms and conditions

March 9, 2011 Privacy

Judge uses Facebook to research litigant

We’ve all heard the stories about lawyers using social media to research jurors and to gather evidence about opponents. But here’s a new twist: even judges look to Facebook to find information about the parties appearing before them.

In Purvis v. Commissioner of Social Sec., 2011 WL 741234 (D.N.J., Feb. 23, 2011), the question before federal judge Susan Davis Wigenton was whether the plaintiff had been wrongfully denied Social Security benefits. Ultimately the judge determined that the question of whether plaintiff’s asthma made her disabled needed to go back to the Social Security office for further proceedings. But the judge had some pretty severe skepticism about the merits of the plaintiff’s claim, expressed in this footnote:

Although the Court remands the ALJ’s decision for a more detailed finding, it notes that in the course of its own research, it discovered one profile picture on what is believed to be Plaintiff’s Facebook page where she appears to be smoking. Profile Pictures by Theresa Purvis, Facebook, [link omitted because it’s broken] (last visited Feb. 16, 2011). If accurately depicted, Plaintiff’s credibility is justifiably suspect.

I guess the moral of the story is to hide your smokes when someone pulls out a camera. Or maybe there’s an even bigger lesson. What do you think? Leave your comments.

March 4, 2011 Computer Crime, Privacy

Mom violated wiretap law by bugging daughter’s teddy bear to eavesdrop on dad

Lewton v. Divingnzzo, 2011 WL 692292 (D.Neb. Feb. 18, 2011)

Defendant thought her ex-husband was abusing their daughter during visitations. To prove these allegations in the custody case, defendant sewed an electronic recording device into the little girl’s favorite teddy bear. After the daughter returned from visiting with her father, the mom would unstitch the teddy bear and download the recorded conversations onto her computer.

She tried using the transcribed recordings as evidence in the state court custody proceeding. But the judge would not let them into evidence because they violated Nebraska law. The father and others whose conversations were recorded via the teddy bear sued the mom under the federal Electronic Communications Privacy Act.

Both sides moved for summary judgment. The court ruled in favor of the father, finding that the surreptitious recording did not fit into any exception of the ECPA.

The ECPA provides a private right of action to any person whose wire, oral or electronic communication is intercepted, disclosed or intentionally used in violation of the ECPA. Looking to Eighth Circuit authority, the court observed that the ECPA prohibits all wiretapping that is not specifically exempted by the statute.

No doubt this was a tough case – a parent fearing for the safety of his or her child might have strong reasons to resort to eavesdropping to protect the child. But the court was hamstrung – “[w]hile the notion that a parent or guardian should be able to listen to a child’s conversations to protect the child from harm may have merit as a matter of policy, it is for Congress, not the courts, to alter the provisions of the statute.”

The court ordered the defendant and her father (who had transcribed the recordings) to pay $10,000 to each of the offended plaintiffs. The defendant’s lawyer who had distributed the recordings to the guardian ad litem and others was found to have violated the ECPA but was not ordered to pay any money damages.

March 3, 2011 Computer Crime, Litigation

What is a reasonable cost that should count as loss under the Computer Fraud and Abuse Act?

1st Rate Mortg. Corp. v. Vision Mortgage Services Corp., 2011 WL 666088 (E.D.Wis. Feb. 14, 2011)

The Computer Fraud and Abuse Act (CFAA) is a popular weapon that employers use against former employees who steal information on the job. But since the employees just use their credentials to get information off the server, there really is no security breach that occurs in those inside jobs.

So you might tend to agree that the employer overreacts when, after discovering the nefarious acts of its employees, it conducts a thorough and expensive security analysis of its whole system. Just delete the offending employees’ accounts and move on, right?

And this overreaction shouldn’t give the employer something to sue over that it would not have had if it reacted reasonably to the threat, don’t you think? After all, plaintiffs have a duty to mitigate their damages.

The defendants (accused former employee information thieves) in a recent federal case in Wisconsin argued along these lines in their summary judgment brief. But the court did not buy it at the summary judgment stage – whether a CFAA plaintiff’s reaction to alleged theft is “reasonable” should be answered by the jury.

The CFAA allows a plaintiff to recover its “loss.” And courts have interpreted the term “loss” to include the cost of responding to a security breach. But the statute says that loss includes the “reasonable cost to any victim.”

In this case, defendants argued that the employer’s overreaction in doing a system-wide analysis caused the employer to incur an unreasonable (and therefore uncompensable) cost. The court held, however, that “[w]hat matters is whether the employer’s reaction was reasonable, not whether it was strictly necessary to continuing in business.” A jury may well conclude the reaction and its related costs were appropriate.

March 1, 2011 Computer Crime

Decision suggests that sexting by minors would violate federal child porn laws

Clark v. Roccanova, 2011 WL 665621 (E.D. Ky. February 14, 2011)

Is there a violation of the federal laws against child pornography when the accused himself is a minor? A Kentucky federal court says yes.

Three 14-year-old boys allegedly “coerced, enticed and persuaded” a 14-year-old girl to make a sexually explicit video. Later the three boys transmitted the video over the internet. The girl filed a civil suit against the boys for violations of 18 USC §§2251 and 2252.

The defendants moved to dismiss, arguing that the statutes covered only the conduct of adults. The court rejected that argument. It found that nothing in the plain language of the statutes, nor in the legislative history, supported such an interpretation.

Both statutes prohibit creation, possession and transmission of child pornography by any “person.” While “person” is not defined in 18 U.S.C. §2256, the statute’s definition of “identifiable minor” begins by stating that a minor is a “person.” 18 U.S.C. § 2256(9)(A). The court found that indicates that “person” is meant to refer to an individual of any age, not just an adult.

Scroll to top