CCPA claim against Apple thrown out on Section 230 grounds

Plaintiffs sued Apple after downloading a malicious app from the App Store. The claims included violation of the Computer Fraud and Abuse Act (“CFAA”), the Electronic Communications Privacy Act (“ECPA”), and the California Consumer Privacy Act (“CCPA). (Alphabet soup, anyone?)

The lower court granted Apple’s motion to dismiss these claims. Plaintiffs sought review with the Ninth Circuit Court of Appeals. On appeal, the court held that the lower court properly applied Section 230 immunity to dismiss these claims.

What Section 230 does

Section 230 (47 U.S.C. § 230) instructs that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” A defendant is not liable if it can show that (1) it is a provider of “interactive computer services” as defined by the statute, (2) the claim relates to “information provided by another content provider,” and (3) the claim seeks to hold defendant liable as the “publisher or speaker” of that information.

Why the CFAA and ECPA claims were dismissed

In this case, concerning the CFAA and ECPA claims, the court looked to Barnes v. Yahoo!, Inc., 570 F.3d 1096 (9th Cir. 2009) and concluded that the lower court properly found Section 230 immunity to apply. The duty that plaintiffs alleged Apple violated derived from Apple’s status or conduct as a “publisher or speaker.” It found that the claims referred, as the basis for culpability, to Apple’s authorization, monitoring, or failure to remove the offending app from the App Store. “Because these are quintessential “publication decisions” under  Barnes, 570 F.3d at 1105, liability is barred by  section 230(c)(1).”

Section 230 knocked out CCPA claim too

The data privacy count included allegations that Apple violated duties to “implement reasonable security procedures and practices” to protect the personal information of App Store users, in violation of  Cal. Civ. Code § 1798.100(e). The court said that it need not decide whether violations of such duties can be boiled down to publication activities in every instance or whether implementation of reasonable security policies and practices would always necessarily require an internet company to monitor third-party content. Citing to Lemmon v. Snap, Inc., 995 F.3d 1085 (9th Cir. 2021) the court found that in this case, at least, plaintiffs failed to plead adequately a theory of injury under CCPA that was “fully independent of [Apple’s] role in monitoring or publishing third-party content.”

Diep v. Apple, Inc., 2024 WL 1299995 (9th Cir. March 27, 2024)

VIDEO: What is the Apple antitrust lawsuit about?

On March 21, 2024, the U.S. government, 15 states and the District of Columbia filed an antitrust lawsuit against Apple. What is the case about?

The government says Apple built a dominant iPhone ecosystem, driving its high valuation. But Apple faced threats from other products, particularly Android devices. And in response, it didn’t offer lower prices or offer better terms to developers and consumers. Instead, it imposed complex rules and fees through its App Store and developer agreements, stifling innovation and limiting competition.

Apple’s actions have increased its smartphone dominance and expanded its control to digital wallets and smartwatches by restricting their compatibility with non-Apple products. And this has had broader implications in other industries. The government claims Apple has stifled innovation and competition tied to smartphone technology, such as financial services, entertainment, and more.

So the case seeks to address Apple’s anticompetitive behavior. It aims to restore competition, lower prices for consumers, reduce fees for developers, and encourage innovation. The case is particularly interesting in how it highlights the contrast between Apple’s early days as an innovative startup and its current status as a monopolist.

The government says that this has drastically hurt market competition and consumers.

Woz gets another (small) bite at the apple in YouTube bitcoin scam case

Apple co-founder Steve Wozniak sued YouTube and Google asserting various causes of action, including misappropriation of likeness, fraud, and negligence. The case arose from a common scam on YouTube, where popular channels are hijacked to show fake videos of a celebrity hosting a live event during which viewers are falsely told that anyone who sends cryptocurrency to a specified account will receive twice as much in return. Woz’s YouTube account was hijacked for these purposes, and several of the resulting victims joined him in the lawsuit.

The lower court tossed the case, holding that YouTube and Google were not liable because of Section 230 – which provides that the platforms could not be liable for the third party content giving rise to the scam. Woz and the other defendants sought review with the California Court of Appeal, which largely agreed with the lower court on the Section 230 issue, except for one part. The court allowed plaintiffs to file an amended complaint on this one issue.

Plaintiffs claimed that Google and YouTube contributed to scam ads and videos, thereby positioning defendants outside Section 230 immunity. They argued, among other things, that YouTube displayed false verification badges, thereby becoming active content providers contributing to the scam’s fraudulent nature.

The court found that although plaintiffs’ complaint suggested that defendants’ actions could strip them of Section 230 immunity by implying a level of endorsement or authenticity, the allegations were too conclusory as written to establish defendants as information content providers. So the court allowed for the possibility of amending these claims, indicating that a more detailed argument might better establish defendants’ direct contribution to the content’s illegality.

Wozniak v. YouTube, LLC, — Cal.Rptr.3d —, 2024 WL 1151750 (Cal.App. 6th Dist., March 15, 2024)

See also:

 

Apple’s civil hacking lawsuit against software maker moves forward

apple hacking

Apple sued defendant NSO, accusing it of, among other things, the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (the “CFAA”), The case dealt with NSO’s creation and distribution of “Pegasus,” a piece of software Apple claimed was capable of covertly extracting information from virtually any mobile device.

Apple alleged NSO fabricated Apple IDs to gain access to Apple’s servers and launch attacks on consumer devices through a method known as “FORCEDENTRY.” This exploit, characterized as a “zero-click” attack, allowed NSO or its clients to infiltrate devices without the device owners’ knowledge or action. The repercussions for Apple were significant, as the company reportedly faced considerable expenses and damages in its efforts to counteract NSO’s activities. These efforts included the development and deployment of security measures and patches, as well as increased legal exposure.

Defendant moved to dismiss the claims. The court denied the motion.

In finding that Apple had properly pled the CFAA claim, the court noted that Apple’s allegations aligned with the anti-hacking intent of the CFAA. Despite NSO’s contention that the devices in question were not owned by Apple and thus not protected under the CFAA, the court observed that Apple’s claims extended to the exploitation of its own servers and services, fitting within the statute’s scope.

Apple Inc. v. NSO Group Technologies Ltd., 2024 WL 251448 (N.D. Cal. January 23, 2024)

 

Court sides with Apple in copyright dispute over photo in iPhone commercial

Plaintiff photographer took a photo that Apple used in an April 2010 TV commercial for the iPhone 3GS. The 30-second commercial showed the photo for about 5 seconds. Plaintiff sued for copyright infringement, claiming Apple did not have the proper license to use the photo. She sought to recover Apple’s “indirect profits” on iPhone sales attributed to the infringement. Apple moved for partial summary judgment on the issue of damages, arguing such damages were “impermissibly speculative.” The court granted the motion.

Apple made four arguments showing a lack of a causal nexus between the use of the photo and plaintiff’s claim for profits. First, Apple contended that plaintiff proffered no evidence to support her claim that the photo itself caused any sales. Second, Apple argued that the iPhone was “well established in the consumer marketplace” at the time of the commercial which made it impossible to ascribe iPhone 3GS sales to the use of a single commercial, let alone one image in a single commercial. Third, two additional commercials ran during the time period that the commercial ran, each featuring different applications that can be used on an iPhone. Fourth, overall sales of the iPhone decreased during the relevant time period, February 28, 2010 to May 29, 2010, which is the time during which the commercial aired and the month immediately preceding and following that period.

The court found that plaintiff proffered no evidence that the use of the photo caused any iPhone 3GS sales, nor that the commercial did itself. The photo was integrated into no more than five seconds of a 30–second commercial where numerous images and various product functions were displayed. There was no evidence showing that sales resulted from the mere use of the photo. The court noted that as a threshold matter, it was plaintiff’s burden to establish a causal connection to some portion of profits before Apple would have to carry the burden of apportioning profits that were not the result of infringement. The court found that plaintiff did not proffer any evidence directly related to causation or even a method for showing that the alleged infringement actually influenced customers.

It’s important to note that this decision does not mean Apple has gotten away with copyright infringement. The decision is on the measure of damages, not liability (which remains an open question). Moreover, this case deals just with the question of actual damages under the Copyright Act. Plaintiff may yet assert an entitlement to statutory damages, which could range anywhere from $750 to $150,000.

Thale v. Apple Inc., 2013 WL 3245170 (N.D.Cal. June 26, 2013)

[Updated 7/2/13 to add last paragraph.]

DMCA takedown notices are not just for content

Apple using the DMCA to stop early sales of iOS 6.

The infamous Digital Millennium Copyright Act takedown process gets quite a bit of press when content owners such as movie studios and record companies use it to take infringing copies of films or music offline. The safe harbor provisions of the DMCA are at the heart of content-distribution platforms’ defenses against infringement occasioned by users of the platform. (Think Viacom v. YouTube.)

Apple reminds us, however, that the DMCA gives all copyright owners — not just those who own copyrights in content — a mechanism for getting infringing works off the internet. According to this piece on Engadget, Apple has been contacting hosting providers of sites that offer unauthorized copies of the forthcoming iOS 6 for sale.

So the DMCA, acting in the name of copyright protection, provides a remedy for software providers to keep the clamps on parties who may have access to software for their own use (in this case, iOS developers) but go outside the bounds of such use and offer the technology for sale to others.

IBM’s Siri ban underscores important business concern over trade secrets

IBM doesn’t let its employees use Siri, out of concern Apple may store and use sensitive IBM data. This decision on IBM’s part underscores an important business concern that companies of all sizes — not just behemoths like IBM — either have or should have.

internet anonymity

Apple’s data usage policy that governs how it treats Siri inquiries says that Apple can use the information it collects to, among other things, improve the service. That’s a pretty broad grant of authority. Because the system that makes Siri available is so complex and multifaceted, Apple could reasonably justify extracting and using the information contained in just about any question people ask Siri. When that information comes from another major player in the competitive space, the implications of the appropriation of proprietary information become obvious.

IBM’s big concern is likely focused squarely on the protection of its trade secrets. State law provides the contours of trade secrets law, so the elements vary from state to state. But in general, a company can enforce its exclusive rights to possess and use information that (1) gives that company a competitive advantage, and (2) which is subject to efforts to keep secret. That latter part — keeping the information secret — is a big reason for nondisclosure agreements, password protected servers, and sensible restrictions on employee use of third party technologies (like social media and search tools like Siri).

Evan Brown is a Chicago technology and intellectual property attorney, representing businesses and individuals in a variety of situations, including matters dealing with the identification and protection of confidential business information.

Photo credit: Spec-ta-cles under this license.

Ninth Circuit: Apple did not engage in copyright misuse by restricting OS X to Apple hardware

Apple Inc. v. Psystar Corp., — F.3d —, 2011 WL 4470623 (9th Cir. September 28, 2011) [PDF]

Back in 2008, Apple sued Psystar for copyright infringement arising from Psystar’s manufacture and distribution of computers preloaded with copies of Mac OS X. Psystar lost at the trial court level, with the judge rejecting its argument that Apple engaged in anti-competitive, “copyright misuse” by requiring in its OS X software license agreement that the operating system be used only on Apple hardware. Psystar sought review of this ruling. On appeal, the Ninth Circuit affirmed.

Copyright misuse is a defense (not an independent cause of action) that one sued for infringement can raise. Courts will find that a plaintiff has engaged in copyright misuse if the enforcement of the plaintiff’s copyright will restrain the development of competing products. In this case, Psystar claimed that Apple’s enforcement of its software license restrained the development of competing hardware.

The court rejected that argument because Apple’s enforcement of its software license agreement, requiring that the software be used only on Apple hardware, did not restrict Psystar from developing its own software. The court found that:

Apple’s [software license agreement] does not restrict competitor’s [sic.] to develop their own software, nor does it preclude customers from using non-Apple components with Apple computers. Instead, Apple’s [software license agreement] merely restricts the use of Apple’s own software to its own hardware. . . . Psystar produces its own computer hardware and it is free to develop its own computer software.

This case solidifies Apple’s approach to enforcing a controlled, closed ecosystem for the distribution of software used for Macs and iDevices. Now that a federal court has found that Apple is not playing unfairly by keeping its users from loading Apple software onto non-Apple hardware, the company can likewise maintain the technological controls that ensure only approved applications are used in connection with the operating systems. Marketplaces for third-party hardware running Apple software would greatly lower the entry barrier for hackers and enthusiasts to play outside of the rules. But this decision from the Ninth Circuit keeps those rules firmly in place.

Apple vs. the Big Apple charity over apple-shaped logos

Apple, Inc. is seeing red over New York City’s attempts to register a trademark for green-friendly services, and the dispute challenges one of Apple’s trademark registrations for its ubiquitous logo.

Apple comparison

Apple has filed an Opposition (No. 91/181,984) with the United States Patent and Trademark Office’s Trademark Trial and Appeal Board against NYC & Company, Inc.’s attempts to register the “Infinite Loop Apple” design mark (shown above at left). Apple asserts that use of NYC’s mark would likely cause confusion with Apple’s famous logo (shown at right) especially given the presence of Apple’s flagship Manhattan retail location.

NYC’s application states the mark is to be used for, among other things, promoting “education on environmentally friendly policies and practices of the City of New York” (See Application Nos. 77/179,942 and 77/179,968). Apple claims that confusion would be likely because of the similarities in appearance and commercial impression between the marks, and because certain of the goods and services recited by NYC are identical or highly related to goods and services offered under the Apple mark.

NYC answered the Notice of Opposition and filed a Counterclaim seeking to cancel Apple’s registration for the logo as used in connection with “mugs, dishes, drinking glasses, and wine glasses.” NYC claims that Apple procured the registration through fraud, because it knowingly misrepresented that it was using the mark in connection with those goods on its Declaration of Use and Renewal Application under sections 8 & 9 of the Trademark Act, when it fact no such use was being made. If the Board finds such fraud, Apple faces cancellation of its entire registration for those goods. Fraud has been a recurring issue before the TTAB of late, as evidenced by this recent post from John Welch’s TTABlog.

Apple, of course, denies the allegations of fraud. In any event, if the cancellation is successful, Apple’s most important marks (i.e., for computer hardware) would remain intact.

Time will tell whether Apple’s efforts to protect its mark will bear fruit. The company probably feels even more incentive to keep others from trading on its reputation and goodwill after hearing about this recent study, which found that people who see the Apple logo may feel more creative.

Filter maker says Apple’s trademark threats a bunch of hot air

“Lowest perceptive capabilities.” Is that code for “a moron in a hurry“?

Chicago-based BlueAir, Inc. has apparently been getting some threats from Apple over BlueAir’s pending trademark registration for the mark AIRPOD, to be used in connection with desk top air purifiers. Apple says AIRPOD will infringe on the IPOD mark.

BlueAir has gone on the offensive, asking the U.S. District Court for the Northern District of Illinois to enter a declaratory judgment of no infringement.

The heart of BlueAir’s allegations are as follows:

“There is no reasonable likelihood of confusion, mistake, or error in the marketplace for persons of even the lowest perceptive capabilities who are seeking an iPod music player considering or buying an AIRPOD desktop air cleaner instead.”

This dispute has been going on for a few months, and it is interesting to see suit filed now, to essentially coincide with the introduction of the MacBook Air.

BlueAir, Inc. v. Apple, Inc., No. 08-427 (N.D. Ill. filed January 18, 2007)
[Download the Complaint]

Scroll to top