More examples of judges clueless about technology... and one that gets it, April 21, 2015

More examples of judges clueless about technology... and one that gets it

You post something to a website. Later, you want to remove the post. The site says, "No dice. That post belongs to us, not you." You sue the site, claiming that it is infringing on your copyright on the material you posted.

The court says, "Uh-uh. The site's terms and conditions state that by posting to the site, you gave the company 'an irrevocable, perpetual, fully paid, worldwide exclusive license to use, copy, perform, display and distribute [the post’s contents].'" You counter that you never clicked any "I agree"-type button on the site, so you didn't have notice -- actual or constructive -- of the site's terms.

"Uh-uh," the court says again. You had constructive notice of the terms and conditions because some of the terms appear on the site just above the "Continue" button you have to click before being able to post anything there. That means you had constructive notice of the site's terms and conditions. Those terms transferred the copyright for your post to the site. It's not yours anymore -- it's theirs to do with as they please.

Who reads a site's terms and conditions before they post a comment or other material on the site? Almost nobody. Yet the site can enforce the most one-sided terms and claim you had constructive notice of them, not because the actual terms and conditions were displayed, but only because the phrase "Terms and Conditions" appeared on a page you opened.

This scenario played out in Small Justice LLC, et.al. v. Xcentric Ventures LLC (No. 1:13-cv-11701-DJC (D.Mass.)), as Mikah Miller of Proskauer explains in an April 13, 2015, post on the JD Supra Business Advisor site. The court ruled that the terms and conditions on Xcentric's RipoffReport.com site constituted "browsewrap," which means no action is required by the user to accept the terms other than to continue to use the site.

That's distinguished from "clickwrap," which requires that the user check a box or take some other overt action to accept the terms. Still, the court ruled that by displaying "Terms and Conditions" prominently, the service gave the user constructive notice of the terms, even those terms that were never actually displayed to the user.

It makes me wonder whether Judge Denise Cooper of the District of Massachusetts has read every word of every "terms and conditions" document appearing on every website she's ever visited. That's about what it takes for a site visitor to understand all the consequences of all the actions they may take on the site.

Several years ago, two researchers at Carnegie Mellon University, Lorrie Faith Cranor and Aleecia McDonald, calculated the amount of time required to read all the privacy policies on all the websites you visit in a year. According to their calculations, you would spend 76 eight-hour workdays just reading them. If everyone in the U.S. read every privacy policy they encounter, it would represent 58 billion hours of lost work time, according to the researchers. The Atlantic's Alexis C. Madigral wrote about the study results in a March 1, 2012, article.

Hey, Judge Cooper, which world exactly is the court in which you preside located?

If you opened this email, you now have constructive notice that the material you upload to a site may no longer belong to you. You are on notice even if you never read a word of this message. (I won't take it personally -- I know how busy you are.)

Not all sites are as grabby as the defendant in the above case Xcentric Ventures and RipoffReport.com. For example, Facebook's Statement of Rights and Responsibilities states that "[y]ou own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings." However, you give Facebook "a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License)."

That license lasts until you delete the material, unless the material "has been shared with others, and they have not deleted it." Of course, sharing content is what Facebook is all about, so most such licenses will never expire. If you stick with Facebook's default privacy and application settings -- which nearly all Facebook users do -- the company's license to your photos and posts is, in effect, perpetual. You may "own" it, but Facebook is free to use it as the company sees fit, including the ability to license it to a third party without any compensation to you. Sweet deal for Facebook, eh?

Web video services can share your personal info without any restrictions

You stream AMC's "Walking Dead" from AMC's website. AMC collects your identity and a record of the shows you watch, then it shares the information on Facebook -- without your consent. The Video Privacy Protection Act prohibits video providers from disclosing personal information about their customers or their viewing habits without the customers' written consent.

Has AMC violated the Video Privacy Protection Act? No, says U.S. District Court Judge Naomi Reice Buchwald of New York. Why not? Because the plaintiff didn't have an "ongoing relationship" with AMC, according to the court's ruling that dismissed the suit. MediaPost's Wendy Davis writes about the decision in an April 13, 2015, article.

The judge stated in her decision that the plaintiff didn't pay to watch the video, didn't have to register, didn't have to download a player or any other software to watch the video, and didn't take any other action that would associate her with AMC. Therefore, no relationship. Yet the plaintiff had enough of a relationship with AMC to allow the company to collect and share the plaintiff's personal information: I know who you are, I know what you watch, I share it with a third party without your consent, yet I haven't violated the Video Privacy Protection Act because we don't have a relationship. Could you run that by me one more time, Judge Buchwald?

Three other video sites have won similar disclosure-without-consent cases, albeit for different reasons. Hulu got off the hook because the judge found the plaintiffs couldn't prove that Hulu knew the "like" button could transmit information about the plaintiffs to Facebook. (Wha?) The Cartoon Network and Dow Jones prevailed because the courts ruled that combining device identifiers with viewing history doesn't qualify as personal information. This despite the fact that it is trivially easy for a third party to convert a device ID into a person's name.

Hey, judges. What you do online? It's personal. Not private -- definitely not private -- but personal.

Defaming someone in a blog post doesn't establish defendant's 'minimum contacts'

You're a scientist in California who publishes research criticizing the efficacy of a Texas company's skin-care products. An Illinois-based consultant for the skin-care company participates in a "campaign of harassment" against you and your partner scientist that includes false claims. Among the false claims are that you lost your medical license, you were charged with domestic violence, and you used multiple Social Security numbers.

You sue the company, its CEO, and the "highly compensated" consultant for defamation in a California court. The consultant files a motion to quash for lack of personal jurisdiction. The trial court and court of appeals both deny the motion. However, the California court reconsiders following the U.S. Supreme Court’s decision in Walden v. Fiore, 134 S. Ct. 1115 (2014), which found that personal jurisdiction cannot be based solely on where the "effects" of the defendant's tortious actions were felt.

Erika Graves of Sedgwick LLP examines the decision in an April 16, 2015, article on the JD Supra Business Advisor site. The standard for finding personal jurisdiction in defamation cases has been Calder v. Jones, 465 U.S. 783 (1984): Were the defendant's actions "expressly aimed" at the forum, which was the "focal point" of the harm? In Walden, the DEA seized money in Georgia from a Nevada resident. The plaintiff asserted that the harm of the false affidavit leading to the seizure was felt in Nevada, where he sued. The court ruled the defendant lacked jurisdiction in Nevada because the defendant's actions must create a substantial connection to the forum state. The connection cannot be based solely the effects of those actions.

The burden is on the plaintiff to show the defendant's actions were targeted specifically at the forum state, not merely that the defendant knew the effects of the actions would be felt in the forum state.

What a 19th century concept.

On the Internet, it rarely matters where a person is physically located. The effect of the person's Internet actions on a specific physical location matters even less. This is an example of a court rule being rendered nonsensical in the Internet Age. Personal jurisdiction is becoming a vestigial limb that in fact can hinder the cause of justice more than it facilitates it.

By burdening the plaintiff in a defamation case to sue in the defendant's jurisdiction, the courts are discouraging potential defamation plaintiffs. Does this give people the right to defame with impunity others who happen to be located far away, so long as the defamation isn't targeted at the jurisdiction itself? C'mon, courts. You can do better than that.

One court that got it right: Hands off our contact lists!

Phone apps love to get ahold of your contacts. Some are so anxious to collect the names, addresses, phone numbers, email addresses, and other contact information that they don't bother asking for your permission before helping themselves to the list.

The U.S. District Court for the Northern District of California ruled in Marc Opperman v. Path, Inc., Case No. 13-cv-00453-JST (2015), that the plaintiffs in the putative class action may proceed with their claims against Apple. The plaintiffs allege that Apple allowed app developers and social-media companies to access the contact lists stored on iDevices without first getting the users' permission. Apple thus misrepresented its security policies to the plaintiffs, according to their suit. Sally Albertazzie of Steptoe & Johnson LLP writes about the court's ruling in a short April 4, 2015, post on Lexology.

The court also allowed the plaintiffs to pursue invasion of privacy claims against Electronic Arts, Foursquare, Instagram, Path, Twitter, and Yelp, which the plaintiffs charge with misappropriating "highly personal and private" information stored on the plaintiffs' iDevices.

There's another important issue involved in the indiscriminant sharing of contact lists. If someone has your information in their contacts and they choose to share the information with a third party, you have no control over how the information will be used and who it will be shared with. Contact information is pure gold to companies that make their money by selling to third parties what they know about you. These days, nearly every organization you come into contact with is retaining, reusing, and likely reselling what they learn about you -- what you share with them explicitly, and what they collect about you without your express knowledge or informed consent.

They may not even bother to thank you for sharing. Companies may be more forthcoming about what personal information they collect if the consequences of not doing so without express permission hurt their bottom line. Until then, they'll keep snooping, collecting, and selling what they know about you to the highest bidder -- without so much as a "by your leave."