Chapter 15

Exceptions

Although the courts generally have construed the CDA as providing a broad shield to protect ISPs from liability for third party content, some courts have started establishing some limits to this immunity.

Social Media and Administrative Agencies

Federal regulators also use social media posts in their investigations into illegal activities.

Cybersquatting

One of the goals of the new gTLD system is to alleviate the problem of cybersquatting. Cybersquatting occurs when a person registers a domain name that is the same as, or confusingly similar to, the trademark of another and then offers to sell the domain name back to the trademark owner.

Liability of Internet Service Providers

Recall from the discussion of defamation in Chapter 12 that normally one who repeats or otherwise republishes a defamatory statement is subject to liability as if he or she had originally published it. Thus, newspapers, magazines, and television and radio stations are subject to liability for defamatory content that they publish or broadcast, even though the content was prepared or created by others. Applying this rule to cyberspace, however, raises an important issue: Should ISPs be regarded as publishers and therefore be held liable for defamatory messages that are posted by their users in online forums or other arenas?

General Rule

The Communications Decency Act (CDA) states that "[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider."Footnote Thus, under the CDA, ISPs usually are treated differently from publishers in print and other media and are not liable for publishing defamatory statements that come from a third party.

Trademark Dilution

Trademark dilution occurs when a trademark is used, without authorization, in a way that diminishes the distinctive quality of the mark. Unlike trademark infringement, a claim of dilution does not require proof that consumers are likely to be confused by a connection between the unauthorized use and the mark. For this reason, the products involved need not be similar, as the following Spotlight Case illustrates.

Cloud Computing

which is essentially a subscription-based or pay-per-use service that extends a computer's software or storage capabilities. Cloud computing can deliver a single application through a browser to multiple users. Alternatively, cloud computing might be a utility program to pool resources and provide data storage and virtual servers that can be accessed on demand. Amazon, Facebook, Google, IBM, and Sun Microsystems are using and developing more cloud computing services.

Licensing

A company may permit another party to use a trademark (or other intellectual property) under a license. A licensor might grant a license allowing its trademark to be used as part of a domain name, for example. Indeed, licensing is ubiquitous in the online world. When you download an application on your smartphone, tablet, or other mobile device, for instance, you are typically entering into to a license agreement. You are obtaining only a license to use that app and not ownership rights in it. Apps published on Google Play, for instance, may use its licensing service to prompt users to agree to a license at the time of installation and use. Licensing agreements frequently include restrictions that prohibit licensees from sharing the file and using it to create similar software applications. The license may also limit the use of the application to a specific device or give permission to the user for a certain time period. For further discussion of licensing and e-contracts,

The U.S Safe Web Act

After the CAN-SPAM Act of 2003 prohibited false and deceptive e-mails originating in the United States, spamming from servers located in other nations increased. These cross-border spammers generally were able to escape detection and legal sanctions because the Federal Trade Commission (FTC) lacked the authority to investigate foreign spamming. Congress sought to rectify the situation by enacting the U.S. Safe Web Act (also known as the Undertaking Spam, Spyware, and Fraud Enforcement with Enforcers Beyond Borders Act). The act allows the FTC to cooperate and share information with foreign agencies in investigating and prosecuting those involved in spamming, spyware, and various Internet frauds and deceptions. The Safe Web Act also provides a "safe harbor" for Internet service providers (ISPs)—that is, organizations that provide access to the Internet. The safe harbor gives ISPs immunity from liability for supplying information to the FTC concerning possible unfair or deceptive conduct in foreign jurisdictions.

Protection of Trade Secrets

An important advantage to using an internal system for employee communications is that the company can better protect its trade secrets. The company usually decides which employees can see particular intranet files and which employees will belong to each specific "social" group within the company. Companies providing internal social media networks often keep the resulting data on their own servers in secure "clouds." Other Advantages: Internal social media systems also offer additional benefits such as real-time information about important issues, such as production glitches. Additionally, posts can include tips on how to best sell new products or deal with difficult customers, as well as information about competitors' products and services. Another major benefit of intranets is a significant reduction in the use of e-mail. Rather than wasting fellow employees' time reading mass e-mailings, workers can post messages or collaborate on presentations via the company's social network.

Domain Names

As e-commerce expanded worldwide, one issue that emerged involved the rights of a trademark owner to use the mark as part of a domain name. A domain name is part of an Internet address, such as "cengage.com."

Cybersquatting: Anticybersquatting Legislation:

Because cyber-squatting has led to so much litigation, Congress enacted the Anticybersquatting Consumer Protection Act (ACPA), which amended the Lanham Act—the federal law protecting trademarks, discussed in Chapter 14. The ACPA makes cybersquatting illegal when both of the following are true: --The name is identical or confusingly similar to the trademark of another. --The one registering, trafficking in, or using the domain name has a "bad faith intent" to profit from that trademark.

Spam

Businesses and individuals alike are targets of spam. Spam is the unsolicited "junk e-mail" that floods virtual mailboxes with advertisements, solicitations, and other messages. Considered relatively harmless in the early days of the Internet, by 2013 spam accounted for roughly 75 percent of all e-mails.

Copyrights in Digital Information

Copyright law is probably the most important form of intellectual property protection on the Internet. This is because much of the material on the Internet (including software and database information) is copyrighted, and in order to transfer that material online, it must be "copied." Generally, whenever a party downloads software or music into a computer's random access memory, or RAM, without authorization, a copyright is infringed. Technology has vastly increased the potential for copyright infringement. Some other federal courts have not found that digital sampling is always illegal. Some courts have allowed the defense of fair use , while others have not. Initially, criminal penalties for copyright violations could be imposed only if unauthorized copies were exchanged for financial gain. Yet much piracy of copyrighted materials online was "altruistic" in nature—unauthorized copies were made simply to be shared with others. Then, Congress amended the law and extended criminal liability for the piracy of copyrighted materials to persons who exchange unauthorized copies of copyrighted works without realizing a profit.

Online Defamation

Cyber torts are torts that arise from online conduct. One of the most prevalent cyber torts is online defamation. Recall from Chapter 12 that defamation is wrongfully hurting a person's reputation by communicating false statements about that person to others. Because the Internet enables individuals to communicate with large numbers of people simultaneously (via a blog or tweet, for instance), online defamation has become a problem in today's legal environment.

Typosquattting

Cybersquatters have also developed new tactics, such as typosquatting, or registering a name that is a misspelling of a popular brand, such as googl.com or appple.com. Because many Internet users are not perfect typists, Web pages using these misspelled names receive a lot of traffic. More traffic generally means increased profit (advertisers often pay Web sites based on the number of unique visits, or hits), which in turn provides incentive for more cybersquatters. Also, if the misspelling is significant, the trademark owner may have difficulty proving that the name is identical or confusingly similar to the trademark of another as the ACPA requires. Cybersquatting is costly for businesses, which must attempt to register all variations of a name to protect their domain name rights from would-be cybersquatters and typosquatters. Large corporations may have to register thousands of domain names across the globe just to protect their basic brands and trademarks.

Employee Social Media Policy

Employees who use social media in a way that violates their employer's stated policies may be disciplined or fired from their jobs. (Many large corporations have established specific guidelines on creating a social media policy in the workplace.) Courts and administrative agencies usually uphold an employer's right to terminate a person based on his or her violation of a social media policy.

Domain Names: Structure

Every domain name ends with a generic top-level domain (TLD), which is the part of the name to the right of the period that often indicates the type of entity that operates the site. For instance, com is an abbreviation for commercial, and edu is short for education. The second-level domain (SLD)—the part of the name to the left of the period—is chosen by the business entity or individual registering the domain name. Competition for SLDs among firms with similar names and products has led to numerous disputes. By using an identical or similar domain name, parties have attempted to profit from a competitor's goodwill (the nontangible value of a business). For instance, a party might use a similar domain name to sell pornography, offer for sale another party's domain name, or otherwise infringe on others' trademarks.

Exclusions

Excluded from the ECPA's coverage are any electronic communications through devices that an employer provides for its employee to use "in the ordinary course of its business." Consequently, if a company provides the electronic device (cell phone, laptop, tablet) to the employee for ordinary business use, the company is not prohibited from intercepting business communications made on it. This "business-extension exception" to the ECPA permits employers to monitor employees' electronic communications made in the ordinary course of business. It does not, however, permit employers to monitor employees' personal communications. Another exception allows an employer to avoid liability under the act if the employees consent to having their electronic communications monitored by the employer.

Privacy

Facebook, Google, and Yahoo have all been accused of violating users' privacy rights. As discussed in Chapter 5, the courts have held that the right to privacy is guaranteed by the Bill of Rights, and some state constitutions guarantee it as well. To maintain a suit for the invasion of privacy, though, a person must have a reasonable expectation of privacy in the particular situation (see Chapter 12). People clearly have a reasonable expectation of privacy when they enter their personal banking or credit-card information online. They also have a reasonable expectation that online companies will follow their own privacy policies. But it is probably not reasonable to expect privacy in statements made on Twitter. Sometimes, people are confused and mistakenly believe that they are making statements or posting photos in a private forum.

MP3: File Sharing --> Peer-to-Peer

File-sharing is accomplished through peer-to-peer (P2P) networking. The concept is simple. Rather than going through a central Web server, P2P networking uses numerous personal computers (PCs) that are connected to the Internet. Individuals on the same network can access files stored on one another's PCs through a distributed network. Parts of the network may be distributed all over the country or the world, which offers an unlimited number of uses. Persons scattered throughout the country or the world can work together on the same project by using file-sharing programs.

Digital Millenium Copyright Act

In 1998, Congress passed further legislation to protect copyright holders—the Digital Millennium Copyright Act (DMCA). The DMCA gave significant protection to owners of copyrights in digital information. Among other things, the act established civil and criminal penalties for anyone who circumvents (bypasses) encryption software or other technological antipiracy protection. Also prohibited are the manufacture, import, sale, and distribution of devices or services for circumvention. The DMCA provides for exceptions to fit the needs of libraries, scientists, universities, and others. In general, the law does not restrict the "fair use" of circumvention methods for educational and other noncommercial purposes. For instance, circumvention is allowed to test computer security, to conduct encryption research, to protect personal privacy, and to enable parents to monitor their children's use of the Internet. The exceptions are to be reconsidered every three years. The DMCA also limits the liability of Internet service providers (ISPs). Under the act, an ISP is not liable for copyright infringement by its customer unless the ISP is aware of the subscriber's violation. An ISP may be held liable only if it fails to take action to shut down the subscriber after learning of the violation. A copyright holder must act promptly, however, by pursuing a claim in court, or the subscriber has the right to be restored to online access.

Spam: Feder Can-Spam Act

In 2003, Congress enacted the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act. The legislation applies to any "commercial electronic mail messages" that are sent to promote a commercial product or service. Significantly, the statute preempts state antispam laws except for those provisions in state laws that prohibit false and deceptive e-mailing practices. Generally, the act permits the sending of unsolicited commercial e-mail but prohibits certain types of spamming activities. Prohibited activities include the use of a false return address and the use of false, misleading, or deceptive information when sending e-mail. The statute also prohibits the use of "dictionary attacks"—sending messages to randomly generated e-mail addresses—and the "harvesting" of e-mail addresses from Web sites through the use of specialized software. Arresting prolific spammers, however, has done little to curb spam, which continues to flow at a rate of 70 billion messages per day.

Spam: State Regulations

In an attempt to combat spam, thirty-six states have enacted laws that prohibit or regulate its use. Many state laws that regulate spam require the senders of e-mail ads to instruct the recipients on how they can "opt out" of further e-mail ads from the same sources. For instance, in some states, an unsolicited e-mail must include a toll-free phone number or return e-mail address that the recipient can use to ask the sender to send no more unsolicited e-mails.

Stored Communications

Part of the ECPA is known as the Stored Communications Act (SCA). The SCA prohibits intentional and unauthorized access to stored electronic communications and sets forth criminal and civil sanctions for violators. A person can violate the SCA by intentionally accessing a stored electronic communication. The SCA also prevents "providers" of communication services (such as cell phone companies and social media networks) from divulging private communications to certain entities and individuals.

Metatags

Search engines compile their results by looking through a Web site's key-word field. As noted in Chapter 5, meta tags are key words that are inserted into the HTML (hypertext markup language) code to tell Internet browsers specific information about a Web page. Meta tags increase the likelihood that a site will be included in search engine results, even though the site may have nothing to do with the key words. Using this same technique, one site may appropriate the key words of other sites with more frequent hits so that the appropriating site will appear in the same search engine results as the more popular sites. Using another's trademark in a meta tag without the owner's permission, however, normally constitutes trademark infringement. Some uses of another's trademark as a meta tag may be permissible if the use is reasonably necessary and does not suggest that the owner authorized or sponsored the use.

Social Media

Social media provide a means by which people can create, share, and exchange ideas and comments via the Internet. Social networking sites, such as Facebook, Google+, MySpace, LinkedIn, Pinterest, and Tumblr, have become ubiquitous. Studies show that Internet users spend more time on social networks than at any other sites. The amount of time people spend accessing social networks on their smartphones and other mobile devices has increased every year (by nearly 37 percent in 2012 alone).

Applicability and Sanctions of the ACPA

The ACPA applies to all domain name registrations of trademarks. Successful plaintiffs in suits brought under the act can collect actual damages and profits, or they can elect to receive statutory damages ranging from $1,000 to $100,000. Although some companies have been successful suing under the ACPA, there are roadblocks to pursuing such lawsuits. Some domain name registrars offer privacy services that hide the true owners of Web sites, making it difficult for trademark owners to identify cybersquatters. Thus, before bringing a suit, a trademark owner has to ask the court for a subpoena to discover the identity of the owner of the infringing Web site. Because of the high costs of court proceedings, discovery, and even arbitration, many disputes over cybersquatting are settled out of court.

The Electronic Communications Privacy Act

The Electronic Communications Privacy Act (ECPA) amended federal wiretapping law to cover electronic forms of communications. Although Congress enacted the ECPA many years before social media networks existed, it nevertheless applies to communications through social media. The ECPA prohibits the intentional interception of any wire, oral, or electronic communication. It also prohibits the intentional disclosure or use of the information obtained by the interception.

Internet Companies Private Policies

The Federal Trade Commission (FTC) investigates consumer complaints of privacy violations. The FTC has forced many companies, including Google, Facebook, Twitter, and MySpace, to enter a consent decree that gives the FTC broad power to review their privacy and data practices. It can then sue companies that violate the terms of the decree.

Domain Names: Distribution System

The Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit corporation, oversees the distribution of domain names and operates an online arbitration system. Due to numerous complaints, ICANN completely overhauled the domain name distribution system. In 2012, ICANN started selling new generic toplevel domain names (gTLDs) for an initial price of $185,000 plus an annual fee of $25,000. Whereas TLDs were limited to only a few terms (such as "com," "net," and "org"), gTLDs can take any form. By 2013, many companies and corporations had acquired gTLDs based on their brands, such as .aol, .bmw, .canon, .gap, .target, .toyota, and .walmart. Some companies have numerous gTLDs. Google's gTLDs, for instance, include .android, .chrome, .gmail, .goog, and .YouTube.

The Consumer Privacy Bill of Rights

To protect consumers' personal information, the Obama administration has proposed a consumer privacy bill of rights. The goal is to ensure that personal information is safe online. 1. Individual Control—Consumers have a right to exercise control over what personal data organizations collect from them and how they use it. 2. Transparency—Consumers have the right to easily understandable information about privacy and security practices. 3. Respect for Context—Consumers have a right to expect that organizations will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data. 4. Security—Consumers have the right to secure and responsible handling of personal data. 5. Access and Accuracy—Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data are inaccurate. 6. Focus Collection—Consumers have a right to reasonable limits on the personal data that companies collect and retain. 7. Accountability—Consumers have a right to have personal data handled by companies with appropriate measures in place to assure that they adhere to the Consumer Privacy Bill of Rights. If this proposed privacy bill of rights becomes law, retailers will have to change some of their procedures. Retailers will have to give customers better choices about what data are collected and how the data are used for marketing. They may also have to take into account consumers' expectations about how their information will be used once it is collected.

Data Collection and Cookies

Whenever a consumer purchases items from an online retailer, such as Amazon.com, or a retailer that sells both offline and online, such as Best Buy, the retailer collects information about the consumer. Cookies are invisible files that computers, smartphones, and other mobile devices create to track a user's Web browsing activities. Cookies provide detailed information to marketers about an individual's behavior and preferences, which is then used to personalize online services. Over time, the retailer can amass considerable data about a person's shopping habits. Does collecting this information violate a consumer's right to privacy? Should retailers be able to pass on the data they have collected to their affiliates? Should they be able to use the information to predict what a consumer might want and then create online "coupons" customized to fit the person's buying history?