MediaTech Law

By MIRSKY & COMPANY, PLLC

We’ve Updated our Terms of Use!

Why are they sending me this information, and what am I supposed to do with it? You’ve just received an email like the one below from Uber, or from one of your various subscription services, credit card companies, banks, ISPs or any of a zillion different web applications:

SUBJECT: We’ve Updated our Terms of Use

Hi Andrew, we’ve been able to bring Uber to more than 400 cities in 72 countries. And that’s in just a little over 6 years. In light of that growth and some changes to our services, we’ve made some updates to our US Terms of Use

They have your attention. You sit up alert in your chair, you rub your eyes and read on. The company then sometimes offers a summary of the changes, often in as cheery and euphemistic a way as possible, with statements like “We revised our arbitration agreement which explains how legal disputes are handled”, or “We have updated our Terms of Use regarding the ways in which we may contact you.” All, no doubt, good things.

Turns out, noone actually reads these updates. That last sentence is not meant as sarcasm. The non-partisan Stanley Roper Polling Organization actually published a study that concluded “Noone actually reads these updates.” Editor’s Note: There is no such organization and there was no such study. Evidently. Although Andrea Peterson reports in The Washington Post about a 2008 study (about privacy policies) that concluded “it would take a staggering 244 hours a year for the average American to read the privacy policies of every site they visit over the course of a year.”

Read More

Blogs and Writings We Like

This week we highlight 3 fine writers discussing timely subjects in media tech law: Beverly Berman writing about website terms of service and fair use, Leonard Gordon writing about “astroturfing” in advertising law, and John Buchanan and Dustin Cho writing about a gaping coverage gap with cybersecurity insurance.

Hot Topic: Fake News

Beverly Berneman’s timely post, “Hot Topic: Fake News” blog post (on the “IP News For Business” blog of Chicago firm Golan Christie Taglia), offers a simple cautionary tale about publishing your copyrighted artwork on the internet, or in this case publishing on a website (DeviantArt) promoting the works of visual artists. One such artist’s posting subsequently appeared for sale, unauthorized, on t-shirts promoted on the website of another company (Hot Topic). The aggrieved artist then sought recourse from DeviantArt. Berneman (like DeviantArt) pointed to DeviantArt’s terms of use, which prohibited downloading or using artwork for commercial purposes without permission from the copyright owner – leaving the artist with no claim against DeviantArt.

Berneman correctly highlights the need to read website terms of use before publishing your artwork on third party sites, especially if you expect that website to enforce piracy by other parties. Berneman also dismisses arguments about fair use made by some commentators about this case, adding “If Hot Topic used the fan art without the artist’s permission and for commercial purposes, it was not fair use.”

What we like: We like Berneman’s concise and spot-on guidance about the need to read website terms of use and, of course, when fair use is not “fair”. Plus her witty tie-in to “fake news”.

*            *            *

NY AG Keeps up the Pressure on Astroturfing

Leonard Gordon, writing in Venable’s “All About Advertising Law” blog, offered a nice write-up of several recent settlements of “Astroturfing” enforcement actions by New York State’s Attorney General. First, what is Astroturfing? Gordon defines it as “the posting of fake reviews”, although blogger Sharyl Attkisson put it more vividly: “What’s most successful when it appears to be something it’s not? Astroturf. As in fake grassroots.” (And for the partisan spin on this, Attkisson follows that up with her personal conclusions as to who makes up the “Top 10 Astroturfers”, including “Moms Demand Action for Gun Sense in America and Everytown” and The Huffington Post. Ok now. But we digress ….)

The first case involved an urgent care provider (Medrite), which evidently contracted with freelancers and firms to write favorable reviews on sites like Yelp and Google Plus. Reviewers were not required to have been actual urgent care patients, nor were they required to disclose that they were compensated for their reviews.

The second case involved a car service (Carmel). The AG claimed that Carmel solicited favorable Yelp reviews from customers in exchange for discount cards on future use of the service. As with Medrite, reviewers were not required to disclose compensation for favorable reviews, and customers posting negative reviews were not given discount cards.

The settlements both involved monetary penalties and commitments against compensating reviewers without requiring the reviewers to disclose compensation. And in the Carmel settlement, Carmel took on affirmative obligations to educate its industry against conducting these practices.

What we like: We like Gordon’s commentary about this case, particularly its advisory conclusion: “Failure to do that could cause you to end up with a nasty case of “turf toe” from the FTC or an AG.” Very nice.

*            *            *

Insurance Coverage Issues for Cyber-Physical Risks

John Buchanan and Dustin Cho write in Covington’s Inside Privacy blog about a gaping insurance coverage gap from risks to physical property from cybersecurity attacks, as opposed to the more familiar privacy breaches. Buchanan and Cho report on a recently published report from the U.S. Government’s National Institute of Standards and Technology (NIST), helpfully titled “Systems Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems”. Rolls off the tongue.

The NIST report is a dense read (257 pages), and covers much more than insurance issues, in particular recommendations for improvements to system security engineering for (among other things) critical infrastructure, medical devices and hospital equipment and networked home devices (IoT or the Internet of Things).

Buchanan and Cho’s post addresses insurance issues, noting that “purchasers of cyber insurance are finding that nearly all of the available cyber insurance products expressly exclude coverage for physical bodily injury and property damage”.

What we like: Insurance is always an important and underappreciated business issue, with even less public understanding of the property and injury risks to (and coverage from) cyber damage. We like how Buchanan and Cho took the time to plow through an opaque government report to tell a simple and important story.

Read More

Website Policies and Terms: What You Lose if You Don’t Read Them

When was the last time you actually read the privacy policy or terms of use of your go-to social media website or you favorite app? If you’re a diligent internet user (like me), it might take you an average of 10 minutes to skim a privacy policy before clicking “ok” or “I agree.” But after you click “ok,” have you properly consented to all the ways in which your information may be used?

As consumers become more aware of how companies profit from the use of their personal information, the way a company discloses its data collection methods and obtains consent from its users becomes more important, both to the company and to users.  Some critics even advocate voluntarily paying social media sites like Facebook in exchange for more control over how their personal information is used. In other examples, courts have scrutinized whether websites can protect themselves against claims that they misused users’ information, simply because they presented a privacy policy or terms of service to a consumer, and the user clicked “ok.”

The concept of “clickable consent” has gained more attention because of the cross-promotional nature of many leading websites and mobile apps. 

Read More

Employers Should Not Assume IP Assignments are Valid, and Employees Should Take Care to Protect Previously Created IP

An interesting IP assignment and employment case comes out of Wyoming.  Yes, you heard that right, Wyoming.  A nice summary of the issue was given by William Lenz and Jessica Rissman Cohen:

It is a common misconception that an employer automatically owns all rights to the patents invented by its employees. The general rule is that, in the absence of an agreement to the contrary, an invention and any patents covering that invention belong to the employee/inventor. (emphasis added)

And that’s why employers often require new employees to sign “Inventions Agreements”, or similar agreements under various names such as “Assignment of Intellectual Property” or “Proprietary Rights Ownership Agreement”, the purpose of all of which is the same: To remove any ambiguity as to ownership of intellectual property created during the employment relationship.

To be clear, this an intellectual property problem unique to patents.  Copyrights, for example, are deemed automatically “work made for hire” when created under an employment relationship, even in the absence of an IP assignment agreement such as those mentioned above.  Indeed, Section 101 of the Copyright Act expressly defines a “work made for hire” as “a work prepared by an employee within the scope of his or her employment.  Although this being the law and lawyers being lawyers, there are cases challenging whether an employee is in fact an “employee”, and by extension challenging whether an individual’s work is a “work made for hire” in the absence of an assignment agreement.  Community for Creative Non-Violence v. Reed, 490 U.S. 730 (1989).

Read More

Liability for Data Loss in the Cloud: Why No One Accepts Liability? Why Carve it Out?

Why is liability for data loss typically carved out or tightly limited in cloud service and IT outsourcing contracts?  A common disclaimer in contracts for cloud services (and sometimes plain old IT outsourcing) runs like this:

You agree to take full responsibility for files and data transferred, and to maintain all appropriate backup of files and data stored on our servers. We will not be responsible for any data loss from your account.  (From http://techtips.salon.com/liability-loss-data-under-hosting-agreement-2065.html (emphasis added))

What is the Liability from Data Loss?

First, what exactly is the liability – from data loss – that is being disclaimed?  What is the risk?  For that, we turn to Dan Eash writing in Salon’sTech Tips”:

  1. Your site might be corrupted by hackers and spammers because your host didn’t properly secure the servers.
  2. Your host might do weekly backups, but something goes wrong and you lose days of work.
  3. You might have customers in a hosting reseller account who lose data because the host you bought the account from didn’t do regular backups.
  4. You might even have an e-commerce site where new customers make daily purchases.  If something goes wrong, how do you restore lost orders and customer details without a current backup?

I would add a 5th scenario: You just don’t know. 

Read More

E-SIGN and Copyright: Uploading Photos to Website Equals Consent (and Copyright Assignment)

Does use of a website constitute implicit consent to the site’s Terms of Use (TOU)?  And if the TOU provides for copyright assignment, does that use thus constitute a valid assignment of copyright under the federal Copyright Act?  Those were the questions last August before the US District Court for the District of Maryland, which granted the real estate multiple-listing service known as “Metropolitan Regional Information Systems” (MRIS) a preliminary injunction against defendant American Home Reality Network (AHRN).  The court’s opinion can be found here.  The case was discussed in some detail by RIS Media, a real estate technology blog, particularly the role of electronic signatures under the federal E-SIGN Act for valid assignments under the Copyright Act.

The court enjoined AHRN from copying and uploading MRIS’ photographs to AHRN’s website Neighborcity.com.  Pamela Chestek, in her blog “Property, intangible”, points out that although the preliminary injunction was granted solely on the claim of infringement of photos in the MRIS database, MRIS had alleged infringement on its entire database. 

Read More

Copyright of “Public Facts”: Craigslist v. PadMapper (updated)

Craigslist was meant for the common good, or as founder Craig Newmark puts it, “doing well by doing good”.  At least, that has been its announced mission since it began as an email distribution among friends. Craigslist kept its mantra through its rise to Silicon Valley stardom, snubbing multi-million dollar buyout offers and fighting attempts to monetize the site along the way.

The physical layout of Craigslist hasn’t changed much over the years. Point your browser in its direction and, like an old friend, you’ll be greeted with the same underlined blue links you’ve known for years. Fans are legion, but so too are critics: Critics see stagnation in this comfort, some of whom have taken matters into their own hands through attempts at innovation. However, as some have already discovered, developing tools to work around (critics would say “enhance”) Craigslist’s simple functionality can invite legal response. Is an early darling of Silicon Valley showing a decidedly uglier side, or is Craigslist still simply looking out for the common good?

This past July, Craigslist filed a lawsuit in the US District Court, Northern District of California, alleging that apartment-hunting site PadMapper and its data exchange partner, 3Taps, unlawfully repurpose Craigslist postings and therefore undermine “the integrity of local Craigslist communities, ultimately harming both Craigslist and its users.”  While the complaint parallels Craigslist’s “common good” business model, 3Taps CEO Greg Kidd sees it differently. “We believe Craigslist is acting like a copyright troll,” Kidd recently told AllThingsD.  Kidd’s company provides PadMapper an API for data about Craigslist postings that 3Taps gathers via means it claims are not subject to Craigslist’s Terms of Use and that likewise do not violate Craigslist’s copyrights.

This isn’t the first time Craigslist has claimed such violations, including several now-shuttered earlier services built on top of Craigslist’s platform. In July 2010, Newmark took to Q&A site Quora to defend his company’s actions in a case similar to Padmapper’s, saying he did not take issue with sites that do not affect Craigslist’s servers. “Actually, we take issue with only services which consume a lot of bandwidth, it’s that simple,” Newmark wrote.

June 22: Craigslist sends Padmapper a cease and desist letter and blocks PadMapper from pulling CL ads (at least from doing so directly).  According to CL’s complaint (filed July 20th), traffic to Padmapper immediately plummeted.  

PadMapper claims not to siphon off Craigslist’s servers. Through its partnership with 3Taps, PadMapper accesses a database of Craigslist listings found and organized from search engines including Google and Bing.

 July 9: Padmapper re-launches using 3Taps data.

July 20: Craigslist sues 3Taps and Padmapper.  CL claims:

  • Copyright infringement (for the CL site and for CL listings)
  • Contributory copyright infringement (against 3Taps)
  • Breach of contract (TOS)
  • Trademark infringement
  • Trademark dilution
  • Unfair trade practices

Perhaps that’s why Craigslist is now requiring users to “expressly grant and assign to Craigslist all rights” to enforce the copyright. Other sites like Yelp! and Facebook only require a non-exclusive license to their users’ content. But even if courts interpret this as a legally binding transfer of copyright to Craigslist, facts, like those in classified listings, often cannot be copyrighted. Therefore, it is possible that details such as an apartment’s price, address and number of bedrooms will not be protected.

This is of course Greg Kidd’s argument. “No Terms of Use can ride roughshod over the fact that there is no copyright in facts,” Kidd says. “Padmapper’s use of exchange posting is not infringing use. It is fair use or free use … of public facts.” According to Kidd, PadMapper could just be the beginning to what could be, “a whole class of use case conflicts if this stands.” Via this interpretation, as Kidd sees it, “a [Craigslist] posting retweeted via Twitter is going to be just as problematic as one through PadMapper.”

This argument inelegantly ignores 2 obstacles under contract and copyright.

Contract

First contract law, by virtue of the binding nature of Craiglist’s TOU as a contract.  So, as Craigslist notes in its complaint:

[3Taps and Padmapper] regularly accessed the CL website and affirmatively accepted and agreed to the [TOU] to, among other things, test, design, and/or use the software that allows Defendants to provide their services.  Likewise … Defendants regularly accessed the CL website with knowledge of the [TOU] and its prohibitions against copying, aggregating, displaying, distributing, performing and derivative use of the CL website and any content posted on the CL website … and regularly access the CL website and copied, aggregated, displayed, distributed, and made derivative use of the CL website and the content posted therein.

3Taps disagrees: 3Taps cannot be bound by Craigslist’s TOU, since 3Taps never touches Craigslist’s servers to obtain the data it provides via its API.  Says Kidd:

The [CL] data in question is indexed by public search engines and is made available in the public domain.  One does not have to belong to or even go to Craigslist to find this information on the description, price, and time of availability of a posting. The information is freely available in the public domain and is a fundamental component of transparency of supply and demand and price discovery that are the foundation of free markets.

Craigslist then says that 3Taps’ argument about not directly accessing data from Craigslist is absurd:

3Taps copies all of craigslist’s content – including time stamps and unique craigslist user ID numbers – and makes it available to third parties for use in competing websites or, for whatever other purpose they wish. On information and belief, 3Taps is obtaining this content by improperly accessing craigslist’s website and “scraping” content.

Copyright – Facts and Facts

Kidd’s “public domain” argument – challenging Craigslist’s private ownership of public “facts” – has its own problems.  That’s because there are public facts and … there are public facts. For starters, what makes an apartment listing a public fact? Arguably, an apartment listing is a private piece of information uniquely created and formatted by a landlord and Craigslist: How listed, what information is listed, what pricing, etc.  Perhaps not the most highly creative of copyright subject matters protected by “original works of authorship fixed in any tangible medium of expression” US Copyright Act (Title 17 US Code), but nonetheless protected by copyright.

No, Craigslist may not be able to protect names and addresses, but it may be able to protect Craigslist’s particular presentation of those names and addresses.  And Craigslist makes this very point in its complaint, claiming that 3Taps “displays craigslist’s copyrighted content in virtually identical visual fashion to the manner in which they appear on craigslist.”

August 1: After filing its July suit, Craigslist amends its TOU, telling users they were not permitted to cross-post their sales items anywhere else on the internet:

Clicking ‘continue’ confirms that Craigslist is the exclusive licensee of this content, with the exclusive right to enforce copyrights against anyone copying, republishing, distributing, or preparing derivative works without its consent.

August 5: Craigslist instructs all general search engines to stop indexing CL postings.

August 9: CL amends its TOU – again – to remove “exclusive license” language from its TOS:

Second, Craigslist may be able to rely on copyright arguments similar to those historically made by mapmakers and telephone book publishers, where the compilation of otherwise public facts is itself copyrightable. (See, for example, Feist Publications, Inc. v. Rural Telephone Service Co., 499 US 340 (1991).)  This argument, where the unique presentation, design, layout, or formatting give a compiler a copyright edge, still gives scant protection to the component parts, but it can give viability to a legal claim of misappropriation.

Other Arguments – Trademark and Unfair Competition

Craigslist makes other legal arguments, including most notably trademark infringement and dilution claims and California state law unfair competition claims.  These are subjects beyond the scope of the present discussion, although they do seem to raise the kinds of issues that the likes of Rockefeller Plaza in New York City deals with: Once a year, every year, the plaza is closed to public access in order to allow its owners to continue to assert their private ownership.   Perhaps Craigslist, too, feels some periodic necessity to remind its users that freedom of internet use is not free.

September 24: 3Taps files answer and counterclaim against CL.  Counterclaims:

  • Antitrust
  • Unfair competition
  • Interference with economic advantage

From 3Taps antitrust counterclaim complaint:

3taps is not alleging that craigslist acquired its widespread monopoly power improperly – far from it; craigslist should be applauded for bringing online classifieds into the modern age and achieving its initial dominance over various U.S. markets for the “onboarding” (i.e., the process of inputting and uploading factual content on the internet) of user-generated classified ads by those seeking a personal exchange transaction for various goods and services, including apartment rentals, jobs, personal services, general goods, and other sales.

What 3taps is complaining about is how craigslist has maintained (and continues to maintain) its monopoly power in these three related markets. Certainly, craigslist has not maintained this power by competing on the merits. Indeed, for years, craigslist has espoused the classic principles of a monopolist that believed it did not need to compete: a “strategy” of “unbranding,” “demonetizing,” and “uncompeting” —the epitome of a lethargic monopolist. And why not?  As an unchallenged monopolist across these various markets, craigslist has generated revenues somewhere between $100-$300 million per year, and that’s without sinking any significant costs into research and development or innovation.

September 24: Craigslist launches its own mapping capability.

Bruce Fryer, an intern with Mirsky & Company, PLLC, contributed to this post.

Read More

Pinterest: Fair Use of Images, Building Communities, Fan Pages, Copyright

When using Pinterest (and Flickr and YouTube and Facebook and on and on), what copyright, fair use, trademark and other issues weigh on building communities and fan pages and social media generally?  A hypothetical “Company” has plans for its Pinterest “community”, and in particular, wonders about these situations:

  • Using Images of Identifiable People
  • Fair Use and Images
  • Trademarks: When is a “Fair Use” Argument Strongest?
  • Why Attribution and Linking to Original Sources is Important

3 introductory questions:

Question #1: Someone used to be a paid Company sponsor or spokesperson.  They are no longer.  Can the Company continue to post a photo of the old sponsor to Pinterest?  Short Answer: If the contract with the sponsor expressly permits it, yes.  Ordinarily, the contract would specify engagement for limited time, and that would prohibit rights to use images beyond the contract period.  But it really depends on what the contract says.

Question #2: Can the Company post a photo of a fan of the Company?  Short Answer: Express consent is required, either through a release or the fan’s agreement (whenever the photo is submitted) to terms of service.  Exceptions are discussed below.

Question #3: Can the Company post a photo of a Coca-Cola bottle on its Pinterest page?  Short Answer: If the use of the image does not suggest (implicitly or explicitly) endorsement or association, then yes.

Read More

SaaS: Software License or Service Agreement? Start with Copyright

SaaS, short for “Software as a Service”, is a software delivery model that grants users access to a program while the software itself and its accompanying data are stored off-site, on a vendor’s (or another third party’s) servers.  A user accesses the program via the internet, and the access is provided as a service.  Hence … “Software as a Service”.

In terms of user interface functionality, a SaaS service – typically accessed via a subscription model – is identical to a traditional software model in which a user purchases (or more typically, licenses) a physical copy of the software for installation on and access via the user’s own computer.  And in enterprise structures, the software is installed on an organization’s servers and accessed via dedicated “client” end machines, under one of many client-server setups.  In that sense, SaaS is much like the traditional client-server enterprise model where servers in both cases will likely be offsite, the difference being that SaaS servers are owned and managed by the software owner.  The “cloud” really just refers to the invisibility of the legal and operational relationship of the servers to the end user, since even in traditional client-server structures servers might very likely be offsite and accessed only via internet.

Read More

MegaUpload – Where is my Data?

A not-insignificant consequence of the federal government’s move in January to shut down the popular file-sharing site MegaUpload is that customers are blocked from being able to access their files.

First, some background. In January, the government charged that MegaUpload and its founder Kim Dotcom operated an organization dedicated to copyright infringement, or in other words operated for the purpose of a criminal enterprise.  The site provided a number of online services related to file storage and viewing, which (among other things) allowed users to download copyrighted material.  The government also claimed in its indictment that the site was also used for other criminal purposes including money laundering.

Not surprisingly, the file-sharing activities caught the unpleased eye of prominent content ownership groups

Read More

Privacy For Businesses: Any Actual Legal Obligations?

For businesses, is there an obligation in the United States to do anything more than simply have a privacy policy?  The answer is not much of an obligation at all.

Put another way, is it simply a question of disclosure – so long as a business tells users what it intends to do with their personal information, can the business pretty much do anything it wants with personal information?  This would be the privacy law equivalent of the “as long as I signal, I am allowed to cut anyone off” theory of driving.

Much high-profile enforcement (via the Federal Trade Commission and State Attorneys General) has definitely focused on breaches by businesses of their own privacy statements.  Plus, state laws in California and elsewhere either require that companies have privacy policies or require what types of disclosures must be in those policies, but again focus on disclosure rather than mandating specific substantive actions that businesses must or must not take when using personal information.

As The Economist recently noted in its Schumpeter blog, “Europeans have long relied on governments to set policies to protect their privacy on the internet.  America has taken a different tack, shunning detailed prescriptions for how companies should handle people’s data online and letting industries regulate themselves.”   This structural (or lack of structural) approach to privacy regulation in the United States can also been seen – vividly – in legal and business commentary that met Google’s recent privacy overhaul.  Despite howls of displeasure and the concerted voices of dozens of State Attorneys General, none of the complaints relied on any particular violations of law.  Rather, arguments (by the AGs) are made about consumer expectations in advance of consumer advocacy, as in “[C]onsumers may be comfortable with Google knowing their search queries but not with it knowing their whereabouts, yet the new privacy policy appears to give them no choice in the matter, further invading their privacy.”

Again, there’s little reliance on codified law because, for better or worse, there is no relevant codified law to rely upon.  Google, Twitter and Facebook have been famously the subjects of enforcement actions by the states and the Federal Trade Commission, and accordingly Google has been careful in its privacy rollout to provide extensive advance disclosures of its intentions.

As The Economist also reported, industry trade groups have stepped in with self-regulatory “best practices” for online advertising, search and data collection, as well as “do not track” initiatives including browser tools, while the Obama Administration last month announced a privacy “bill of rights” that it hopes to move in the current or, more realistically, a future Congress.

This also should not ignore common law rights of privacy invasion, such as the type of criminal charges successfully brought in New Jersey against the Rutgers student spying on his roommate.   These rights are not new and for the time being remain the main source of consumer recourse for privacy violations in the absence of meaningful contract remedies (for breaches of privacy policies) and legislative remedies targeted to online transactions.

More to come on this topic shortly.

Read More

Fair Use or Just Plain Stealing? “Transformative” Art in a Digital World

A recent New York Times article discussed the case of an artist was sued for copyright infringement after he created paintings and collages based on photographs without crediting or obtaining permission from the photographer.

The artist, Richard Prince, based his works on photographs from a book about Rastafarians “to create the collages and a series of paintings based on [those photographs],” reported Randy Kennedy in the Times.

Then ensued a discussion of the degree to which material must be transformed to fall under copyright law’s “fair use” protection, which would allow use of copyrighted material if, as the article explains, “the new thing ‘adds value to the original’ so that society as a whole is culturally enriched by it.”  (The reference is to a 1990 Harvard Law Review article by Federal Judge Pierre Leval.  I previously discussed fair use’s 4-prong analysis in the context of photographs and artwork, here and in mashups here.)

Read More