TechLaw

The Supreme Court, on its final day of the term, declined to review a pair of high-profile cases of interest to cyberlaw attorneys -- one involving the interplay between commercial speech rights and a privacy-protective state law, the other involving copyright infringement by a cable provider's digital recording service.

The first case, Cable News Network Inc. v. CSC Holdings Inc., No 08-448 (link to lower court opinion), involved a copyright infringement challenge by a large group of television content providers against cable television service Cablevision. The Second Circuit, in proceedings below, held that Cablevision's proposed remote video recording system would not directly infringe the plaintiffs' exclusive rights in copyrighted television programming. First, the court held that each buffer copy made as data flowed through the system was transitory—stored in the DVR system for 1.2 seconds, at most—and so was not directly infringing. Second, the court held that the copies created by the Cablevision DVR service were also not directly infringing, because they were created at the direction of subscribers not Cablevision itself, which merely provided the instrumentality for making the copies.

The U.S. Solicitor General filed a brief May 29 urging the court to decline review of the case.

The second case, IMS Health Inc v. Ayotte, No. 08-1202 (link to lower court opinion), involved a First Amendment challenge to a New Hampshire law banning the sale of prescription drug information that identifies doctors' prescribing patterns. The information is useful to brand-name prescription drug marketers who want to steer doctors away from lower-cost, generic drugs. The First Circuit upheld the law. The court remarked that the New Hampshire state law regulates data transfers whose societal benefits “pale in comparison to the negative externalities produced.”

Even if the regulation does constrain protected speech, the court said, it does not violate the Constitution because it serves a substantial state interest in containing health care costs and is no more restrictive than necessary to accomplish its goals. “[W]e are not persuaded that the regulated data transfers embody restrictions on protected speech,” First Circuit Judge Bruce Selya wrote. “In our view the portions of the law at issue here regulate conduct, not speech,” he added.

The significance of the Supreme Court's denial of certiorari in any particular case is difficult to assess, well above my pay grade. Both of these cert petitions were brought by influential, well-financed businesses who predicted that dire consequences would ensue if the high court let stand the lower court's ruling. If the television content providers who brought suit in Cable News Network Inc. v. CSC Holdings Inc. really do feel they can't live with the Second Circuit's interpretation of the Copyright Act, they can get relief on Capitol Hill, and that may indeed occur.

The situation is slightly different with IMS Health Inc v. Ayotte, because that ruling has a constitutional basis. Other states may, upon seeing New Hampshire's success in turning back the drug marketers' First Amendment objections, be encouraged to enact similar laws. Drug marketers might be able to persuade Congress to preempt state laws like the one at issue in IMS Health v. Ayotte. Short of this, however, the only place for drug marketers to get relief on the First Amendment question is in the federal courts, perhaps the Supreme Court, at some later date.

Every attorney who deals in privacy issues, every attorney who advises companies on drafting acceptable use policies for computers and Internet use, every attorney who counsels companies on creating and enforcing workplace rules ought to stop what he or she is doing and read the court's opinion in Stengart v. Loving Care Agency Inc., No. A-3506-08T1 (N.J. Super.Ct., App. Div., June 26, 2009). There might be some money in it for you.

This case involved workplace computer use rules that the employer claimed gave it the right to search through and retain e-mail messages a former employee had sent to her attorney. The messages were transmitted through the employee's personal e-mail account, but on an employer-issued laptop computer. After the employee left the employer and became a plaintiff, the employer made a copy of the plaintiff's laptop's hard drive, turning up e-mail messages she had sent to her attorney with the laptop.

The appellate court held that the employer had no right to retain the former employee's e-mail messages to her attorney, finding that attorney-client privilege substantially outweighed the employer's interest in enforcement of its computer use rules.

It is getting late in the day here on the East Coast, so I'm going to take what might charitably be called an impressionistic go at this decision. Here goes.

Acceptable Use Policy Was Ambiguous

The court was very critical of the way the acceptable use policy was drafted. Acceptable use policies should convey a "clear and unambiguous understanding" about their scope. This one failed that test. The policy claimed the company had a right to intercept "matters on the company's media systems and services," however, the policy never defined "media systems and services." The policy also permitted "occasional personal use" of company computers, but it made no attempt to define when personal use was permitted. Also, the policy's use of the term "e-mail system" created an ambiguity on the question of whether or not the policy covered an employee's personal e-mail account accessed via the employer's computer.

My impression is that the loose language picked apart by the court here is commonplace. Companies are on notice now that loose language might not survive a court challenge. Ambiguities in the employer's computer use policy made it tough for the employer to defend its conduct in this appeal. This wasn't the employer's only problem, though.

Employer Doesn't Own All Personal Communications

The court was not willing to accept at face value the employer's claim that it was entitled to the employee's e-mail messages merely because they were created with company property. The court believed that the employer was required to assert a plausible justification for intruding into the employee's personal communications. The court flatly rejected the employer's argument that it had a right to access the employee's communications merely because they were created with company property. In the process, the court served up some lofty rhetoric about the right of privacy in electronic communications in the workplace.

[Provisions in the acceptable use policy] reflect the entirely proper imposition of the company's right to own and possess communications made by the employee in furtherance of the company's business. As interpreted by the company, however, those provisions purport to reach into the employee's personal life without a sufficient nexus to the employer's legitimate interests. This claimed right seems to be based principally on the fact that the computer used to make personal communications is owned by the company, although the company provides no plausible explanation for the policy's expressed acknowledgment that "[o]ccasional personal use is permitted." No rationale is offered to explain how one aspect of the policy creates the company's absolute right to retain, as its own property, all emails whether business-related or personal, with the provision that "[o]ccasional personal use is permitted."

Ignoring the significance of its express permission for "[o]ccasional personal use," the company's argument appears to rely chiefly on the fact that plaintiff utilized the company's computer and that anything flowing from that use becomes subject to the company's claimed ownership right. We reject the company's ownership of the computer as the sole determinative fact in determining whether an employee's personal emails may become the company's property.

...

Certainly, the electronic age -- and the speed and ease with which many communications may now be made -- has created numerous difficulties in segregating personal business from company business. Today, many highly personal and confidential transactions are commonly conducted via the Internet, and may be performed in a moment's time. With the touch of a keyboard or click of a mouse, individuals may access their medical records, examine activities in their bank accounts and phone records, file income tax returns, and engage in a host of other private activities, including, as here, emailing an attorney regarding confidential matters. Regardless of where or how those communications occur, individuals possess a reasonable expectation that those communications will remain private. ...

A policy imposed by an employer, purporting to transform all private communications into company property -- merely because the company owned the computer used to make private communications or used to access such private information during work hours -- furthers no legitimate business interest.

Employers out there, you're on notice now that you should have a more nuanced and situation-specific justification for snooping in personal e-mail accounts than the "We own it, we own it all" strategy adopted by the employer in this case.

Policy Not Enforceable as Contract

The court was unwilling to treat the acceptable use policy as a contract, preferring instead to characterize acceptable use polices as "regulations unilaterally imposed by employees." Instead, the court's deference to the terms of the policy was commensurate with what the court called its "moral force." A company regulation loses "moral force" when it is "based on no good reason other than the employer's desire to rummage among information having no bearing upon its legitimate business interests."

Here's another bit of rhetoric, from a judge who has clearly lost all patience with the employer's legal arguments:

We thus reject the philosophy buttressing the trial judge's ruling that, because the employer buys the employee's energies and talents during a certain portion of each workday, anything that the employee does during those hours becomes company property. Although we recognize the considerable scope of an employer's right to govern conduct and communications in the workplace, the employer's interest in enforcing its unilateral regulations wanes when the employer attempts to reach into purely private matters that have no bearing on the employer's legitimate interests.

Ouch.

Trial Court Should Have Required Employer to Prove Case

Speaking of the trial judge, the appellate court was openly disappointed in her failure to make the employer adequately prove the existence of a computer use policy, and its terms, and the extent to which the policy was applied and enforced within the company. For example, the appellate court counted five separate versions of the policy in the record, none of which contained a signed acknowledgement by the employee that she had read and understood the policy. It was error for the trial court to decide disputed fact issues without a hearing, the court said.

Employer's Law Firm Could Be Disqualified

The employer's law firm may very well have gotten itself removed from this case. Attorneys for the employer read the employee's personal e-mail messages -- which obviously contained communications between the employee and her attorney -- without first affording the employee an opportunity to assert attorney-client privilege over them. The court said that it was unreasonable for the attorneys to assume that the employer's acceptable use policy had turned the employee's privileged e-mail messages into company property. These attorneys were ethically obligated, the court said, "to cease reading or examining the document, protect it from further revelations, and notify the adverse party of its possession so that the attorney's right to retain or make use of the document may thereafter be adjudicated by the court."

The court ordered the trial court to conduct a hearing to determine whether the employer's law firm should be disqualified from representing the employer for the remainder of this litigation.

All in all, a lot to chew on late on a Friday afternoon. I prefer to look on the bright side. The case is a strong win for workplace privacy proponents. And every acceptable use policy called into question by this opinion is an opportunity for some attorney to get paid to write a better one.

The Ninth Circuit released its opinion in Zango Inc. v. Kaspersky Lab Inc., No. 07-35800 (9th Cir. June 25, 2009), this afternoon, rejecting an adware company's argument that anti-spyware software makers are not among the class of defendants that Congress intended to give immunity under the "safe harbor" protections in Section 230 of the Communications Decency Act. Zango argued, unsuccessfully, that CDA Section 230's protections should be limited to online content providers.

In addition to finding text-based support for immunity, the court also found that according immunity to Kaspersky advanced Congress's policy objectives as well:

According protection to providers of programs that filter adware and malware is also consistent with the Congressional goals for immunity articulated in § 230 itself. Five policy objectives are identified. Of these, two read on the issues in this case: “to encourage the development of technologies which maximize user control over what information is received by individuals, families, and schools who use the Internet and other interactive computer services;” and “to remove disincentives for the development and utilization of blocking and filtering technologies that empower parents to restrict their children’s access to objectionable or inappropriate online material[.]” §230(b)(3), (4). As more software is developed to block malware, users will be able to exercise more control over the content that is transmitted to their computers.

Thus, affording the safe harbor to providers of anti-malware software aligns with the Congressional policy stated in § 230(b)(3). Malware may also expose users to objectionable content, including links to pornographic websites, or to software that can compromise the user’s privacy, computer security, or identity. Thus, the policy stated in § 230(b)(4), of removing disincentives for the development of software that filters out objectionable or inappropriate material, is served by a safe harbor for providers of malware-filtering software who otherwise fall within the terms of the statute.

The court held that Kaspersky was entitled to immunity as a "provider" of an "interactive computer service," Section 230(f)(2), rejecting a handful of technical arguments otherwise.

The court also rejected, importantly, Zango's claim that Kaspersky was not entitled to immunity because Kaspersky -- not the user -- determined which sorts of content were objectionable. Zango claimed that Kaspersky's software unlawfully permitted Kaspersky to override the user's previous agreement to install Zango's adware. So long as the material blocked is objectionable under Section 230(c)(2)(A) -- defined there as "material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable ..." -- then Kaspersky is entitled to claim CDA Section 230 immunity, the court said.

The court declined to read a good faith requirement into this part of the statute. This part of the opinion troubled Judge Fisher, prompting him to to write a concurring opinion calling for some sort of "good faith" limitation on a provider's ability to declare content "objectionable":

[U]nder the generous coverage of § 230(c)(2)(B)’s immunity language, a blocking software provider might abuse that immunity to block content for anti-competitive purposes or merely at its malicious whim, under the cover of considering such material “otherwise objectionable.” Focusing for the moment on anti-competitive blocking, I am concerned that blocking software providers who flout users’ choices by blocking competitors’ content could hide behind § 230(c)(2)(B) when the competitor seeks to recover damages. I doubt Congress intended § 230(c)(2)(B) to be so forgiving.

• ...*

It would be an abuse of this immunity to apply it to blocking activity of the kind I have hypothesized here. Nevertheless, until Congress clarifies the statute or a future litigant makes the case for a possible limitation, I agree that Kaspersky qualifies for immunity under this broadly worded statute.

The Ninth Circuit's take on this case pretty much followed the lower court's approach, and it certainly accorded with most legal experts's views on the scope of CDA Section 230, so no big surprises today. Nevertheless, the court's opinion provides anti-spyware software makers (and anti-spam services) with additional confidence to go out and develop robust user protections, without fear of courting legal liability.

Pity poor Jeff Aronson, who built his company, Cash4Gold, into a highly successful venture -- only to see his fortune raided by a competing operator with the same business idea, using the same marketing methods, and very similar trade names. Names like Money4Gold and Dollars4Gold. Aronson's competitor wasn't very scrupulous in his respect for Aronson's trademark. The competitor used banner ads and logos similar to Aronson's on Web sites and in Google paid search advertising, all of which triggered clicks to the competitor's Web site.

Aronson's bid for a preliminary injunction against Money4Gold/Dollars4Gold started off strong. Whereas I probably couldn't have resisted commenting that Cash4Gold built its business by skillfully exploiting human misfortune, the trial court remarked that Cash4Gold's success "is the product of good timing, hard work, and effective advertising." Better yet, the court found that the defendant, Money4Gold, advertised with marks both identical and similar to Cash4Gold. The court further remarked that there was evidence in the record to support a finding that Money4Gold intended to cause consumer confusion.

But Aronson's case foundered on his choice of name for his business: Cash4Gold, a descriptive word mark that is not entitled to protection under Section 43(a) of the Lanham Act unless it has secondary meaning. ("Secondary meaning" means that the mark in question is so strongly associated with the mark's owner in the mind of the public that it is no longer a generic, descriptive term.) A case for secondary meaning is typically created by evidence of advertising campaigns and the extent to which these advertising campaigns are successful at creating link between the mark and the services provided by the mark owner. In this case, despite evidence that Cash4Gold had spent "tens of millions" of dollars in advertising (including TV spots featuring the late Ed McMahon, radio spots by Howard Stern, and sponsorship of a NASCAR driver), Cash4Gold's evidence failed to demonstrate secondary meaning existed at the time the defendant began encroaching on the Cash4Gold mark, sometime in September 2008. Cash4Gold's claim to secondary meaning was also undermined by Aronson's candid admission that the phrase has been around for a long time:

[T]there simply was not enough evidence for the Court to find as a factual matter that Plaintiff’s mark satisfied the Conagra factors and thereby obtained that quantum of recognition known as secondary meaning before September of 2008.

Moreover, Plaintiff’s CEO Jeff Aronson testified that the phrase "cash for gold” has been used “since the days of mining.” He said this while being questioned about the fact that Plaintiff does not presently hold a registration in the Patent and Trademark Office for its mark “Cash4Gold,” while another company, Napala Gold, does own one. When exactly “the days of mining” were is unclear, but his manner indicated that it was a long time in the past. While said only in passing, the fact that Plaintiff’s biggest cheerleader believes that the phrase has been used presumably since the California Gold Rush era seriously undermines its claim to the distinctiveness and exclusiveness of its mark “Cash4Gold” for a precious metal refining business.

Although the court denied Cash4Gold's request for a preliminary injunction, it left the door open for reconsideration if Cash4Gold could put together a better case for secondary meaning. Cash4Gold didn't offer much evidence regarding secondary meaning as of September 2008, and the court here wasn't willing to assume that the mark was as well-known then as it is now.

Cash4Gold also lost its copyright infringement claim against Money4Gold, a claim that was based on Money4Gold's copying of a small portion of the Cash4Gold Web site. The court remarked that, despite the evident copying that occurred here, the Money4Gold and Dollars4Gold Web sites "have a strikingly different look to them from the Plaintiff's site and would not strike a lay observer as having appropriated the protected elements of Plaintiff's website."

Cash4Gold submitted to the court 43 pages of material printed from its Web site. The copycat Web sites created by the defendant were just 1-3 pages in length. On this disparity of size alone, the court said, the defendant's Web sites cannot be deemed to be substantially similar to -- and thereby infringing -- the Cash4Gold Web site.

This case is further evidence that copyright law is a poor means to prevent free-riding of the sort that occurred here. It's also further evidence of the "generous" of copyright law: money-making ideas like Aronson's are free for the taking; only their expression is protected, and loosely so in the case of marketing content.

The case is Green Bullion Financial Services v. Money4Gold Holdings Inc., No. 09-60027 (S.D. Fla., June 22, 2009).

There is an arresting story over at ReadWriteWeb about the City of Bozeman, Mt., and its demand that prospective employees supply the city with the usernames and passwords for any Web sites they might belong to. Including, but not limited to Facebook, MySpace, Yahoo, Google, and YouTube -- that sort of thing. The city is justifying this invasion of privacy as necessary to ensure that employees "have the highest moral character and are a good fit for the City." It is easy to see that what the City of Bozeman is doing is about power, not good government. Why else would its snooping apply only to prospective employees and not current employees? Why policemen, firemen, and lifeguards? Why not the mayor and the city council? Those are the city jobs where a city really need persons of "the highest moral character." And why stop at reading through their Facebook messages? I say tap the mayor's phone, install a keylogger on her computer (at work and at home), and read through all her e-mail. That's how you ensure that local government officials have the highest moral character.

Update: The City of Bozeman rescinded this policy a day after this post was written.

President Obama's call yesterday for reform of the regulatory regime governing financial institutions promises to bring additional federal scrutiny to the rest of the Web as well.

The White House plan would create a new Consumer Financial Protection Agency (CFPA), an independent federal body with broad authority to set and enforce consumer-friendly standards for loans, savings products, and other financial offerings. However, there is more to the plan than that. Here's a couple things I saw in the 88-page document explaining the plan.

Privacy Authority to Remain with Stronger Federal Trade Commission

The president's proposal was explicit that the FTC will stay on the privacy beat:

The FTC should also remain the lead federal consumer protection agency on matters of data security, with front-end privacy protection on financial issues moved to the CFPA.

But President Obama believes that the FTC needs more manpower and more authority to carry out its mission. The president called for increasing the FTC's "human, financial, and technical resources," which I take to mean personnel and budget. More importantly, perhaps, the president would like to see the commission's rulemaking authority substantially broadened:

The FTC should be authorized to conduct rulemakings for unfair and deceptive practices under standard notice and comment procedures, and to obtain civil penalties for unfair and deceptive practices.

This is a change from the current situation, in which the FTC's rulemaking authority is confined to specific statutory delegations from Congress and to Magnuson-Moss-style rulemakings. Whether or not the FTC has general authority to enforce FTC Act Section 5 ("unfair or deceptive acts or practices") via notice-and-comment rulemaking is a highly debatable point, from what I can tell. The president is proposing to end that debate in favor of expanding the FTC's rulemaking authority. If the president gets his way, the FTC will have a broad mandate to write rules for all aspects of the business-to-consumer game.

Financial Consumer Protection Rules Will Bleed Over to Non-Financial Commerce

Among the mandates for the new CFPA are (1) ensuring that consumers "have the information they need to make responsible financial decisions" and (2) ensuring that consumers "are protected from abuse, unfairness, deception, or discrimination." Carrying out this aspect of the new agency's mission will necessarily entail promulgating new rules for online disclosure of the terms under which financial services are being provided, such as privacy and data security policies, as well as normative rules regarding forbidden contract terms. One such norm is prohibiting mandatory arbitration clauses -- something that the president's proposal says the CFPA should have the authority to do.

The president's plan also has quite a bit to say about disclosures to consumers:

We propose a new proactive approach to disclosure. The CFPA will be authorized to require that all disclosures and other communications with consumers be reasonable: balanced in their presentation of benefits, and clear and conspicuous in their identification of costs, penalties, and risks.

We propose the following initiatives to improve the transparency of consumer product and service disclosures.

Make all mandatory disclosure forms clear, simple, and concise, and test them regularly. Mandatory disclosure forms should be clear, simple, and concise. This means the CFPA should make judgments about which risks and costs should be highlighted and which need not be. Consumers should verify their ability to understand and use disclosure forms with qualitative and statistical tests.

Note the part about how the CFPA should make judgments about which risks should be highlighted. "Self-regulation" and market forces are not welcome here. And the president is proposing that the CFPA's rules be "a floor not a ceiling," thus inviting additional consumer protection attention at the state level.

It is difficult to see how these new rules on transparency and on "abuse, fairness, deception, or discrimination" in the financial services market will not eventually supply the standard for fairly dealing with consumers in all other aspects of online commerce. In fact, my reading of the president's proposal didn't turn up any language limiting his consumer protection proposals to the financial services market.

Nobody can know which if any of the president's proposals will survive the legislative process, of course. And I hate hyperbole, but there it is. How could a new federal consumer protection agency, and a beefed-up FTC, not be pervasive regulators of online commerce?

If you're laboring under the misapprehension that there is a not a lot of consumer choice in wireless service or appliances, representatives from AT&T and the AT&T-supported Progress and Freedom Foundation will explain otherwise at the Senate Energy and Commerce Committee's "The Consumer Wireless Experience" hearing this afternoon. For persons not in the Washington area, the event is available on the series of tubes. Also testifying will be representatives from U.S. Cellullar (no service in Washington, D.C. area) and Cellullar South (no service in Washington, D.C. area), as well as Prof. Robert Frieden, Pioneers Chair of Telecommunications and Law, Pennsylvania State University, lately prominent for his paper, "The Spin in Broadband Statistics: Finding Ways to Make a Credible Assessment of Next Generation Network Deployment."

In most cases, when a court reaches a bad decision, the lawyers are at fault. Hysterical rhetoric, poor research, failure to acknowledge the legitimacy of the opponent's arguments, failure to appreciate the logical consequences of one's own arguments, or the absence of legal representation on one side of the case. I am going to put the case of Nebraska v. Drahota, No. 08-628 (Neb. Ct.App., June 16, 2009), into the last category. An intermediate state court in Nebraska, without appearing to think too hard about the issue, held that a student was lawfully convicted of breach of the peace based on a pair of e-mail messages (okay, profane rants) he sent to a professor. The court also held, again without too much analysis, that the student's e-mails were constitutionally unprotected insulting or "fighting words," citing Chaplinsky v. New Hampshire, 315 U.S. 568 (1942), in support.

The defendant represented himself.

This case involved (1) a student, (2) writing about politics, (3) via e-mail. It is difficult to imagine how this sort of communication can disturb the peace or why it would not be subject to the most stringent First Amendment protection. This guy (who has a strained take on reality) should have hired an attorney. Now we're all stuck with this court's opinion.

What a great witness list for Thursday's Capitol Hill hearing on behavioral advertising. Google, after being excoriated by AT&T during the last two hearings, finally gets to express its views on privacy as it relates to tracking online behavior. Other network advertisers will have a chance to tell their side of the story too. The role of AT&T/Anti-Google will be played by Scott Cleland, a telco-friendly analyst.

The hearing will be webcast from the House Energy and Commerce Subcommittee on Communications, Technology and the Internet Web site.

Media Advisory

Energy and Commerce Subcommittee Hearing on “Behavioral Advertising:  Industry Practices and Consumers’ Expectations”

WASHINGTON, DC —The Subcommittee on Communications, Technology and the Internet and the Subcommittee on Commerce, Trade, and Consumer Protection will hold a joint hearing titled, “Behavioral Advertising:  Industry Practices and Consumers’ Expectations” on Thursday, June 18, 2009, in 2123 Rayburn House Office Building.  The hearing will examine the potential privacy implications of behavioral advertising.

INVITED WITNESSES:

• Jeffrey Chester, Executive Director, Center for Digital Democracy
• Scott Cleland, President, Precursor LLC
• Charles D. Curran, Executive Director, Network Advertising Initiative
• Christopher M. Kelly, Chief Privacy Officer, Facebook
• Edward W. Felten, Professor of Computer Science and Public Affairs, Princeton University
• Anne Toth, Vice President of Policy, Head of Privacy, Yahoo! Inc.
• Nicole Wong, Deputy General Counsel, Google Inc.

WHEN:          10:00 a.m. on Thursday, June 18

WHERE:        2123 Rayburn House Office Building

We're running the following item tomorrow to alert BNA Electronic Commerce & Law Report readers of the opportunity Facebook is offering trademark owners to preemptively block misappropriation of their marks when Facebook opens up its service to vanity URL registrations tomorrow night. I don't see any reason not to share it more widely. Thank you to the estimable David Kelly at Finnegan, Henderson, Farabow, Garrett & Dunner LLP, who shared his insights as well as a few relevant cases I was unaware of, and to BNA's Amy Bivins, who dashed this off late today.

The Facebook social networking site is taking steps to combat "name squatting" ahead of its June 13 launch of a new feature that will permit users to create vanity URLs incorporating their names, such as http://www.facebook.com/username.

Trademark holders can sign up now to block the registration of their marks. Facebook has already reserved certain names in an effort to assist third parties in protecting intellectual property and other rights.

David Kelly, who chairs the Trademark Group at Finnegan Henderson Farabow Garrett & Dunner LLP in Washington, D.C., told BNA today that the Facebook development is yet another area where trademark owners will have an opportunity to enforce their intellectual property rights.

"The good news is that Facebook at least has guidelines, encourages parties to use their real personal or business names, and has a mechanism for trademark holders to object to the use of their marks in these personalized URLs, though these safeguards will not prevent all username squatting problems," he said.

One issue raised by Facebook's trademark protection mechanism asks mark owners to provide a registered trademark, which implies that common law trademark rights may not be sufficient.

This creates the possibility of a conflict in situations where businesses with similar names are in different markets or geographic areas use the same mark, or situations where users have the same personal name as a celebrity, Kelly said.

Liability Unlikely for Services, but User Liability Possible.

Most widely used social networking sites prohibit unauthorized name and trademark use in their terms of service, and a growing number are banning username squatting--registering accounts associated with names or companies without authorization--specifically.

Under the reasoning in Tiffany v. eBay Inc., it is possible that social networks themselves could be held liable for username squatting, on a contributory infringement liability theory, if they continue to provide services to users they know or have reason to know are engaging in infringement. Tiffany v. eBay Inc., No. 04-4607 (S.D.N.Y. July 14, 2008)(13 ECLR 942, 7/16/08). Under Tiffany, general knowledge that infringement is occurring on a service is not enough to generate contributory liability.

Kelly told BNA that the username squatting issue, from the registrant perspective, is similar to e-mail addresses and screen names, which courts have addressed. For example, in Highfields Capital Management L.P. v. Doe, 385 F. Supp. 2d 969 (N.D. Cal. 2005), a magistrate judge quashed a subpoena requiring Yahoo! to identify a party that posted sarcastic message board comments about a company's stock performance using the company's name.

Finding the comments were not driven by a competitive purpose, and that it was unlikely readers would think the negative comments were in some way sponsored by the company, the court said the use qualified as a fair use.

But in Freedom Calls Foundation v. Bukstel, 2006 WL 845509 (E.D.N.Y. Mar 3, 2006), the court issued a preliminary injunction against a company's former employee, who had set up an e-mail address and instant messenger account using the company's name, concluding the use was likely infringing.

Facebook Plans Name Squatting Protections.

In instructions on the new vanity username program, Facebook directed users to choose a name as close as possible to their true names, and states that names cannot be changed or transferred after they are created.

Facebook is limiting participation to users who were Facebook members prior to its announcement of the program, a restriction designed to deter parties from signing up to "name squat." However, the restriction is temporary: New users will also be able to sign up for vanity usernames beginning June 28.

Facebook provides a link for "rights holders," through which they can prevent the registration of a trademark as a username. The form requires trademark owners to list the trademark as well as the registration number to be blocked. Rights holders do not have to have Facebook accounts to block registration of their marks.

In an effort to combat name squatting, Facebook will not permit the transfer of vanity URLs. If a user cancels an account, the associated URL will not be available as a new Facebook URL. Users will also not be permitted to register generic terms as usernames. Facebook said that it reserves the right to remove or reclaim a username at any time and for any reason.

Twitter to Test Verified Accounts.

Facebook's announcement comes against the backdrop of a high-profile lawsuit against another social networking site, Twitter, brought by a public figure who was impersonated on the Twitter site.

St. Louis Cardinals manager Tony La Russa filed his complaint in the San Francisco Superior Court, asserting trademark infringement, false designation of origin, dilution, cybersquatting, misappropriation, invasion of privacy, and intentional misrepresentation claims (La Russa v. Twitter Inc., Cal. Super. Ct., No. 02487393, complaint filed 5/6/09). He attached to the complaint a series of updates, or Tweets, which the user posted as "TonyLaRussa."

Twitter removed the action to federal court on June 5. The next day, a Twitter official blogged that the La Russa complaint was an "unnecessary waste of judicial resources," asserting that the company's Terms of Use are fair to rights holders. The blog post further revealed that Twitter plans to test a verified account system this summer, through which public officials, public agencies, famous artists, athletes, and other well-known individuals at risk of impersonation can create accounts verified by a seal.

By Amy E. Bivins

Links:

Facebook's form for trademark owners to block mark registration.

Facebook's IP infringement notification form.

La Russa's complaint against Twitter.

Update: Morrison & Foerster has an alert on the Facebook situation.