by ·0 Comments

DMCA safe harbor provision applies to copyright infringement claims brought under state common lawUMG Recordings, Inc. v. Escape Media Group, Inc., 2012 WL 2847859 (N.Y. Sup. Ct. July 10, 2012)

A New York court ruled that the “safe harbor” provisions of the Digital Millennium Copyright Act (DMCA) apply to copyright infringement claims brought under state copyright law.  UMG Recordings (UMG), a division of Universal Music Group, sued the owners of the online music service Grooveshark for violation of copyrights in sound recordings created before February 15, 1972.  Why that specific date?  We’ll find out shortly.  According to UMG, Grooveshark allows its users to upload digital copies of songs through its website.  Grooveshark then copies the songs to its servers, from which users of the website can retrieve and access the songs by running a search by song title or artist.

Grooveshark argued that it qualified for the “safe harbor” provision of the DMCA that protects a service provider from copyright infringement claims based on its storage of the offending materials at the direction of a user.  UMG countered that the safe harbor applies only to copyrights created under and protected by the U.S. Copyright Act.  The claims at issue, however, were based on New York State common law, not the federal Copyright Act.  And while the Copyright Act preempts state law in certain instances, common law copyrights created before February 15, 1972 are not federally preempted until 2067.

The court doesn’t buy UMG’s argument.  The court found no indication in the text of the DMCA that Congress intended to limit the applicability of the safe harbors to just recordings made after February 15, 1972.  The terms “copyright owner” and “infringing” in the DMCA safe harbor provisions were no less applicable to common law copyright than to statutory copyright. Therefore, the court refused to dismiss the safe harbor defense.

 

by ·0 Comments

Section 230 of the CDA protects online news website from defamatory comment posted by anonymous personHadley v. Gatehouse Media Freeport Holdings, Inc.,2012 WL 2866463 (N.D. Ill. July 10, 2012)

This is a pretty straightforward Section 230 case.  Gatehouse Media Freeport Holdings, Inc. publishes The Journal-Standard.  Like many modern newspapers, The Journal-Standard is available in print and online.  The Journal-Standard published an article about Bill Hadley, a candidate for political office.  An anonymous person using the name “Fuboy” posted an online comment to the article saying that “Hadley is a Sandusky waiting to be exposed.  Check out the view he has of Empire from his front door.”  Hadley sued Gatehouse Media for defamation.

Gatehouse Media got the lawsuit dismissed based on Section 230(c)(1) of the Communications Decency Act of 1996, which provides that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”  47 U.S.C. § 230(c)(1).  As a website host that allows readers to post comments, Gatehouse Media was an “interactive computer service.”  A user who posts comments on the newspaper’s website is “another information content provider.”  That means Gatehouse Media is not considered the publisher or speaker of the allegedly defamatory comment directed at Hadley.

Hadley hypothesized that Gatehouse Media could have invented a fictitious person named “Fuboy” to post the comment anonymously.  There being no evidence, the court disregarded the argument as “sheer speculation.”

LegalTXT Lesson: Section 230 is a powerful shield against defamation in the digital age, and a much needed one given the ease with which anyone with a computer and an Internet connection can post outlandish remarks under the cover of anonymity on a website hosted by a member of the mainstreammedia.

by ·0 Comments

Court refuses to order stop of automated process for delivering digital music tracks to music companyAppalseed Productions, Inc. v. MediaNet Digital, Inc., 2012 WL 2700383 (S.D.N.Y. July 6, 2012)

This case is a good reminder of the different types of copyright licenses it takes to run an online music service and what happens when there’s a failure to keep track of the licenses obtained for each song.

MediaNet provides content from its song catalog to third-party Internet music services like MOG and iMesh.  End-users of the third-party services can access songs in different ways depending on their subscription — via full download, “limited” download (music downloaded to a device or hard drive can be played as long as the user remains a subscriber), or on-demand streaming.  MediaNet works with record labels and other copyright holders to obtain the necessary licenses for each song, which vary depending on the delivery method used by the end-user.  For limited downloads, a mechanical license is needed to copy and distribute the musical works embodied in the sound recordings.  For songs that are streamed on-demand, a mechanical license and a performance license are needed for the musical works.

The record labels deliver digital music tracks to MediaNet through an automated process called “ingestion.”  During ingestion, a record label delivers metadata about each track, including the delivery methods MediaNet is allowed to use with the track (streamed or downloaded).  The record labels regularly use the ingestion process to add new digital music tracks to MediaNet’s servers or to refresh the metadata for tracks.

MediaNet allegedly distributed songs — in which the plaintiffs (including Larry Weiss of Rhinestone Cowboy fame) owned the copyrights — to third-party music services for limited downloading and streaming without obtaining the necessary licenses.  The metadata indicating that the songs were not available for limited downloading or streaming apparently did not get transmitted to MediaNet during ingestion.  When MediaNet learned this, it blocked access to the tracks to end-users.  However, subsequent ingestions by the record labels reactivated access to the tracks.  MediaNet then manually removed the songs from its catalog and adopted measures to guard against inadvertent reactivation.

Skeptical that illegal access to the tracks had stopped for good, the plaintiffs asked for a preliminary injunction to stop MediaNet from using an automated process to add content to its catalog and from distributing its catalog to customers.  The court ultimately denied the injunction because the plaintiffs couldn’t show “irreparable harm,” a key requirement for an injunction.  Irreparable harm refers to injury that cannot be remedied with monetary compensation.  The plaintiffs basically argued that, without an injunction, they would have the burden of proving lost sales due to infringement.  That was not irreparable injury in the court’s view.  There was also evidence that MediaNet tracks the number of times songs are delivered via limited download and/or streaming.  It also wasn’t enough to argue that the allegedly infringing conduct would likely continue without the injunction.  The plaintiff’s still needed to prove irreparable harm, and they couldn’t do so.  It didn’t help either that the plaintiffs waited about two and a half years after learning about the alleged infringement before seeking an injunction.

LegalTXT Lesson:  The obvious legal lesson is that if you’re in the digital music business, make sure you have all the necessary licenses lined up for each song.  There’s a technical lesson here too.  Automated systems are only as good as their programming.  MediaNet struggled with filtering the offending songs out of their catalog because of variations in the spelling and punctuation used in the track titles of the songs.  MediaNet finally had to resort to a periodic manual search for the offending tracks.  While that might be the most effective way of preventing infringement, it’s not all that efficient.

by ·0 Comments

A civil CFAA claim for damages requires damage to computers, systems, or data Schatzki v. Weiser Capital Mgmt, LLC, 2012 WL 2568973 (S.D.N.Y. July 3, 2012)

As I said in a previous post, we are seeing more activity dealing with the Computer Fraud and Abuse Act (CFAA).  The CFAA is both a criminal and civil statute.  The CFAA imposes criminal penalties on someone who  “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer”  or “intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage.”  A civil claim is available if, in addition to establishing the elements of a criminal violation, the plaintiff can show “damage or loss” as a result of the violation.  The damage or loss must be at least $5,000.00.

Schatzki is the latest case to read the terms “damage” and “loss” narrowly.  The defendants in the case allegedly obtained information from plaintiff’s computer systems without authorization and trafficked in computer passwords.  This access enabled the defendants to obtain valuable private and confidential information about the plaintiff’s clients, the plaintiffs said.  As a result, the plaintiffs had to hire consultants and incur legal fees.

The court said that the plaintiffs did not show the required “damage” or “loss,” and here’s why.  The plaintiffs failed to allege that the defendants’ access to the computer system damaged the data accessed or the system itself, or that the costs to recover the system/data exceeded $5,000.  The court also would not allow the plaintiffs to base their CFAA claim on other kinds of damages like lost profits, invasion of privacy, trespass to personal property, or misappropriation of confidential data.

LegalTXT Lesson: Quantify your damages if you are bringing a civil claim under the CFAA.  Also, remember that the CFAA is more in the nature of an anti-hacking statute than an anti-misappropriation statute.  Attempts to seek damages under the CFAA on a theory that someone gained access to electronic information and used it for improper purposes might not go very far.

by ·0 Comments

Not knowing others can see your Facebook comments doesn’t mean you can sue for invasion of privacy. —  Sumien v. Careflite, 2012 WL 2579525 (Tex. Ct. App. July 5, 2012)

This case goes into the category of “what you don’t know can hurt you.”  Two emergency medical technicians (Sumien and Roberts) had an exchange on the Facebook wall of another co-worker in which they made derogatory comments about a patient they had transported via ambulance.  Haynes, the sister of a compliance officer of employer of the two technicians (CareFlite), saw Roberts’ comments and was offended.  Haynes notified her sister (Calvert), who had access to the comments because she was Facebook friends with Roberts.  After Haynes complained to the management of CareFlite, Sumien and Roberts were terminated.  They sued CareFlite for unlawful termination and invasion of privacy.  The trial court granted summary judgment to CareFlite on all claims, and one of the technicians (Sumien) appealed.  The only issue in the appeal was whether the trial court should have granted summary judgment on the intrusion upon seclusion claim.

One of the requirements of an “intrusion into seclusion” claim is, unsurprisingly, an intentional intrusion into the seclusion or private affairs of another.  Sumien argued that CareFlite intruded upon his seclusion because one of its employees read his comments.  Sumien claimed to be unaware that Roberts’ Facebook friends (including Calvert) could see the comments he posted on Roberts’ wall.  Too bad, said the court.  The comments were visible to the Roberts’ friends, and so there was no intrusion into a private matter.

LegalTXTS Lesson: Know your privacy settings, and think through who could see what you share in the social media space.  This seems rather obvious, but then again, there are those who don’t do this and then claim their privacy is invaded.  The other point is that a intrusion into seclusion claim based on material posted on a social media network probably is difficult to win.  Some courts, like the one who ordered Twitter to comply with a subpoena last week, simply don’t regard posts on social media private at all.