Blog

March 8, 2006 Computer Crime

Loading software onto a computer is a “transmission” under the Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act, at 18 U.S.C. §1030(a)(5)(A)(1), imposes liability upon a person who “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer.”

In the recent Seventh Circuit case of International Airport Centers, L.L.C. v. Citrin, the plaintiff provided one of its employees with a laptop computer for him to use in connection with his work. The employee quit his job to start up a competing business. Before he turned in his laptop, however, he used a “secure-eraser” program to irretrievably delete the files on the laptop. According to the plaintiff’s version of the story, the defendant deleted not only information he had gathered as part of his job, but also information that would have demonstrated his improper conduct.

The plaintiff claimed that this conduct subjected the defendant to liability under the Computer Fraud and Abuse Act, and it filed suit in the U.S. District Court for the Northern District of Illinois. The district court dismissed the Computer Fraud and Abuse Act claim, holding that as a matter of law, the defendant’s alleged conduct did not give rise to a violation of the Act. Specifically, the district court determined that installing the program used to delete the material off the computer did not constitute a “transmission” as contemplated by the Act.

The Seventh Circuit disagreed and reversed the decision of the lower court. Departing from the lower court’s conclusion that a “transmission” under the Computer Fraud and Abuse Act requires some sort of “shipment or delivery of a code or a program,” the court found that the precise mode of transmission of the program onto the computer did not matter. The copying onto the hard drive, whether done through a download over the Internet, or by loading off of a disk, satisified the statutory requirement of “transmission.”

The Court of Appeals sent the case back to the District Court.

International Airport Centers, L.L.C. v. Citrin, (Slip Op.) No. 05-1522 (7th Cir. March 8, 2006).

March 7, 2006 Miscellaneous

Court okays unjust enrichment claim in content scraping case

Plaintiff ShopLocal sued defendant Cairo, its competitor in the online advertising industry. ShopLocal accused Cairo of unauthorized use of a content scraper, whereby Cairo accessed and republished advertisements created by ShopLocal. [Read about other litigation involving Cairo.]

In addition to claims under the Computer Fraud and Abuse Act [18 U.S.C. 1030 et seq.] and for common law trespass to chattel, ShopLocal asserted claims for breach of contract and unjust enrichment. Cairo moved to dismiss the unjust enrichment claim, asserting that ShopLocal should not be permitted to recover for both breach of contract and unjust enrichment in the same action. Because ShopLocal had not pled unjust enrichment as an alternative cause of action, Cairo argued, ShopLocal had failed to allege a claim upon which relief could be granted.

The U.S. District Court for the Northern District of Illinois rejected Cairo’s argument, and denied the motion to dismiss. The court held that under Illinois law, an unjust enrichment claim may be predicated on either a contract or tort theory. Because ShopLocal’s unjust enrichment claim was based in tort, it could stand alone without being pled in the alternative.

ShopLocal LLC v. Cairo, Inc., (Slip. Op.) 2006 WL 495942 (N.D. Ill., February 27, 2006).

March 3, 2006 Service of Process

Defendant bails, “nail and mail” fails, so e-mail of summons prevails

Service of process by e-mail allowed where traditional methods “impracticable.”

Plaintiffs Tishman and Wilkinson filed a lawsuit against defendant Pine, but had difficulty serving Pine with the summons. The plaintiffs tried the conventional methods of service under New York law, such as personal delivery. They even tried the “nailing and mailing” method by affixing a copy of the summons to the door of Pine’s residence, then sending a copy in the mail.

Tishman and Wilkinson had information, however, that led them to believe Pine was out of the country. Knowing this, they wanted to be sure that service was properly effected. Accordingly, they petitioned the court for permission to serve Pine by e-mail, pursuant to N.Y. C.P.L.R. §308(5), which allows service by such manner as the court directs, when the more conventional methods are “impracticable.”

The court allowed service of the summons to an e-mail address Pine had used in a classified ad listing his house for sale. The court held that given the uncertainty about the success of the attempted “nailing and mailing” effort, and the fact that the Pine’s attorneys wouldn’t give a clear answer as to where Pine was living, alternative service by e-mail was appropriate.

Tishman v. The Associated Press, (Slip Op.) 2005 WL 288369 (S.D.N.Y. February 6, 2006).

February 18, 2006 Personal Jurisdiction

Accessing out-of-state server provides basis for personal jurisdiction

Case presents atypical internet jurisdiction fact pattern.

Fact patterns dealing with personal jurisdiction arising from conduct on the Internet typically have the information service provider as the defendant, with the plaintiff as one who accessed that information. In a recent case from the U.S. District Court for the Northern District of Texas, however, that typical fact pattern is reversed.

Plaintiff Flowserve filed a lawsuit in a federal court against defendant Drago, a Missouri resident with no physical presence in Texas. Drago was accused of unlawfully accessing data and email servers located in Texas. Through this access, Flowserve alleged, Draco misappropriated confidential information with which he set up a competing enterprise.

In denying the defendant’s motion to dismiss for lack of personal jurisdiction, the court held that despite the lack of physical presence in Texas, Draco’s activities in accessing the server located in Texas contributed to the sufficient minimum contacts with the state to satisfy the International Shoe requirements. The court further determined that the exercise of personal jurisdiction comported with traditional notions of fair play and substantial justice.

Flowserve Corp. v. Midwest Pipe Repair, LLC, (Slip Op.) 2006 WL 265521 (N.D. Tex., February 3, 2006).

February 13, 2006 Podcasts

InternetCases.com Podcast — February 13, 2006

Do websites have to comply with the Americans With Disabilities Act?



Download the podcast

This edition of the InternetCases.com Podcast addresses the recent case filed against Target Corporation, alleging that the Target.com website violates a California state law modeled after the Americans With Disabilities Act.

Running time: 6 min. 9 sec.
File size: 3.04 MB

Cyberlaw Central (mentioned in the podcast)

Music courtesy of Blandy under a Creative Commons license.

If you enjoy listening to the InternetCases.com Podcast, please vote for it at Podcast Alley.

Technorati:



February 10, 2006 Miscellaneous

Does FON have some legal hangups?

There was some buzz this past week with the announcement that Skype and Google have both put their support behind the startup known as FON. Simply stated, FON provides the means for broadband subscribers to share their Internet connections with others through wi-fi hotspots. It’s a good idea in principle, but as this article from Forbes.com points out, the endeavor is not without its potential legal obstacles.

As the Forbes.com article observes, FON is cavalierly moving forward even though many broadband users’ agreements with their ISPs prohibit the sharing of accounts. Aside from these contract issues, some other possible questions concerning individual liability for FON users remain.

For example, what if a user sharing a connection distributed infringing content through that connection? Would the primary subscriber be considered an online “service provider” as that term is used in the safe harbor provisions of Section 512 of the Digital Millennium Copyright Act? Perhaps, but that’s probably not what members of Congress had in mind nearly a decade ago when they drafted the DMCA.

What about liability for making defamatory statements through a shared connection? Would the primary subscriber be immune from liability as a publisher under Section 230 of the Communications Decency Act? Once again, although there’s a good chance that the subscriber would find immunity under statute, the situation is quite different than that contemplated by the drafters of the legislation being applied. [More on Section 230 immunity]

Finally, what about distribution of obscene or illegal content? The average Internet user might be a bit uneasy about his or her IP address being associated with illegal pornography or the “chatter” of terrorists.

FON’s FAQ page states unambiguously that users would not be responsible for “illicit” activities of others conducted through a shared Internet connection. Perhaps that’s true, but a wise consumer should question whether the answer is as clear as FON would like it to be.

Technorati:





February 8, 2006 Trademarks

No relief for prostitution website owner

Court wouldn’t enter injunction where plaintiff had “unclean hands”

Plaintiff First Global Communications operates a website called “World Sex Guide.” In 2000, First Global got a federal trademark registration for the name of its site, to be used in connection with “guides in the field of travel and entertainment.” Defendant Powertools Software was the web developer that First Global hired to build the site.

First Global sued Powertools in federal court in the state of Washington, claiming that Powertools had set up several other websites that were illegally trading on the goodwill associated with the World Sex Guide trademark, and diverting visitors from the site. This act of diverting traffic was especially egregious, First Global claimed, since most of the content on the website consists of “travel reports” submitted by the site’s members. First Global asked the court to enter a preliminary injunction, ordering Powertools to stop diverting traffic and to turn over several domain names.

As it turns out, First Global’s site is a bit more than merely a guide to “travel and entertainment.” In fact, the site consists largely of information about how and where to pick up prostitutes, as well as advice on avoiding law enforcement efforts. Because of its content, the court determined that the website served an illegal purpose.

In reaching this conclusion, the court rejected First Global’s argument that the site’s content does not illegally advance prostitution. It also rejected First Global’s argument under the First Amendment, holding that “speech that aids or abets criminal activity can be prohibited.”

The court determined that entering an injunction “would have the effect of encouraging illegal activity and would serve an unconscionable purpose.” Relying on the equitable maxim that “those who seek equitable relief must come to court with clean hands,” the court refused to enter a preliminary injunction against Powertools.

First Global Communications, Inc. v. Bond et al., 2006 WL 278566 (W.D. Wash., Feb. 3, 2006).

Technorati:


January 30, 2006 Copyright

Google caching not copyright infringement

Suit by plaintiff who “manufactured” claim against Google dismissed on summary judgment.

The Google search engine uses an automated program called the “Googlebot” to crawl the World Wide Web, indexing the information that is contained on billions of pages. During this process, Google makes and analyzes a temporary copy of each page the Googlebot encounters, and stores those copies on the Google servers. These stored copies are referred to as “cached” versions.

For years, Google has provided to its users links not only to the original location of web pages, but also provides links to the cached versions. A cached version shows how a particular page appeared the last time the Googlebot visited it, and also presents the user’s search terms, where they appear on the page, in highlighted text. A cached version may also provide a copy of a page that no longer exists on the server where it was originally published.

People generally agree that Google provides a useful service by making the cached versions available, and most website publishers consent to their pages being indexed in this way. Publishers who do not want Google to index their content can simply add a few lines of HTML to their pages, which instruct the Googlebot not to index those pages. This method is widely known among web developers.

Blake Field is an author who published his own literary works online. Although he knew how to include the HTML in his pages which would prevent the Googlebot from indexing his site, he left out those instructions. Eventually, Google indexed the pages containing Field’s works, and links to cached versions of the pages began showing up in Google search results.

In 2004, Field sued Google in federal court in Nevada. He alleged that by allowing users to download cached versions of his web pages, Google was infringing on the copyright to his literary works. Both Field and Google moved for summary judgment in the case, and the court ruled in favor of Google, dismissing the suit.

Google raised a number of affirmative defenses against Field’s claim of copyright infringement, and the court ruled in Google’s favor on each of them.

Implied license

The court held that Field had impliedly given Google a license to provide cached copies of his works. Of particular importance was the fact that Field knew how to prevent Google from redistributing cached versions of his work, but chose not to enact such measures. The court found that Field instead made a conscious decision to permit the caching. Accordingly, the conduct could be “reasonably interpreted as the grant of a license . . . for that use.”

Estoppel

The court also held that Field was estopped from claiming that Google had engaged in copyright infringement. On this defense, Google successfully demonstrated that (1) Field knew of Google’s allegedly infringing conduct beforehand, (2) Field intended for Google to believe it had a right to cache the pages, (3) Google was unaware of Field’s true intentions, and (4) Google detrimentally relied on Field’s conduct.

Fair use

Perhaps the most provocative portion of the court’s decision comes from its holding that Google’s providing of the cached links was protected under the doctrine of fair use. Looking at the factors set forth in Section 107 of the Copyright Act [17 U.S.C. §107], the court found that the functions served by the cached copies, e.g., showing how a page appeared in the past and highlighting search terms, made them sufficiently transformative of the original use of the pages. Even though Google provided cached copies of the entire works, the court found such use permissible, because “[w]ithout allowing access to the whole of a Web page, the Google Cached link cannot assist Web users (and content owners) by offering access to pages that are otherwise unavailable.” Finally, the court found that there was no evidence that Google’s cached copies adversely affected any market for Field’s works.

Field v. Google, — F.Supp —, No. 04-CV-413 (D.Nev., January 19, 2006).

Technorati:


January 25, 2006 Computer Crime

Computer Fraud and Abuse Act protects independent security contractor

In the case of U.S. v. Millot, the Eighth Circuit has upheld the conviction of a former systems analyst under the federal Computer Fraud and Abuse Act, 18 U.S.C. §1030 et seq. (“CFAA”). The appellate court affirmed the lower court’s determination that the independent contractor that was hired to fix a security problem caused by the defendant’s conduct was a “victim” as provided for under the CFAA.

When defendant Millot worked for a large pharmaceutical company, he was responsible for disabling remote access to the company’s servers once employees left the company. When Millot himself left the company, he devised a way to maintain remote access to the servers. Using this unauthorized means of access, Millot deleted the account of a high-ranking IT employee.

After Millot left the company, but before he deleted the accounts, the company outsourced all network security responsibilities to IBM. It was therefore up to IBM to restore the account and perform a security audit. IBM employees spent in excess of 400 hours un-doing the damage that Millot had done, and it billed out its employees’ time at $50 per hour, for a total cost of $20,000.

Millot was charged under the CFAA, and the matter proceeded to trial. In its instructions to the jury, the lower court classified IBM as a “victim” under the CFAA. The jury found that the costs incurred in fixing the security problem resulted in damages in excess of $5,000, thus satisfying the $5,000 minimum required for a conviction under the CFAA.

Millot challenged the jury instructions, arguing that the costs incurred by IBM should not have been considered, because the computer system was owned by the company, not IBM. The court rejected this argument:

Although the damage was done to the [company’s] computer system, the [CFAA] does not restrict consideration of losses to only the person who owns the computer system, and the district court properly instructed the jury to consider losses sustained by IBM in determining whether the statutory minimum was met.

The court further held that the evidence put forth to show the costs incurred by IBM was sufficient to support the amount of damages which exceeded the statutory minimum.

U.S. v. Millot, 2006 U.S. App. LEXIS 430 (8th Cir., January 9, 2006).

Technorati:


January 13, 2006 DMCA

Hefty award to Sony in action against seller of PlayStation 2 “mod chips”

Court awards over $6 million in DMCA statutory damages

Defendant Filipiak ran an online business that sold, among other things, “mod chips” that allowed Sony PlayStation and PlayStation 2 consoles to play copied games. Sony filed suit against Filipiak under the Digital Millennium Copyright Act (“DMCA”), which makes it illegal to sell any device that is primarily designed or produced to circumvent a technological measure that effectively controls access to copyrighted works. 17 U.S.C. §1201(a)(2).

Filipiak stipulated to liability for selling circumvention devices. The court awarded Sony over $6 million in statutory damages under 17 U.S.C. §1203(c)(3)(A), which provides that

At any time before final judgment is entered, a complaining party may elect to recover an award of statutory damages for each violation of [17 U.S.C. § 1201] in the sum of not less than $200 or more than $2,500 per act of circumvention, device, product, component, offer, or performance of service, as the court considers just.

The court drew a number of noteworthy conclusions in arriving at the damages figure. First, it held that §1203(c)(3)(A) authorizes a separate award of statutory damages for each device sold. (Filipiak had sold thousands of devices.) Next, the court looked to §504 of the Copyright Act (17 U.S.C. §504) to help it construe the meaning of the word “just” as it appears in §1203. No previous case had construed the meaning of the term in §1203, so the attorney’s fees provision of §504 provided guidance.

The amount of damages was calculated by awarding $800 per mod chip sold before June 12, 2004, and the full amount of $2,500 per mod chip sold after June 12, 2004. On that date, Filipiak had signed a stipulated injunction in which he agreed to discontinue sales of the chips and related software. The court concluded that the sales made after Filipiak signed the agreement constituted a willful violation of the DMCA, thus justifying a higher amount of statutory damages.

Sony Computer Entertainment America, Inc. v. Filipiak, (Slip. Op.) 2005 WL 3556676 (N.D. Cal., December 27, 2005).

Technorati:




Scroll to top