Domingo Rivera Cyber Lawyer Blog
Under U.S. copyright laws, the developer of a website owns the intellectual property and copyrightable elements of the website. The copyrightable elements of a website include the text, graphics, scripts, code, and the “look and feel.” Unless there is a contract to the contrary, the website developer’s client only obtains a non-exclusive license to utilize the intellectual property that it paid to develop. Even the copyright notice on the client’s website applies only to the contents that were developed by the client and not to the contents that were created by the developer.
This means that under the default scenario, your business’ website developer can create a very similar website for your competitors. Furthermore, at the end of your business’ relationship with the website developer, the website developer can also demand that you stop using its intellectual property and copyrightable contents. If you refuse, you may find yourself as the defendant in a copyright infringement lawsuit. Even worse, your website developer may refuse to facilitate your business’ transition to a new developer. If your business depends on its website, it may never recover from this website hijacking scheme commonly applied by some unscrupulous website developers.
You should be aware of the risks associated with the absence of a carefully drafted website development agreement and should consult with an Internet Attorney before hiring others to develop your website.Cyber Lawyer, Domingo J. Rivera, is an attorney specialized in Internet Law, handling cases throughout the United States.
The term “ Cybercrime” is broadly defined to include any criminal activity committed on the internet. Almost everyone has at least a basic understanding about online identity theft, probably the most common cybercrime. However, there appears to be considerable confusion regarding some of the other basic cybercrimes and their definitions. I recently visited the website of a firm where the terms phishing and spoofing were incorrectly used interchangeably!
Some of the most common cybercrimes are:
Email spoofing – The forgery of an e-mail header in a manner that the message appears to have originated from somewhere other than the actual source. Widely used by spammers, a spoofed e-mail may appear to be from a legitimate source asking for personal information, passwords, credit card numbers, etc.
Phishing – The sending of an email to a recipient in an attempt to scam the recipient into revealing private information. The email contains a link to what appears the website of a legitimate enterprise but is only a fake version of the organization’s website. When the recipient visits the fake website, the recipient is asked to update personal information, such as passwords and credit card, social security, and bank account numbers that the legitimate organization already has.
Cookie Poisoning – Some websites store cookies on your computer's hard drive to authenticate your identity, speed up your transactions, monitor your behavior, and personalize your website experience. Cookie poisoning is the modification of a cookie by an attacker to gain unauthorized access to private information about the user. The attacker may use this private information for identity theft and to gain access to the user's existing accounts.
CAN-SPAM Act: Non-compliance is a crime… and overzealous ISPs may refuse to deliver legally compliant email messages
On May 31, 2007, the BBC reported “U.S. Arrests Internet spam king” Robert Soloway. (A copy of the Article can be found at: http://news.bbc.co.uk/2/hi/technology/6707333.stm). Mr. Soloway is accused of being “responsible for tens of millions of unsolicited e-mails promoting his own company between November 2003 and May 2007” in violation of the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003.
The CAN-SPAM Act is codified under 15 U.S.C. § 7701-7713. Contrary to the belief of many, the CAN-SPAM Act does not prohibit sending spam emails. Instead, it imposes certain requirements. These mandatory requirements include, inter alia, the use of accurate email subject lines and transmission information, opt-out procedures where recipients can elect not to receive additional emails fom the sender, mandatory timeframes for the removal of users who elect to opt-out, and a prohibition of improper email harvesting.
But, what happens when a sender complies with all the requirements of CAN-SPAM? Can an ISP still refuse to deliver compliant email messages to the intended recipients?
In White Buffalo Ventures, LLC v. University of Texas, 420 F.3d 366 (5th Cir. 2005), the Plaintiff, White Buffalo, was an online dating service operating several online dating websites, including one that targeted students of the University of Texas (UT). White Buffalo obtained the "non-confidential, non-exempt email addresses" held by UT through a Public Information Act request. White Buffalo used these email addresses to send CAN-SPAN compliant commercial emails to members of the UT community. UT issued a cease and desist letter but White Buffalo refused to comply. As a result, UT blocked all emails originating from White Buffalo’s IP address.
White Buffalo sued UT, arguing that the First Amendment and the CAN-SPAM Act precluded UT’s actions. The Court disagreed and held that the CAN-SPAM Act does not prevent Internet Service Providers (ISPs), in this case UT, from filtering CAN-SPAM compliant commercial emails.
Some courts have held that that domain names are property. In Kremen v. Cohen, 337 F.3d 1024 (9th Cir. 2003), the plaintiff registered the domain name sex.com. The registrar transferred the name to a different individual on the basis of a forged letter. The Court reversed the district court’s holding that domain names were intangibles not subject to conversion. The Court held that the registrar was subject to liability “for giving away someone else's property.” Id. at 1035.
Other courts, however, have concluded that "a domain name registration is the product of a contract for services between the registrar and registrant.” Network Solutions, Inc. v. Umbro Int'l, Inc., 259 Va. 759, 770 (2000) (citing Dorer v. Arel, 60 F. Supp. 2d 558, 561 (E.D. Va. 1999)).
If considered property rights, domain names would be subject to state property laws and state property causes of action, such as conversion, would be applicable. However, if domain names confer only contractual rights, the nature of the protection afforded to the registrant would be quite different.
Under ICANN rules, a domain name owner must intervene within five days to stop an inter-registry transfer request. Therefore, whether a domain name is treated as property or as a contractual right can make a huge difference in the remedies available to victims of domain name hijacking who do not intervene within the five-day period prescribed by ICANN.
The Digital Millennium Copyright Act (DMCA), codified in 17 U.S.C. § 512, amended the U.S. Copyright Act of 1976. The DMCA provides for severe criminal penalties for circumventing technical measures protecting copyrighted works.
The DMCA protects Internet Service Providers (ISPs) from liability arising from acts by the ISP’s customers. However, there are certain conditions that an ISP must meet in order to qualify for the Act’s safe harbor provisions. To enjoy safe harbor protection, an ISP must:
1. Implement a policy to terminate infringers;2. Designate a service provider agent for notification of claims of infringement. (The list of designated service provider agents is located at: http://www.copyright.gov/onlinesp/list/index.html)3. Provide means to receive notice of infringement and upon obtaining notice act expeditiously to remove, or disable access to the infringing material; and4. Have no actual knowledge of the infringing activity.
Arguably, the DMCA has bogged down the development of technology. For example, in Sony Corp. v. Universal City Studios, Inc., 464 U.S. 417 (1984), a case decided prior to the passage of the DMCA, the U.S. Supreme Court held that a manufacturer of video tape recorders could not be held liable for contributory copyright infringement. The Court found that although video tape recorders could be used to copy copyrighted television shows, there were commercially significant non-infringing uses for the device. This decision facilitated the commercial widespread of video tape recording devices such as Betamax and VCRs.
In Universal City Studios v. Reimerdes, 111 F. Supp. 2d 294 (2000), a case decided after the passage of the DMCA, motion picture studios brought action under the DMCA to enjoin Internet website owners from posting or downloading software that decrypted digitally encrypted movies on DVDs. The United States District Court for the Southern District of New York granted the injunction under the authority of the DMCA. Despite the obvious differences between the distribution of a machine that records unencrypted television shows and the distribution of code that allows the copying of encrypted DVDs, had the DMCA existed in 1984, what would have happened to the development of the home video recording industry?
Today Google owns the Internet search engine market and DoubleClick owns the Internet banner advertisement market. Now Google is bidding $3.1 billion to dominate the search engine market, the banner advertisement market… and a lot of data.
DoubleClick has the ability to track what sites people visit and Google has the ability to collect search histories. Unfettered exclusive access to all this information could potentially allow Google, not the market, to set the prices for Internet advertisement. We will be waiting for the Federal Trade Commission’s report.A related news article can be found at:
Teleflex International Co. held a patent titled “Adjustable Pedal Assembly With Electronic Throttle Control.” One of the claims of the patent describes a mechanism where an electronic sensor is combined with an adjustable pedal to control the throttle in an automobile. KSR International Co. added an electronic sensor to its previous automobile pedal design and Teleflex obviously sued for patent infringement. The District Court dismissed the case, holding that the claim contained in Teleflex's patent was obvious. The Federal Circuit reversed, applying its "Teaching, Suggestion, Motivation" test. Under this test, the combination of existing processes to create new processes is not obvious when there is no prior art that explicitly or implicitly teaches, suggests, or motivates the combination. The Supreme Court reversed, holding that the Federal Circuit's application of the test need not become “rigid and mandatory formulas” and finding that “any need or problem” can provide the patentee with a reason for combing processes. The Supreme Court's new obviousness standard will probably increase litigation on obviousness grounds (the Verizon v. Vonage appeal comes to mind)... However, the full impact of the new obviousness standard is certainly non-obvious.The full text of the opinion may be found at:http://www.supremecourtus.gov/opinions/06pdf/04-1350.pdf
Site Pro-1 Inc. v. Better Metal LLC: a better approach for deciding trademark infringement claims resulting from competitive metatag usage and keyword advertising?
The key question is whether the defendant placed plaintiff’s trademark on any goods, displays, containers, or advertisements, or used plaintiff’s trademark in any way that indicates source or origin. Here, there is no allegation that Better Metal did so, and therefore no Lanham Act “use” has been alleged. Indeed, the search results submitted as an exhibit to the complaint make clear that Better Metal did not place plaintiff’s SITE PRO 1® trademark on any of its goods, or any advertisements or displays associated with the sale of its goods. Complaint, Ex. B. Neither the link to Better Metal’s website nor the surrounding text mentions SitePro1 or the SITE PRO 1® trademark. The same is true with respect to Better Metal’s metadata, which is not displayed to consumers.The Court's approach seems to be inline with the Second Circuit's position regarding competitive metatag usage and keyword advertising. Most courts do not share this approach. Under similar facts, Courts in Virginia, California, Pennsylvania, Minnesota, and many others, have reached contrary results. So which court has the better approach for deciding trademark infringement claims resulting from competitive metatag usage and keyword advertising? The debate continues... The text of the opinion may be found at: http://claranet.scu.edu/tempfiles/tmp32239/siteprovbettermetal.pdf
Email privacy at work: Your employer can lie to you about reading your emails… and then fire you for relying on these lies!
Most employees probably know that the emails sent from their work email accounts are probably being monitored. However, what if your employer repeatedly assures you that all e-mail communications would remain confidential and privileged? What if your employer further tells you that e-mail communications could not be intercepted and used by against you as grounds for termination or reprimand? Can your employer still intercept your emails, read them, and then fire you for the contents…? YOU BET!!
In Smyth v. Pillsbury Co., 914 F. Supp. 97 (1996), Pillsbury maintained a company e-mail system which the employees used to communicate among themselves. Mr. Smyth was an employee of Pillsbury. Pillsbury assured Mr. Smyth as well as the other employees that all e-mail communications would remain confidential and privileged and that the e-mail communications could not be intercepted and used against the employees as grounds for termination or reprimand.
The U.S. District Court for the Eastern District of Pennsylvania surprisingly held that despite the assurances made by Pillsbury, its employees did not have a “reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor over the company e-mail system.” The Court went on to hold that no “reasonable person would consider the . . . interception of these communications to be a substantial and highly offensive invasion of his privacy.”
The Pillsbury case, although decided under Pennsylvania law and dating back to 1996, has been cited with approval by courts in other states, including Massachusetts, Rhode Island, New York, Oregon, and Texas.
So, what should this mean to you?