For free initial consultation, call (858) 674-6177.
Mr. Himelstein is a San Diego attorney who helps clients to provide
legal protection for their intellectual property associated with the
internet and computer software and hardware and assists them in
general business matters.
The following contains information on cyberspace law. Discussion of each topic will be completed as time permits.
There really is no cyberspace law as such; only law as applied to the internet. It is impossible to thoroughly cover the legal issues which are related to the internet in this space, because the material is too vast. A partial list of legal issues affecting and affected by the internet is contained below.
If you and your web site are located in California, can someone sue you in New York so that a court in New York will assume personal jurisdiction over you forcing you to defend yourself in New York? Maybe. Until the US Supreme Court clarifies the answer, we may have differing views in different states. The cases so far decided have never allowed jurisdiction merely for having a web site, nor even for a web site which advertises, if the advertising is not related to the law suit. But, if you have a web site and a) other contracts with others in the other state, b) telephone service for those in another state, c) advertisements which are related to the suit, or d) other contacts, then another state may exert personal jurisdiction over you. The law is not settled in the US yet. What would be necessary for a non-US jurisdiction to exert jurisdiction relying on internet contacts is also not known.
Cases:
Compuserve v. Patterson: Attorney in Texas contracted with Compuserve in Ohio to market software. After a dispute, Compuserve sued Patterson in Ohio. The Ohio court assumed personal jurisdiction over Patterson, even though the attorney had never been in Ohio, based on internet contacts. There was an contract agreed upon by email, the contract specified the use of Ohio law, the attorney repeatedly sent software to Ohio electronically, the software was advertised in Ohio, and sales were made in Ohio.
Besusan Restaurant Corp. v. King: The owner of New York's famous jazz club, the "Blue Note," sued owners of a jazz club with the same name in Missouri, because of advertisements on the Missouri club's web page. The New York court ruled that it did not have jurisdiction over the Missouri club, merely because they had a web site. They could still sue in Missouri.
Zippo Manufacturing Co. v. Zippo Dot Com, Inc.This is a domain name dispute. Plaintiff is a Pennsylvania lighter manufacturer and defendant is an internet news service operated by a California based company. Defendant's contacts with Pennsylvania were almost all on the net: 3,000 subscribers in PA, seven agreements with PA service providers, et al. The court held that the CA company had purposefully availed itself of the protections of Pennsylvania law and assumed jurisdiction.
Cybersell, Inc. v. Cybersell, Inc.: Arizona court found Florida web site provided only passive web page advertisements and did not assume jurisdiction.
Maritz, Inc. v. Cybergold, Inc.: Plaintiff (Maritz), a Missouri company, sued a California company in Missouri for placing an infringing trademark on defendant's web site. Since this would be a tort, the question becomes "was the tortious act committed in Missouri?" The test is: "was the effect within the state?" The court ruled it was, since the harm was in Missouri, and assumed jurisdiction.
A district court in Dusseldof assumed jurisdiction over a non-resident who registered "epson.de" as a domain name with Germany's INTERNIC (DE-NIC), even without a web site, because of the use of the country specific ".de." This was a trade name dispute.
A French court assumed jurisdiction over a French company with a web server in the US, who had registered "sainttropez.com." The court ruled the domain name infringed the city name and awarded $120,000 in damages.
Predatory Pricing. Antitrust law prohibits various types of price discrimination when it substantially lessens competition. For example in 1994 the Department of Justice (DOJ) filed an antitrust suit against Microsoft. DOJ objected to Microsoft's use of "per processor" licenses, which charged personal computer manufacturers for each microprocessor, whether or not the computer was sold with Microsoft's operating system; DOJ also objected to Microsoft's use of minimum volume commitments, particularly when the minima were set to a level which exceeded anticipated needs; and finally DOJ objected to Microsoft's use of lump-sum pricing, which is a disincentive for manufacturers to use any other operating system. Ultimately, in 1995 Microsoft and the DOJ agreed to terms, prohibiting Microsoft from using per-processor licenses, minimum commitments, and lump-sum pricing.
(For this section it is assumed the user has read my sub-pages on copyright, patents, trademarks, and trade secrets.)
COPYRIGHTS. (Please first read my sub page on copyrights.) Copyrights apply to original works of authorship fixed in any tangible medium of expression, i.e. copyrights protect expressions. Just about everything on the internet is an expression and is protected by copyrights, e.g. virtually anything you see or hear, text, web sites, programming code, data structures, icon, logos, clip art.
- Web Sites. Probably there is no infringement merely by surfing. I would not link to another site (with some exceptions) unless I had the owner's permission; the owner may require you to agree to some conditions of which you should be aware and to which you should agree in advance. If there is a graphic for the link, do not copy the image to your site, even if it increases the loading speed, but rather reference the graphic on the owner's site. Copying the graphic without permission is certainly an infringement.
- Liability for Acts of Others. There are three types of copyright liability. One type is direct liability for copying copyrighted material; knowledge that the material was copyrighted is not needed for liability. In Marobie-FL, Inc. v. National Association of Fire Equipment Distributors, the plaintiff, Marobie, a creator of "clip art," received a summary judgment against defendant, because defendant's web page administrator used Marobie's clip art on their web page. In Religious Technology Center v. Netcom On-Line Communications Service, Inc., plaintiff (Church of Scientology) sued a former member-turned-critic, a BBS operator on which copyrighted church material was published, and Netcom, the ISP of the BBS operator. The BBS operator and Netcom were dismissed from direct liability, because something more than merely setting up a system is necessary for direct liability. A second type of liability is contributory liability, defined as with knowledge of the infringing activity, one induces, causes or materially contributes to the infringing activity of another. The third type of liability is vicarious liability, defined as when one 1) has the right and the ability to control the infringer's acts and 2) receives a direct financial benefit from the infringement. Notice it is not necessary for one to have even knowledge of the infringement; it could be an employee infringing. In the Netcom case described above, Netcom's contract with the BBS operator allowed it the right and it had the ability to control the infringer's infringing activities, but, since it charged a flat fee for services, it did not directly financially gain from the infringing activities.
- Safe Harbor - No Damages. An internet service provider or internet site operator can now avoid damages caused by third parties by taking certain steps specified in the Digital Millennium Copyright Act (DMCA) of 1998. The steps are relatively simple and are worthwhile to preclude liability for damages.
- If your Work is Infringed. Immediately notify the owner of the site in writing and demand removal in accordance with the procedures specified in the DMCA.
- Software Publishers Association. This is a consortium of software publishers (Microsoft, Netscape, about 800+ others) whose purpose is to stop piracy. If you get a letter from them, get legal help immediately, and do not ignore the letter. Probably they already have information on your infringements. Penalties for copyright infringement can be severe: there are criminal penalties and civil damages can be from $750 to $150,000 per infringement, plus attorney fees. A 1996 case involved a law firm and led to a $120,000 settlement. The Association collected a total of $7.2 million in 1996.
- Company Policies. If your company buys software, ensure you have controlled procurement policy which is enforced, not buy one copy and use it for all. Be sure you have a muti-user license, if needed. In general treat software as a business asset: inventory control, security, virus protection, etc.
- Personal Liability. If you personally perform copyright infringement acts, you can be criminally prosecuted and held liable for civil damages.
PATENTS. (Please first read my sub page on patents.) Patents provide exclusive rights to inventors of qualifying inventions. The inventions must be a process, an article of manufacturing, or a machine. Also the invention must be new, useful, and non obvious. Patents rights arise only after approval by the U.S. Patent and Trademark office. The most common use of patents related to the internet is for software. Patents can provide more complete coverage than copyrights for qualifying software. Companies who develop software should consider carefully patent protection, should evaluate costs, advantages and disadvantages of software patents, and should consider maintaining a software patent portfolio as a company asset.TRADEMARKS. (Please first read my sub page on trademarks.) Trademark law is one area of intellectual property law in which a company can encounter trouble without even knowing they are doing anything controversial.
- Domain Name Conflicts. The authority who oversees the allocation of domain names (Internet Corporation for Assigned Names and Numbers (ICANN) for domain names ending in .com, .org, .net, .gov, and .edu) is not and does not want to be an arbiter between those in conflict over a trademark used as a domain name. While one cannot use a trademark (or service mark) which is confusingly similar to another's trademark, when the other has superior rights, such is not easily applied to domain names. Domain names are allocated on a first-come, first-served basis. If a domain name is not already taken, anyone could register a domain name as for example mcdonald.com, although you must swear that you are not infringing on someone else's mark, which would preclude seeking mcdonald.com. ICANN's current rules require that anyone holding a trademark to that name could force the domain name holder to enter binding arbitration to settle the dispute. (It is possible for two companies to use the same trademark, if they sell different products, e.g. Delta Airlines is not the only company using "Delta.")
Alternatively, the trademark owner could file suit claiming trademark infringement. In either case a federally registered trademark provides substantial protection for a company to retain a domain name; it may be possible to lose a domain name to another company which has a federally registered trademark or superior rights to the mark. Clearly this could be a devastating blow to a domain name holder, who has built up a substantial following on the net, e.g. an ISP and all its email customers. Damages for trademark infringement could be substantial.
- Anti-Dilution. After the 1996 amendment to the federal trademark statute, the owner of a "famous" trademark could seek an injunction against another using the mark in commerce if the use begins after the mark became famous and the use causes dilution of the distinctive quality of the mark. My "mcdonald.com" example above would be subject to this statute. Thus "famous" trademarks are provided enhanced protection.
- Use of Others' Trademarks. Although there is a nominative fair use defense usually protecting certain uses of another's mark, it is basically not a good idea to use another's trademark without permission. Recently Ticketmaster Group Inc. filed suit against Microsoft, whose "Seattle Sidewalk" web site contained links allowing users to bypass Ticketmaster's home page. Ticketmaster disapproved because they receive advertising revenue for ads on the home page; the bypassing reduced the value of the home page ads.
- Use of Others' Trademarks as a Fan. The problem: a fan of your company or product is so enthused that the fan creates a web site to pay tribute, but inevitably there appears on the site your intellectual property, perhaps your trademark (or some copyrighted material). The down side is, if you do not take some action to protect your trademark(s) (and copyrights), you could lose this property, but who wants to alienate (and perhaps lose) dedicated, enthusiastic fans? This is especially true on the internet where the alienation could very quickly spread.
While there are certainly sufficient legal weapons to stop trademark (and copyright) infringement, perhaps approaches are possible which will eliminate the infringement without alienating the infringer. For example, one could create a library of files with materials which are licensed free of charge with appropriate restrictions and removal rights. In cases where some action is necessary a gentle method may be the most effective.
- Use of Others' Trademarks as a Critic. You may find at some internet sites the use of a trademark in connection with critiques of products or services associated with the marks. Generally this is not an infringement because it is not in connection with the sale of goods and because it does not cause confusion as to the source of the goods and services. Such a critique site may have other legal problems (defamation for example), but usually not trademark infringement.
- Name and Likeness Laws. To use a celebrity's name or likeness on the internet you probably need the permission of the celebrity. The "right of publicity" means the legal right to exploit and control the name, image and likeness of a person. Typically protected items include the name, nickname, voice, picture, likeness, and other identifying characteristics, including performing style. In some cases injunctive relief is available, and the measure of damages can be substantial.
TRADE SECRETS. (Please first read my sub page on trade secrets.) Protecting trade secret information can be particularly important when the internet is involved for at least two reasons: The internet provides a communications path which people can use to obtain proprietary information; and proprietary information accessible over an internet connection can be copied in large quantities very quickly. For employees, customers, suppliers, and others who may access your data sufficient steps must be taken to restrict access only to data needed by specific individuals or groups. Whenever possible, confidentiality and nondisclosure agreements should be executed. Non-competition agreements can also be effective whenever and wherever allowed by law. These protections are especially important for those companies who utilize intranets and extranets.
INTERNATIONAL CONSIDERATIONS. Whenever issues affect more than one nation, typically the laws within a nation may not apply. Instead a treaty between two or more nations may provide the relevant law. There are many international treaties covering intellectual property. As an example the United States passed the Digital Millennium Copyright Act to implement certain treaty requirements. As mentioned above in the copyright section, among other things it provides a safe harbor for internet service providers who might otherwise be held liable, provided they take certain steps. There are many treaties covering various aspects of intellectual property. Typically, the developed and to a lesser extent the developing countries are interested in protecting intellectual property, since it is a value national asset, whereas undeveloped nations obtain an economic benefit from using such assets without paying the going rate for them. As a nation begins to develop more and more intellectual property of its own, it begins to have a greater incentive to protect that property.
Personal privacy has very much been affected by the internet. For example there is a great deal of information about individuals available on the internet. Currently, a substantial amount of information can be and is collected on the internet about individuals, often without the knowledge of the individual. Perhaps some of it is advantageous, e.g. when a favorite shopping site presents items probably of interest, but what about insurance companies discovering that you visit certain sites providing information on particular diseases in order to affect your insurance coverage or rates?
The laws affecting privacy stem both from the federal and state constitutions and statutes and from common law principles. The Fourth Amendment to the U.S. Constitution restricts the government from unreasonable searches, and the Fifth Amendment protects the individual against forced self incrimination. Some state constitutions contain privacy protections beyond what is found federally, e.g. a few protect the telephone numbers dialed (which are otherwise not protected), and some protect your personal banking information. Note that these protect you against government intrusion, not necessarily against private intrusion. Also nothing protects you from voluntary disclosures.
The common law has traditionally protected four privacy interests: 1) unauthorized appropriation of your name or likeness in a manner which injures your dignity or reputation, 2) publicly placing another individual in false light, 3) tortious disclosure of private facts which are highly offensive and not newsworthy, and 4) unreasonable intrusion into an individual's seclusion. One or more of these could be applied to internet situations.
There are also several federal (and some state) statutes protecting the contents of the mail, and telephone, data, and radio transmissions, although there are a number of exceptions. Encryption techniques promise to enhance privacy, but some law enforcement agencies are avidly interested in having master "keys" so that criminals cannot be secure in their communications.
The legal trend is that employees do not have a reasonable expectation of privacy regarding employers reading their email. More and more employers are monitoring employee email, basing their right on various rationales: the employers do own the equipment and the software; the employers legitimate right to monitor the workplace to avoid sexual, racial or other unwanted harassment; the employers want to ensure that email is only used for business purposes. The most prudent course for employers is to develop a clear, written policy regarding email covering such topics as personal messages, harassment, sexual and racial material and other content, illegal activity, bulk mailing, employer rights to monitor, and many other issues. This policy should be provided to and acknowledged by each employee.
There are now available anonymous remailers, allowing an individual to sent email messages through a remailer and to receive responses through the same remailer. Depending on what the laws may be wherever the remailer is it may still be possible to determine the identity of sender.
Email addresses have become very valuable commodities. Very large email lists are now routinely bought and sold to allow bulk mailings for advertisement.
Persons who send messages via email which contain defamatory remarks about another should be especially careful. Such messages can now be easily duplicated and resent in great quantities, and the original author could be held liable for all subsequent dissemination.
All users should recognize that data files are subject to discovery and seizure during searches by law enforcement authorities, although there are legal restrictions, including the protections of the Fourth Amendment. In civil cases computer data files are subject to discovery. Since technological means are available to reconstruct records, even deleted or damaged data may be detectable and used.
A great amount of personal information is collected, used, and sold. Many sites request that visitors voluntarily provide personal information. Users often make personal information available in chat rooms or on bulletin boards.
While businesses often take measures to protect private information, particularly if it is very sensitive such as credit card information, personal financial information, and health information, no protection system is perfect. On line businesses must maintain a level of security commensurate with sensitivity of the data collected. It is prudent to minimize the amount of data collected, consistent with the business use, in order to minimize the potential for liability. Development of a legal and technical plan to be used in case of a breach of security is important.
Personal information is a valuable commodity. Many sites have a privacy policy which is very restrictive, many are not very restrictive, some have no privacy policy at all.
In the case of children the Children's Online Privacy Act of 1998 (COPA) requires prior approval of a parent before collecting certain information from children younger than 13 years of age. COPA requires additional procedures and safeguards if a site aims at children or if children are known to frequent the site.
Some companies were developed to cater to user's privacy concerns. Some provide anonymous accounts, use of remailers, and pseudonymous servers. There os also blocking software designed to help parents protect their children.
In order to try to avoid governmental regulation industry associations are moving towards self-regulation. The FTC is considering new rules to protect personal financial information and personal health information. The FTC has already issued rules to implement COPA. Violations of the FTC guidelines could be treated as unfair or deceptive trade practices.
On occasion the web produces novel privacy issues. Here are two examples. Several computer enthusiasts placed a small digital video camera in a public space outside the entrance to a brothel in Norway. the images clearly showed the identity of those entering and exiting, and were made available immediately at a Web site. Eventually the site reported more than 200,000 hits per day. In a second instance Florida made available on line a description and image of each sexual predator, who was convicted, served time, and was released, including their known address and their crime.
Such mechanisms have the potential to affect hiring decisions. Expanded searches could provide potential employers with a relatively complete personal profile. An employer could obtain information through such a search that the employer would not be entitled to ask for directly. For example the employer might discover that the potential employee was involved in a Usenet newsgroup addressing a specific type of chronic health problem. Perhaps the employer would conclude that the employee or a family member had the health problem and might choose not to hire this employee over concerns on how the employer's health insurance costs might increase.
Increasingly Internet type searches are being used on internal networks. These sophisticated searches may allow an organization to monitor and track communications generated and received by individuals.
ISPs should also increase their awareness of personal privacy concerns. ISPs should have clear policies which are published on their web sites and communicated to every employee and all customers, and should ensure that these policies are rigorously enforced.
Cases:
Based on information obtained from AOL by Navy investigators, the Navy concluded that Senior Chief Petty Officer Timothy R. McVeigh had admitted to homosexual behavior, and the Navy moved to discharge him. AOL acknowledged that the personal information released was inconsistent with its own policies. (A court did reinstate McVeigh on the basis that the methods used by the navy violated the Electronics Communications Act.)
John Doe, aka AquaCool-2000 v. Yahoo!, Inc. An anonymous user of Yahoo's on-line chat room functions sued Yahoo alleging invasion of privacy, breach of contract, negligent misrepresentation, and unfair competition, based on Yahoo's disclosure of the user's identity in response to a subpoena issued in a civil lawsuit. The user had made negative comments about the employer and was fired. Yahoo had complied with the subpoena without notifying the user and affording the user the opportunity to defend the subpoena.
Verizon successfully resisted a subpoena from Recording Industry Association of America requesting the identity of a Verizon user. The subpoena was issued under the Digital Millennium Copyright Act, but no lawsuit had yet been filed.
OBSCENE AND INDECENT MATERIALS.
Obscenity Laws and the Internet.
Contracts for the Sale of Goods.
On-Line Commercial Communities.
US Federal Taxation of Foreign Income.
The legal information contained above is informational in nature and cannot be considered legal advice. Every situation has its own factual context and cannot be judged without that context.
For free initial consultation call (858) 674-6177.
This web site is a work in progress. Some parts are knowingly incomplete; other parts are known to need revisions. Certainly, the future will reveal the need for further additions and revisions.
Last update of this sub-page May 3, 2006 by David B. Himelstein.
Return to Homepage