TechLaw

The small body of law pertaining to hyperlinks grew a little last week with a military appellate court's decision that the act of distributing a hyperlink to an online source of child pornography did not subject the defendant to criminal liability for distributing the child pornography available at that address.

The court's decision was interesting for its discussion of the differences between transmitting a computer file and transmitting a pointer to that file's location, and whether different legal consequences should attach to these scenarios. Hyperlinks are valuable currency on the Web 2.0 Internet. I came away from this case with the sense that the criminal code, at least some portions of it, has yet to recognize this fact.

The decision was a close one, a 3-2 vote, where the majority based its ruling on the plain language of the statute. Child pornography is a visual depiction of a minor engaging in sexually explicit conduct. A "visual depiction," as defined by 18 U.S.C. 2256(5), "includes ... data stored on a computer disk or by electronic means which is capable of conversion into a visual image[.]"

The defendant was alleged to have transmitted to an undercover law enforcement agent a hyperlink pointing to a Yahoo! Briefcase server containing images of child pornography. The court rejected the government's argument that a hyperlink to child pornography meets the statutory definition of a "visual depiction" of child pornography. "The data contained in a hyperlink is not capable of conversion into any type of visual image," it said. The court said that a hyperlink was a shortcut to a particular location on the Internet--not child pornography itself or data capable of conversion into child pornography.

Two dissenters argued that there is little difference--a few extra mouseclicks, at most--between the distribution of a hyperlink to child pornography and distribution of the child pornography itself. They relied on language in Universal City Studios Inc. v. Corley, No. 00-9185 (2d Cir., Nov. 28, 2001), a copyright infringement case, in which the Second Circuit found infringement liability because the hyperlinks published by the defendant had the "functional capacity" to deliver infringing content instantaneously to an Internet user's computer. Building on Corley, the dissenters would have affirmed the defendant's conviction. "The recipient's ability to access and use images transmitted by hyperlink is functionally indistinguishable from the ability to access and use images transmitted as individually saved files," they wrote.

The case is United States v. Navrestad, No. 07-0199 (C.A.A.F., May 14, 2008).

It is really tough to get a class arbitration waiver upheld in California. Maybe impossible. When the Ninth Circuit, in Shroyer v. New Cingular Wireless Services Inc., 498 F.3d 976 (9th Cir. 2007), held that the class arbitration waiver in Cingular (now AT&T)'s wireless terms of service was unconscionable, the company decided to "improve" the class arbitration waiver language rather than eliminate it.

AT&T added to the AT&T Mobility terms of service several incentives for plaintiffs to engage in individual arbitration. Chief among them:

If a person prevails on the merits at arbitration, and receives an award: (1) equal to or less than the greater of (a) $5,000 or (b) the maximum jurisdictional dollar amount for small claims actions in the county containing the person’s billing address; and (2) greater than AT&T’s last written offer prior to selecting an arbitrator; then AT&T will pay the greater of (1) or (2) instead of the award, and pay the person’s attorney double their fees and reimburse them for reasonable costs.

This isn't good enough, according to the court's decision in Steiner v. Apple Computer Inc., No. 07-4486 (N.D. Cal., March 12, 2008). The plaintiff sought class treatment of his claim that Apple unlawfully failed to disclose substantial expenses iPhone users would incur when replacing batteries on the device. The court ruled that, after Shroyer, AT&T needed to demonstrate that the individual arbitration remedy available under the terms of service "functions as well as a class action would, such that it has not insulated itself from hundreds of thousands, if not millions of iPhone users seeking recovery of the hidden $114.95 in annual battery-changing and related charges."

The court held that the benefits of pursuing individual arbitration were illusory in many instances; in any event, it said, the relevant inquiry is a comparison between the outcomes for all iPhone consumers under the arbitration agreement and under a class action suit. "In this regard, AT&T has not presented any evidence that all iPhone consumers would recover more, on average, if the Court let the Arbitration Agreement stand rather than allowing the Steiners' class action to proceed."

The court was not concerned with whether the plaintiff would receive a fair hearing on his claim. Rather, the inquiry was whether all iPhone users would do better in a class action. On the subject of attorneys' fees, the court wrote that reasonable attorneys' fees in arbitration were not be an adequate incentive to seek redress because what attracts attorneys to class actions is the prospect of lucrative attorneys' fees.

It is hard to imagine any class arbitration waiver that could withstand this sort of inquiry. The main purpose of an arbitration clause is to minimize exposure to litigation. After Shroyer, it appears, the fact a consumer will be able to receive a fair hearing in an individual arbitration proceeding does not save a class arbitration waiver from a finding of unconscionability. In cases like Shroyer and now Steiner, where the plaintiff alleges that the defendant has engaged in a fraudulent scheme by taking a little money from thousands or millions of consumers, any attempt to minimize liability via arbitration will be suspect.

Imagine you're on a flight from Seattle to New York. Your eyes wander over to the laptop screen of the passenger sitting next to you. Imagine (you have quite an imagination) your brief glimpse of the screen reveals the details of one software company's not-yet-public offer to purchase a leading online property. Assume this information is very valuable. Have you, in that moment, violated the Computer Fraud and Abuse Act?

Possibly. There are quite a few ways to violate the CFAA, but a garden variety violation requires proof that the defendant "accessed" a "protected computer" without authorization or in excess of authorized access and thereby obtained information (a criminal offense under 18 U.S.C. 1030(a)(2)(C)) or "anything of value" (a criminal offense under 18 U.S.C. 1030(a)(4) if done with intent to defraud) or caused damage and loss of at least $5,000 (a civil offense under 18 U.S.C. 1030(g)).

Thanks to the Internet, nearly every computer is a "protected computer." The hard part of the analysis is deciding whether you have "accessed" your flight companion's laptop and whether that access was unauthorized. The statute is no help here. Congress failed to define either "access" or "authorization" in the CFAA (though it did define "computer").

My dictionary defines the verb "access" as "to gain or have access to; esp., to retrieve data from, or add data to, a database [branch officials can access the central database]." With this definition in mind, it's certainly plausible to argue that your glance "accessed" that laptop.

Which brings us to the final inquiry: Was your access of the laptop unauthorized? Certainly the laptop owner did not want you to read that top-secret, super-valuable information he was so carelessly perusing. Is that enough to establish a lack of authorization? Is there a requirement that the laptop's owner first inform you that you do not have permission to read over his shoulder? Would it matter if you were a former employee at the laptop owner's company and thus you knew immediately that you did not have permission to read the information on the screen? Would it matter if you had signed a confidentiality agreement while working at the company?

There really are no solid answers to these questions. Congress' decision to add a civil remedy to the CFAA in 1994 and its later decision to drape CFAA liability over the entire Internet by extending the CFAA to any computer used in interstate commerce have combined to create a vast new expanse of computer fraud liability that laywers and courts are only now beginning to explore. And while there are several murky corners of the CFAA (such as what constitutes damage and/or loss), the area receiving the most attention right now is the idea of which kinds of computer accesses are "unauthorized" or "exceeds authorized access."

Several courts have given an expansive reading to these terms, commonly in cases in which access is initially authorized or conditionally authorized, but the information taken is later put to an unauthorized use. Here are a few leading cases supporting a broad reading of unauthorized access.

In America Online Inc. v. LCGM Inc., 46 F. Supp.2d 444 (E.D. Va. 1998), a court held that an AOL user who harvested e-mail addresses of other AOL users made an unauthorized access of AOL's computer network because such use violated the AOL terms of use, which he had assented to via a mouseclick.

In EF Cultural Travel BV v. Explorica Inc., 274 F.3d 577 (1st Cir. 2003), the court held that the a datamining tool to collect publicly available pricing information was unauthorized because it violated a confidentiality agreement signed by the defendant, a former employee of the plaintiff.

In Register.com v. Verio, 126 F. Supp.2d 238 (S.D.N.Y. 2000), the court held that a competitor's use of repeated database queries, in violation of Web site terms of use, and after objection by Web site owner, was unauthorized under the CFAA.

In International Airport Centers v. Citrin, 440 F.3d 418 (7th Cir. 2006), the court imported common law agency principles to conclude that an employee's otherwise-authorized use of the employer's computer network becomes unauthorized when the employee acts against the interests of the employer.

Citrin is a controversial decision, and some courts have rejected it. Nevertheless, Citrin gets you into court with a plausible (decisive in the Seventh Circuit) argument that your company was the victim of federal computer fraud when employees take valuable information on their way out the door.

These cases have generated a lot of interest from companies who incur business losses when employees depart to work for competitors. The tactical advantages of a CFAA cause of action against departing employees are discussed by technology law experts here and here. The availability of a federal forum, the ability to protect information that does not qualify for copyright or trade secret protection, and the availability of injunctive relief, are just three reasons for increasing interest in the CFAA's civil remedies.

Later this week, on May 23, ALI-ABA is conducting an online seminar on civil uses of the CFAA in these situations.

Finally, there is the case of Lori Drew, a Missouri woman who has been indicted for violating the CFAA's criminal provisions, arising from her alleged use of the MySpace.com Web site in violation of its terms of service. This prosecution holds out the possibility that a CFAA criminal prosecution for "unauthorized" accesses could include any violation of a Web site's terms of use. Hard to imagine.

Daniel J. Solove at Concurring Opinions and Orin Kerr at the Volokh Conspiracy have commentaries on the case here and here.

Francis Gurry has been nominated to be the next Director General of World Intellectual Property Organization, according to an announcement released today by that organization. Gurry, presently WIPO's Deputy Director General, will have to be officially appointed by the WIPO General Assembly this fall.

Gurry should be well-known to cyberlaw attorneys, having lobbied hard for the creation of ICANN's Uniform Domain Name Dispute Resolution Policy, a quick-justice remedy against cybersquatters, way back in 1999. While at WIPO, Gurry built WIPO's Arbitration and Mediation Center into the leading provider of UDRP dispute resolution services.

Earlier this year I blogged about a Vermont divorce court's recognition of the fact that the First Amendment places limits on a court's ability to enjoin divorcing couples' ability to write nasty things about each other on the Internet. The court recognized the issue, but did not decide it, given the court's limited subject-matter jurisdiction.

Yesterday a California appellate court weighed in with a fuller analysis in another case involving a trial court's decision to enjoin a spouse from posting on the Internet allegedly defamatory remarks about her husband.

A couple lessons can be drawn from the California court's opinion. The First Amendment does not allow for injunctions against future, unspecified defamatory statements. However, a narrowly tailored injunction to protect privacy interests -- such as a real threat of personal harm -- is possible if the interest is sufficiently compelling.

Alleged Defamatory Remarks: Injunction Was Prior Restraint

Following a hearing, the trial court issued an order enjoining the wife (and her mother) "from publishing false and defamatory statements and/or confidential personal information about [the husband] on the internet. ..."

Two distinct types of information are implicated here: allegedly defamatory statements about the husband, and statements that allegedly violated the husband's privacy rights. The court's analysis was different for each type.

The appellate court concluded that the decision to enjoin the wife's allegedly defamatory Internet speech was an unconstitutional prior restraint. California courts applying the First Amendment to defamation claims have concluded that an injunction is constitutional only to the extent it prohibits a person from repeating statements that have been determined during a trial to be defamatory. Here, whether or not the wife's prior online publications were defamatory had yet to be determined, and the injunction was broader than a mere ban on repeating what the husband alleged the wife to have previously posted online. This aspect of the trial court's order also suffered from constitutional vagueness and overbreadth flaws, the court said, because it "fails to adequately delineate which of [the wife's] future comments might violate the injunction and lead to contempt of court."

Alleged Invasion of Privacy: Balancing Test Required

Taking up the portion of the trial court's injunction forbidding the wife from posting online "confidential personal information," the court ruled that a balancing test was required, an inquiry that weighed the husband's privacy interests against the wife's free speech constitutional rights. Relevant factors here included whether the husband is a public figure, the nature of the information involved, whether the information is of legitimate public concern, the extent of harm caused by online publication of the information, and the strength of the private and governmental interest in preventing its publication.

The first problem with the trial court's order was that it failed to define "confidential personal information." Without a clear definition, it is impossible to assess the extent of the husband's privacy interests and difficult for the wife to determine what information she was prohibited from placing on the Internet, the court said.

The husband claimed that the wife would, if permitted, post his telephone number, address, and social security number on the Internet. The husband argued that, because he is a deputy sheriff, posting this information would jeopardize his safety. And the court agreed, ruling that a court would be "fully justified" in enjoining the publication of this kind of information on the Internet:

We agree that a court would be fully justified in issuing an order preventing a party from putting this type of identifying information about another person on the Internet, particularly where, as here, that person is a law enforcement officer. To the extent that [the husband] seeks such an order and supports this request for evidence, the court would be justified in immediately ordering that this type of information be kept private. Such a restriction does not involve information that has any public value and would serve the significant public interest of protecting the safety of a law enforcement officer.

However, the court noted, the trial court's injunction was not limited to this kind of information. Any injunction prohibiting the online publication of any "confidential personal information" is vague, overbroad, and not narrowly tailored, the court said. On remand, the trial court should determine exactly which information the husband wants to keep private, and then engage in a balancing test to determine whether there is a compelling reason that the information be kept private. Information contained in court files is not necessarily exempt from disclosure, the court cautioned; in fact, it said, there is a presumption that this information is a matter of public record. Personal safety could be a compelling reason, the court suggested, but any order protecting this interest must be narrowly tailored so it does not interfere with the wife's First Amendment rights.

Update: The Citizens Media Law Blog also has a comment and more background information about the case.

The case is Evans v. Evans, No. D051144 (Calif. Ct.App., May 12, 2008).

A decade ago, back when the commercial Internet was young, cases about jurisdiction were all over the map. Predicting which sorts of online activities would subject a person or a business to the jurisdiction of a foreign court was a hazardous occupation.

Leading pre-2000 cases tended to take a broad view of what the Due Process Clause permitted in the way of "haling" an out-of-state miscreant into court to answer a local resident's complaint. Cases like Panavision Int'l L.P. v. Toeppen, 141 F.3d 1316 (9th Cir. 1998), which held that the assertion of jurisdiction over an out-of-state cybersquatter comported with federal due process, and Inset Systems Inc. v. Instruction Set Inc., 937 F. Supp. 161 (D. Conn. 1996), which held that merely operating a Web site accessible to forum residents and having a toll-free telephone number (Imagine that. A telephone number has jurisdictional significance.), drew skeptical reviews from cyberlaw specialists. If these cases were correct, a Web site operator could be sued any place that had Internet connectivity.

Things look different today. Courts have become more sophisticated when deciding jurisdiction challenges. Rarely will the mere accessibility of a Web site in the forum be enough to support jurisdiction. Nor will a blog post or two be sufficient to force the poster to defend a libel action in the post subject's home state. And nearly all courts analyzing e-commerce transactions have ruled the a single sale or two into the forum does not amount to "doing business in" or "purposeful availment of" the forum state.

Courts tend to make a determined effort to assess the quality and nature of a Web site's contacts, frequently borrowing from the "interactivity" test created in Zippo Mfg. Co. v. Zippo Dot Com Inc., 952 F. Supp. 1119 (W.D. Pa. 1997). Broad language used by the U.S. Supreme Court in Calder v. Jones, 465 U.S. 783 (1984), cited by many online plaintiffs for the proposition that jurisdiction is proper wherever the "effects" of the alleged libel are felt, has been whittled down to size by repeated judicial insistence that the defamatory online publication must have been "expressly aimed" at the forum state. Not aimed at the plaintiff. Aimed at the forum. The Fourth Circuit's opinion in Young v. New Haven Advocate, 293 F.3d 707, 711 (4th Cir. 2002), is a good example. In Young, the court held that the Due Process Clause did not permit a Virginia court to exercise jurisdiction over a state resident's libel claim against two newspapers based in Connecticut. The "effects" of the alleged libel may have been felt in Virginia where the plaintiff resided, the court said, but the defendants' Web sites were not targeted and focused on Virginia readers.

I doubt that the Ninth Circuit would decide Toeppen the same way today, even though the court has passed up several opportunities to repudiate that case. I can't remember the last time a court even mentioned let alone followed Inset Systems.

Here are several other examples of what seem to me to be correct, defensible outcomes in jurisdiction disputes:

In Malone v. Berry, No. 07ap128 (Ohio Ct.App. Dec. 6, 2007), the court held that a single eBay sale of a motor vehicle could not constitutionally support the assertion of jurisdiction by a court in the state where the plaintiff resided.

In Marschke v. Wratislaw, No. 07SD125 (S.D., Dec. 5, 2007), the South Dakota Supreme Court reached the same conclusion: a single eBay sale to a forum resident was not a constitutionally permissible basis for a state court to assert jurisdiction over the out-of-state seller.

Other cases make the same point: Shamsuddin v. Vitamin Research Prods., 346 F. Supp.2d 804 (D. Md. 2004), Machulsky v. Hall, 210 F. Supp.2d 531 (D. N.J. 2002). But see Crummey v. Morgan, No. 2007 CW 0087 (La. Ct.App., Aug. 8, 2007), in which the court cited the interactivity of the eBay Web site to conclude that the defendants had purposely availed themselves of the forum where the plaintiff resided.

Similarly, in the defamation area, blog postings and other online comments are rarely found to support jurisdiction in the forum where the allegedly defamed plaintiff resides.

In Ajax Enter. Inc. v. Szymonak Law Firm, No. 05-5903 (D. N.J., April 10, 2008), the court rejected an argument based on the Calder "effects test," ruling that because the defendants did not expressly aim their Web-published remarks at New Jersey, New Jersey courts could not constitutionally assert jurisdiction over them.

Another recent case, Internet Solutions Corp. v. Marshall, No. 07-cv-1740 (M.D. Fla., April 8, 2008), the court found no purposeful availment of the forum where the defendant authored several unflattering blog posts about the forum-based defendant. Here again, the court rejected an argument based on the Calder "effects test." All that the plaintiff had demonstrated was that the blog posts were accessible everywhere, the court said. That fact "does not amount to purposeful availment" of the forum.

Which leads me to Kauffman Racing Equipment v. Roberts, No. 07-CA-14 (Ohio Ct. App., April 18, 2008). In Kauffman, the defendant, a Virginia resident, believed that the plaintiff had sold him a defective engine block. He made four disparaging comments on Internet Web sites about the plaintiff, and the plaintiff responded by suing for defamation and intentional interference with business relationships. The trial court dismissed the case for lack of jurisdiction, but the court of appeals reversed in what was the weakest attempt at getting a jurisdiction issue right that I have witnessed in many years. The court, motivated by a poorly disguised dislike of the defendant, ignored a decade's worth of judicial effort in this area, misused the mostly irrelevant cases it did cite, and in the process sowed uncertainty in an area of the law that has been developing nicely.

The court's opening notes are sour: "The development of the law concerning the permissible scope of personal jurisdiction based on Internet use is in its infant stages. The cases are scant." The court is just plain wrong here. Cases on Internet jurisdiction are legion. BNA's Electronic Commerce & Law Report, which I edit, has summarized nearly 100 online jurisdiction cases since January 2007. Looking all the way back to 1997, I count over 400 online jurisdiction cases. In terms of cases decided, online jurisdiction is the richest source of judicial lawmaking in the entire field of cyberlaw. No other cyberlaw topic has received as much judicial attention.

In any event, the Kauffman court apparently believed that the caselaw was scant. It cited barely a speck of it, and what was cited was either misused or treated in a superficial, impressionistic manner. Surprisingly, the court fails to mention a single online defamation case. Calder is mentioned but not discussed; no mention is made of the dozens of cases that have attempted to apply Calder to online communications. Instead, the court lifted fragments from a handful of older cases involving interstate commercial activity. Young? Never heard of it.

The U.S. Supreme Court's decision in Burger King Corp. v. Rudzewicz, 471 U.S. 462 (1985), a case involving one of world's largest restaurant chains, with over 3,000 outlets in all 50 states at the time, is cited by Kauffman for the proposition that "when an entity intentionally reaches beyond its boundaries to conduct business with foreign residents, the exercise of specific jurisdiction is proper." The Burger King quote is followed by this non sequitur from Zippo: "Different results should not be reached simply because business is conducted over the Internet."

Mind you, Kauffman has nothing to do with conducting business over the Internet. No matter. This court isn't going to reason from these cases anyhow. It is done with case analysis and is ready to rule:

The Internet knows no state boundaries. The Internet has also become accessible at virtually every coffee shop in the world. A non-resident who avails himself of the expansive reach of the Internet should not be able to use his non-residency as a shield against defending tortious activity against a plaintiff harmed in a different state. ... ... Ohio is the focal point both of the defamation and of the harm suffered. Jurisdiction over Roberts is, therefore, proper in Ohio based upon the "effects" of his Virginia conduct in Ohio. ... Today, thanks to the accessibility of the Internet, the barriers to generating publicity are slight, and the ethical standards regarding the acceptability of certain discourse have been lowered. As the ability to do harm has grown, so must the law's ability to protect the innocent.

You almost never see an unadorned "effects" test anymore. An "effects" analysis always leads to the conclusion that jurisdiction is proper wherever the plaintiff resides. Which means that, for all intents and purposes, it is an argument for jurisdiction in every forum that has an Internet connection. We're back to Inset Systems, and almost nobody believes that that was the right outcome.

Clearly, the Kauffman court's motivation was to bring justice to lawless cyberspace. But decisions like this also bring needless uncertainty to the Internet. Attorneys ought to be able to say with confidence that a couple blog postings or a single eBay sale will not subject the speaker or seller to jurisdiction in any forum where the plaintiff resides. Courts and attorneys ought to have a workable analysis for deciding jurisdiction issues for online communications and online business transactions. Sure, an Ohio court will not be able to mete out justice to the defendant in Kauffman. But a whole lot of other online speakers will suffer too, because they will have to deal with desperate arguments for jurisdiction bootstrapped by this decision.

A proposed class action lawsuit against Yahoo!/Overture Services Inc. picked up momentum April 21, when a federal trial court in California turned back a handful of grounds for summary dismissal of claims that Yahoo! misrepresented the quality of the online venues on which it would display the plaintiffs' advertisements. The plaintiffs alleged that Yahoo! promised to display advertisements on Web sites targeted to likely customers; instead, the lawsuit claimed, Yahoo! placed the plaintiffs' advertisements in low-quality locations: inside spyware programs, on typosquatting Web sites, and on domain parking and bulk registration sites.

Among Yahoo!'s arguments for dismissal was its contention that California's unconscionability doctrine does not apply to commercial contracts. There is some support for this argument. Nearly all cases describe the state's unconscionability doctrine using the term "consumer," and many characterize the unconscionability doctrine's rationale as one of rectifying the imbalance of bargaining power between consumers and businesses. For example, a leading case, Discover Bank v. Super. Ct., 36 Cal.4th 148 (2005), summarized the fact pattern there as one in which the defendants "carried out a scheme to deliberately cheat large numbers of consumers out of individually small sums of money." Language like this limits the unconscionability doctrine to consumer cases, Yahoo! argued.

Here, the court rejected the view that commercial contracts are categorically outside the protection of the unconscionability doctrine:

[A]lthough Discover Bank's holding addresses only consumer contracts, nothing in that decision forecloses the possibility that a class action waiver in a commercial contract may be deemed unconscionable under certain circumstances. Defendants point to no authority to support the contention that class action waivers in commercial contracts should be treated differently than such waivers in consumer contracts, and the Court has identified ems.bna.com. Accordingly, there appears to be no basis for concluding that class action waivers in the commercial context cannot be found to be unconscionable and unenforceable.

The court permitted the case to go forward, allowing the plaintiffs to build a factual foundation for their unconscionability claim. Did Yahoo! have superior bargaining power over the plaintiffs? Could the plaintiffs have feasibly chosen other advertising services? Would it be practical for the plaintiffs to pursue individual remedies instead of a class suit?

Taking up another issue, the court ruled that the plaintiffs would be permitted to conduct discovery for extrinsic evidence indicating that -- notwithstanding the parties' written contract -- the defendants promised in their marketing materials that the plaintiffs would receive "highly targeted" advertising services.

The case is In re Yahoo! Litigation, No. CV 06-2737 (C.D. Cal., April 21, 2008).

The court's final order in Orion Bancorp Inc. v. Orion Residential Finance LLC, No. 07-cv-1753 (M.D. Fla., March 25, 2008), is a good example of the sweeping relief possible when the defendant defaults in an online trademark infringement case. Here, the plaintiff, which owns registered marks for ORION, ORION BANK, and ORION BANCORP, was able to nudge the defendant, a competitor in the residential mortgage business, off the orionresidentialfinance.com domain name. But not only that: in addition to preventing the defendant from capitalizing in any manner on the plaintiff's ORION mark, the court's order does a very thorough job of preventing the defendant from engaging in competitive advertising (i.e, Check us out, we're cheaper and faster than Orion Bank.) against the plaintiff. Not only was the defendant enjoined from purchasing Google AdWords containing the plaintiff's marks, it was ordered to purchase a "negative adword" option that prevents ads for the defendant's services from ever appearing when an Internet user searches with a query containing the plaintiff's marks.

The defendant was permanently enjoined

from purchasing or using any form of advertising including keywords or "adwords" in internet advertising containing any mark incorporating Plaintiff's Mark, or any confusingly similar mark, and shall, when purchasing internet advertising using keywords, adwords or the like, require the activation of the term "ORION" as negative keywords or negative adwords in any internet advertising purchased or used. (For purposes of this court order, a "negative keyword" or "negative adword" shall mean a special kind of advertiser keyword matching option that allows an advertiser to prevent its advertisement from appearing when the specific terms are a part of a given user's internet search or search string. It does not infer that the Defendant may use the specified negative keywords or adwords for any other purpose.)

...

from publishing, assembling, marketing, distributing, or otherwise utilizing for commercial or beneficial gain, any literature, business forms, advertisements, signs, or other representations regardless of the medium, which contains the term ORION, or any other confusingly similar term.

Cases like this one (and this one) demonstrate that trademark owners can obtain much more punishing relief against competitors with the Lanham Act in federal court than with the Uniform Domain Name Dispute Resolution Policy in an arbitration case.

Mark Radcliffe, a member of the Electronic Commerce & Law Report's advisory board and blogger at Law & Life: Silicon Valley, has put together a strong panel of open source legal experts for the
Open Source Software Workshop, to be held June 9 in San Francisco. Radcliffe is a partner at DLA Piper in Palo Alto, Calif.

By Thomas O'Toole

Several cases relevant to online contracting have been decided recently, and I think we've done a pretty good job covering them as they came in. Here are a handful worth mentioning again, all in one place.

Adware Vendor's EULA Holds Up in Court

In People v. Direct Revenue LLC, No. 401325/06 (N.Y. Sup.Ct., N.Y. Cty., March 12, 2008), a New York trial court dismissed the entirety of the state attorney general's deceptive and illegal business practices case against Direct Revenue, a distributor of software (a downloadable "adware" client) that displays pop-up advertising on Web browsers. The attorney general sought billions of dollars in penalties against Direct Revenue, seeking to assert the rights of millions of unidentified consumers across the country who installed the Direct Revenue adware client.

The state's undoing was Direct Revenue's end-user license agreement, a click contract, and Direct Revenue's agreement with its distributors, which called for fair and lawful distribution of the Direct Revenue adware client.

Twenty-nine transactions with Direct Revenue or its distributors were alleged. As for those transactions where the attorney general's investigator dealt directly with Direct Revenue, the installation of the adware client was preceded by a license agreement that explained how the adware client operated and how to uninstall it; the agreement also explained the limitations on Direct Revenue's liability. In each case, the investigator clicked "Yes" on a button, indicating assent to the agreement.

As for those installations that were initiated by Direct Revenue's third-party distributors, there were problems with some (for example, the license agreement and uninstall instructions were not always displayed prior to installation). However, the court held that Direct Revenue was protected by its Standard Distribution Agreement, a document that directed the third-party distributors to obtain legally valid affirmative consent and make all legally necessary disclosures prior to installation of the adware client.

Having turned back claims based on the 29 transactions engaged in by state investigators, the court said there was no basis to entertain the attorney general's claims on behalf of all other individuals who allegedly downloaded the Direct Revenue adware client. Finally, it held, disgorgement of profits would not be an appropriate remedy in this case, since Direct Revenue distributed its adware client for free and it took nothing of value from the consumers who downloaded it.

Human Intervention Complicates E-Contracting

Three cases demonstrate how the online contracting process can be undermined by the failure to have key contract terms available online for review at the time the consumer is asked to indicate assent. In all of these cases, the company offering the contract terms decided that it would be helpful to involve human beings in the contracting process. This was a poor decision in every instance.

Key Terms Not Available at Purchase Time

Trujillo v. Apple Computer Inc., and AT&T Mobility LLC, No. 07 C 4946 (N.D. Ill., April 18, 2008), involved a proposed class action lawsuit against Apple and AT&T Mobility over the lawfulness of Apple's battery replacement costs. AT&T Mobility filed a motion to compel arbitration of the plaintiff's claim against it individually, based on a clause forbidding class arbitration contained in the AT&T Mobility service agreement that the plaintiff. The plaintiff argued that the arbitration clause was, among other things, procedurally unconscionable.

Most people are familiar with the process of purchasing an iPhone. The phone is first purchased from Apple; in this case, the plaintiff purchased his iPhone at an Apple store in Illinois. At the time of purchase an iPhone is useless as a telephone until the purchaser obtains telephone service from Apple's exclusive provider, AT&T Mobility. The arbitration clause at issue here appears at the end of AT&T Mobility's service agreement.

The court declared: "The Court believes, based on its review of Illinois case law, that the availability of the AT&T Mobility service agreement to [the plaintiff] prior to his purchase of the iPhone may be a critical factor in determining the issue of procedural unconscionability."

AT&T Mobility responded with two arguments. First, the service agreement was available at the Apple store where the plaintiff purchased the iPhone. This contention was supported by an affidavit from an AT&T Mobility attorney. Second, the service agreement was available on the Internet, so again the plaintiff had access to it prior to purchasing the iPhone.

Neither argument persuaded the court. An AT&T Mobility attorney could not possibly have personal knowledge about the habit and practice of Apple stores regarding the display of the service agreement, the court said. Further, it wrote, AT&T Mobility failed to cite any Illinois cases "supporting the proposition that if an agreement is available prior to the customer's purchase of a product only if the customer goes and looks for it elsewhere (including on-line), that is sufficent under Razor v. Hyundai Motor Am., 854 N.E.2d 607 (Ill. 2006)."

The court decided to give AT&T Mobility another opportunity to present additional evidence indicating that the service agreement was available to the plaintiff prior to purchasing the iPhone. (An additional, albeit smaller, problem for AT&T Mobility here was the lack of evidence indicating whether the purchaser was informed about the consequences of rejecting the service agreement after having purchased the iPhone. This too is relevant to the procedural unconscionability question, it said.)

Note: Along the way, this court said that Hill v. Gateway 2000 Inc, 105 F.3d 1147 (7th Cir. 1997), an important contracting decision that interpreted Illinois law to permit the seller to add contract terms in shipping materials after the sale, had been cast into doubt by the Illinois Supreme Court's subsequent decision in Razor.

Plaintiff Rushed Through Contracting Process

In Reynolds v. Credit Solutions Inc., No. 07-AR-1516 (N.D. Ala., Feb. 26, 2008), the court -- although it ultimately decided the case on other grounds -- declared that "there should be something wrong with binding a person with her click to a lengthy electronically-displayed proposal after barely enough time to scroll to the clicking point, much less the time without which the read and comprehend it."

The plaintiff claimed that her clicked "signature" on an online contract was procured through fraud because the Credit Solutions agent, who was speaking to her on the telephone while she reviewed the contract on her computer screen, should have told her that the document was a contract. The Credit Solutions agent recorded the telephone call, which was introduced into evidence. The recording indicated that just 30 seconds elapsed between the time the 8-page PDF-formatted agreement was displayed on the plaintiff's computer screen and the time she clicked her assent to it. The agreement warned of the necessity to "read through this document carefully," but that message seemed to be undermined by the Credit Solutions agent's exhortation to scroll to the bottom and click where indicated. According to the court:

As far as the court can tell, [the plaintiff] was not limited to a set amount of time within which to read the contract. However, the court notes, as an aside, that someone who reads with the speed of a Jesse Owens in the 100 yard dash could not read the contract displayed on [the plaintiff's] computer screen in 30 seconds, particularly with [defendant's agent] salivating on the other send of the line.

The court's concerns about the contracting process here were not dispositive, however; it ultimately ruled that an arbitrator rather than the court must decide whether this contract was void due to fraud.

Key Terms Not Available, Human Contradicts Contract Terms

Feldman v. United Parcel Service Inc., No. 06 Civ. 2490 (S.D.N.Y., March 24, 2008), involved a challenge to the part of the UPS shipping contract that forbids the shipment of items exceeding $50,000 in value. If a person ships an item valued at more than $50,000, then UPS is not responsible for loss or damage during shipment. UPS clearly sets out this limitation in the "Articles of Unusual Value" provision, Item 460 on page 8 of the UPS Tariff Agreement. The plaintiff in Feldman shipped a diamond ring valued at $57,000, which was lost during shipment.

The Seventh Circuit, in Treiber & Straub Inc. v. United Parcel Service Inc., No. 05-3743 (7th Cir., Jan. 9, 2007), enforced the UPS ban on shipping articles of unusual value. In Treiber, however, the UPS terms and conditions and the "Articles of Unusual Value" provision it referenced were available online for review by the plaintiff. Also, the plaintiff clicked twice to indicate assent to the terms.

Feldman was different. In Feldman, the plaintiff used a UPS I-Ship kiosk within a UPS physical facility. A message on the kiosk screen advised the plaintiff: "Review everything carefully and then click Print to print your shipping request." Below the Print button was a "Terms of Service" hyperlink. When clicked upon, the hyperlink displayed a pop-up window indicating that shipments are subject to the UPS Tariff Agreement. The pop-up window also indicated that the tariff agreement was available at www.ups.com or from a UPS associate on the premises. There was no hyperlink to the tariff agreement -- just a mention of the UPS Web site.

The court found enough problems with this contracting process to preclude summary judgment in favor of UPS. Among them:

• No evidence in the record that the kiosk was connected to the Internet, so the tariff may not have been available to the plaintiff.
• Clicking on a button that says "Print" does not necessarily connote agreement or assent to a contract.
• No evidence in the record that the UPS counter associate actually had the tariff agreement available.

Finally, the human factor. The plaintiff testified that he sought the assistance of the UPS counter associate and that he told her the item he was shipping was worth $57,000. According to the plaintiff, the counter associate attempted to insure the package for $57,000 but was blocked by the UPS computer. "According to plaintiff, [the counter associate] then agreed to ship the diamond ring at his request," the court wrote. "These facts, if proved, implicate a substantial face-to-face communication, suggesting that the surrounding circumstances might have prevented the plaintiff from having adequate notice of the terms of the Tariff."

Lessons Learned

Contract Terms Should Be Available for Review. In Trujillo, and Feldman, the defendants made an insufficient effort to ensure that key contract terms were available to the consumer.

In Trujillo, AT&T Mobility's terms could have been in the box containing the iPhone. The sales slip could have contained a place for the consumer to sign, indicating receipt of and assent to the terms.

In Feldman, the I-Ship kiosk could have been connected to the Internet and the UPS Tariff Agreement available via a hyperlink displayed on the kiosk screen.

Clickable Buttons/Links Should Clearly Signal Assent. At this point there is a large body of case law upholding online contracts created with the click of an "I Agree" button. Counsel ought to have a darn good reason why anything other than "I Agree" is displayed on that button.

In Feldman, for example, the decision by UPS to display "Print" on the button -- which was its only means of proving assent to a lengthy, one-sided, non-negotiated deal -- needlessly gave the plaintiff an opportunity to challenge the validity of the contract. UPS appears to know better too: the assent button in the Web contract challenged in Treiber displayed "I Agree" and that contract was upheld.]

In Reynolds, the plaintiff claimed she did not know that the online document was a contract and that her click signaled assent to it. From what I could tell from the court's opinion, the plaintiff clicked on a checkbox next to the statement, "Click here to sign." Here again, indicia of assent could have been firmed up by the defendant, taking at least some of the steam out of her claim that she did not know that her click signaled assent to a contract.

Humans Are Not Helpful. All of the cases discussed above introduced human beings into the online contracting process. Big mistake.

In Trujillo, AT&T Mobility decided it was good enough to have its service agreement available in the Apple store. This decision created a huge can of worms. Where was the service agreement? Were there any in the store that day? What sort of training does Apple do to ensure that the availability of the AT&T Mobility service agreement is made known to each and every iPhone purchaser? Even if Apple/AT&T Mobility has all this nailed down, they are still left with a triable issue.

In Reynolds, few courts would have invalidated the agreement clicked by the plaintiff were it not for the presence of the Credit Solutions agent on the telephone with the plaintiff. The decision contract in this fashion created a record indicating just how long the plaintiff spent looking at the agreement, and it opened the door to the claim that the plaintiff was rushed through the contracting process or otherwise misled about the significance of her actions.

Finally, in Feldman, UPS's decision to involve a counter associate in the contracting process created extrinsic evidence about the contract process where ems.bna.com needed to exist. UPS may have believed that directing the shipper to a counter associate for a copy of the tariff agreement would have strengthened its case, but in fact it create a host of triable fact questions and, as happened here, gave the counter associate an opportunity to undermine the position UPS took in the contract. If UPS prohibits the shipping of items valued greater than $50,000 why did the counter associate take my package?

Just Asking for Trouble. Based on the evidence of the cases discussed above, a good argument could be made that an online contract should never depend on terms being available at a physical location or depend on assistance from a human being. Crossing the dividing line between the online world and the physical world just seems to be asking for trouble. Moreover, since courts rarely object to online contracts because they are too long or too densely written, and consumers are used to taking products and services subject to lengthy terms (which they never read anyhow), why don't businesses put all important contract terms in one place, online, available in advance of the sale? They wouldn't be losing sales, and they'd certainly be saving on attorneys' fees.