Category Archives: Uncategorized

Cybersecurity: Stuck Between Advanced Hackers, Government Regulators, and Liability

Cyber attacks occur every second of every day. The frequency and sophistication of the attacks
continues to rise. With the increased sophistication and the proliferation of corporate espionage and nation-state actors, the days of curious teen hackers trying to prove their worth are behind us.  Now the threat is bigger and better financed, the stakes are higher, and government intervention changes the landscape. Cybersecurity is now a top priority for businesses and government.

We start with a brief summary of some of the recent major cyber attacks. This list is purposely kept short as to show only the more “elite” type of attacks that are shaping the new cyber landscape.  Given their level of sophistication, these attacks frequently require in-depth analysis by computer forensics experts.  Here, we are focusing on the legal aspects only.

Timeline of Advanced Cyber Attacks

Advanced Cyber Attacks of 2010: One Word: STUXNET

Stuxnet makes clear that cyber attacks have escalated to new heights. The Stuxnet worm damaged Iranian uranium enrichment centrifuges. Stuxnet temporarily knocked out some of the
centrifuges at Iran’s Natanz nuclear facility. This caused a delay to Iran’s uranium enrichment program.  This attack was very effective and stealthy, giving birth to the new cyber warfare.

Advanced Attacks of 2011

China: Its “Comment Group” penetrated the Diablo Canyon nuclear plant operated by Pacific Gas & Electric Co. The breach was reportedly facilitated through a breach of a senior nuclear planner’s computer. There is no indication of intent to damage the target.  Reconnaissance is the name of the game, no need to break it if you can own it.

Canada: The Canadian government reported a major cyber attack against its agencies, including Defence Research and Development Canada, a research agency for Canada’s Department of National Defence.  This particular attack forced the Finance Department and Treasury Board, Canada’s main economic agencies, to disconnect from the Internet.

US Department of Defense, July 2011: in a speech unveiling the Department of Defense’s cyber strategy, the US Deputy Secretary of Defense mentioned that a defense contractor was hacked and 24,000 files from the Department of Defense were stolen.

The Nitro Attacks: Through trickery and social engineering, attackers tricked users into downloading Poison Ivy, an off the shelf Trojan. This was a targeted attack directed at at companies involved in the research, development and manufacture of chemicals and advanced materials. After the compromise, the attackers issued instructions to the compromised computers, looking for passwords and data exfiltration.

Duqu Trojan: Industrial Control Systems (ICS) are compromised by the Duqu remote access Trojan (RAT).  Its purpose was to steal data. However, RATs can also be used to control the systems. If you don’t believe that this is a serious threat, think of nuclear power plants and imagine what could happen.

Advanced Attacks of 2012

Saudi Aramco: A destructive Trojan horse (the kind that steals data and then wipes files), Shamoon, is allegedly used in an attack that disabled thousands of computers at Saudi Aramco, the national oil company of Saudi Arabia. The attack wiped the hard drives of 55,000 computers or 75% of Aramco’s corporate computers.

Flame: Another Iran related malware and a very sophisticated one. Flame is believed to have caused data loss incidents at Iran’s oil ministry. The alleged use of the malware was to collect intelligence about Iran’s computer networks that would facilitate future cyberattacks on computers used in Iran’s nuclear fuel enrichment program.

U.S. Natural Gas Pipelines: The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), U.S. Department of Homeland Security, issued an alert warning of ongoing cyber attacks against networks of U.S. natural gas pipeline companies. The alert stated that the campaign involved narrowly focused spear-phishing scams targeting employees of the pipeline companies. The alert urged utilities to monitor Internet-facing control systems for activity by hackers attempting to gain remote access through brute force authentication attacks.

U.S. Banks: Distributed Denial of Service (DDOS) attacks were launched against U.S. Banks, including Citigroup, Wells Fargo, Bank of America, and U.S. Bank. The U.S. accused Iran of staging these attacks and Defense Secretary Leon Panetta warns of potential for a “cyber Pearl Harbor” against critical infrastructure. Panetta also called for new protection standards.

Red October Returns: Kaspersky discovered a worldwide Red October attack. Red October had been around since at least 2007. Attackers gathered information through vulnerabilities in Microsoft’s Word and Excel. The malware collected information from government embassies, research firms, military installations, energy providers, nuclear and other critical infrastructures.

Early 2013 Cyber Attacks: 2013 Is The Year The Government Gets Serious

South Korea: South Korean financial institutions as well as the Korean broadcaster YTN had their networks infected in an incident said to resemble past cyber efforts by North Korea.

The list goes on and on. As it should be obvious by now, cyber attacks, particularly those by sophisticated attackers and nation-states can be very dangerous to business and society. While money is a motivator, the exfiltration of valuable data has become a major issue. There is also the potential threat to life and business. With that in mind, the government is in the process of drafting and enacting sweeping cybersecurity laws and regulations.

Congress failed to reach a consensus on cybersecurity legislation. Following that, in early 2013,
President Obama issued a cybersecurity Executive Order 13636 to enhance the security of the critical infrastructure of the United States.

A very raw outline of Executive Order 13636 is as follows:

What? (Purpose): Help owners and operators “identify, assess and manage cyber risks”
Who? : NIST will coordinate development of “Cybersecurity Framework”
End Result: “Voluntary consensus-based standards and industry best practices”
But? (Caveats): Participation is voluntary but the Framework will most likely be used to judge a company’s cybersecurity practices. For example, Sec. 7(b) states that it “shall include guidance for measuring the performance of an entity in implementing” the Framework.

The Executive Order requires federal agencies to share information about cyber threats and to work with the private sector to develop a cybersecurity framework to protect the critical infrastructure. For now, participation is voluntary and the Executive Order requires federal agencies to develop incentives for private sector adoption of the framework. Our guess is that some of the recommendations included in the develop framework would eventually be seen as the exercise of due care by the courts when determining liability for cybersecurity breaches.

Cyber Intel Notices: The Executive Order provides for the issuance of Catastrophic Target Notices. These notices identify “where a cybersecurity incident could reasonably result in catastrophic regional or national effects.” It is unclear how the notices may affect a business in the determination of due diligence. You can fore
see a case where a Court would decide that DHS put the company on notice of a cybersecurity vulnerability an
d that the company had the o
bligation to act in accordance with this notice. A party may have a difficult time challenging the validity of the notice, given that the information may have been derived from classified sources.  Whether the Cyber Intel notices will became a source of notice for due care determination remains to be seen. However, we are getting guidance on how the Courts are leaning regarding cybersecurity due care issues. ”

An example is the case of Patco Construction Co. v. People’s United Bank, 684 F.3d 197 (1st
Cir. 2012). The events occurred in 2009. During a one week period, a bank in Maine authorized fraudulent electronic withdrawals from Patco Construction’s account. The bank’s cybersecurity system had flagged the transactions as high-risk. However, the attackers were able to answer the account security questions and the transactions were allowed. Patco Construction filed suit against the bank alleging that the bank’s cybersecurity practices were not “commercially reasonable” under Article 4A of the UCC.

The bank was successful in obtaining Summary Judgment. In December 2012, the United States Court of Appeals for the First Circuit reversed, holding that by the authentication scheme utilizing the security questions for every transaction exposed the bank’s customers to increased risk. The Court recognized that malware often logs keystrokes. The bank had a duty to monitor the suspicious transactions that had been flagged by its cybersecurity engine or provide notice to Patco Construction. In other words, the Court of Appeals decided that the bank’s cyber security practices were not “commercially reasonable.”

Not unexpectedly, the FTC already filed a case against HTC, a manufacturer of smartphones and other devices.  The case is In the Matter of HTC America Inc., FTC File No. 122 3049. The case stems from multiple flaws and vulnerabilities in mobile devices that HTC created or failed to remediate.

Some of the faults identified include:

1. Permission re-delegation vulnerabilities in its preinstalled applications. According to the FTC, HTC’s custom voice recorder could be exploited to allow third-party access to the device’s microphone without the user’s consent. This flaw could allow an attacker to record conversations, track a user’s location, or perpetrate other fraud.

2. Carrier IQ implementation: According to the FTC, In order to assist carriers in their implementation of the Carrier IQ diagnostic software, HTC developed a “CIQ Interface” that would pass the necessary information to the Carrier IQ software. HTC used an insecure communications mechanism which allowed third-party applications on the user’s device to communicate with the CIQ Interface.

The FTC and HTC entered into a settlement. Under the terms of the settlement, HTC must patch the vulnerabilities and establish a comprehensive security program. HTC must also undergo independent security assessments every other year for the next 20 years and is prohibited from making false or misleading statements about the security and privacy of consumers’ data on its devices.

We will continue to keep you informed of the latest issues arising from cyber security, cyber threats, government regulation of cyberspace as well as what it all means to your business.

Anonymous Internet Cowards and Public Interest Law Firms

In our efforts to identify the authors of defamatory contents targeting our clients, we utilize many methods.  Sometimes we issue subpoenas, but that is not all we do.  Our Internet law firm stands out for our use of technology to assist our clients, methods that, in my experience, most lawyers don’t even understand.   Will the evidence be admissible?  I submit to you that it does not really matter.  Once the target is identified, if litigation results our client will be entitled to issue discovery, which will need to be answered under oath.  If the target lies, we will have enough to impeach this person in front of a jury.  As a technology guy, I find this more effective (and absolutely less boring) than writing sleep-inducing legal briefs.   By the time these briefs are filed, we have often identified the author through technology.

Now, some people who get these subpoenas are faced with a choice, fight the subpoena or try to work it out.  So, they seek advice from “Uncle Google”, where they may find some of the aforementioned briefs filed by certain “public interest” law firms contesting the subpoenas.  Due to my results-oriented approach and lack of interest in useless debate, I have refrained from posting what happened in these cases.  Rest assured, we got what we wanted and the subpoenas were moot as unnecessary.  Lesson learned: to the extent permitted by law, we will use technology to stay ahead of dinosaur law firms.  This is important, because whether you are Dr. M.L. posting about a fellow doctor, D.A. from San Francisco, Dr. J.E. posting about a newly graduated surgeon, or a school teacher from Florida posting during working hours at the taxpayer’s expense, it is very likely that we will get to you, legal briefs or not.   (Note that the initials were used to protect the identities of those involved, at least for the time being).

Now, what about the First Amendment?  We all know that opinions regarding matters of public interest are protected.  If someone writes about a doctor (or any other business or professional) claiming to be a patient (or customer), do we take that at face value?  Are we so naive? 

Let’s take an example.  Look at the post below:

Now, some of these well-intentioned but naive “public interest” attorneys may claim that this is protected opinion.  On the face of the post, they are probably right. 

Now, true story… what if the post was traced to a surgeon who was never a patient?   Even my naive “public interest” friends may agree that we have a problem here.   If the premise that there was a “surgery” is false, is this really an opinion protected by the First Amendment?  Really?

This is only an example.  The attorneys who participated in my recent Internet defamation CLE saw more examples, and I can write a book with the stuff I have seen.  Recently, we had a heated court argument in Virginia regarding the need to reveal the identity of an anonymous poster.  Fortunately, we prevailed.  When the answer came back, the author was a competing doctor.  Do you see a pattern here?  What if I cited 20 more examples (which would be only a fraction of what we have seen)?

From my experience, I have no sympathy for people who hide behind anonymity to trash others.  It is just not an honorable and honest thing to do.  If you are a real patient or a customer with a gripe, you can simply attempt to resolve the issue like people of character do.   If you can’t, then express yourself all you want and stand by what you said.  Unfortunately, cowards don’t do that.  If you don’t lie about material facts, you will probably be safe from a lawsuit.   

The real “chilling effect” of the situation is that if Courts do not require the identity of the poster to be revealed because the statement on its face is only an “opinion”, how can you protect yourself from being defamed on the Internet?  The doctor in the post pictured above may have had her career as a surgeon shattered before it began.  Perhaps, courts should require disclosure under seal to protect all involved and to determine the course moving forward.   In the meantime, the fight against Internet defamation using all legal means, whether conventional or not, will continue.  To the “public interest” law firms, we appreciate your briefs, even if naive.

Copyright Law: Pornographers Following RIAA’s Shakedown Tactics

At this Internet law firm, we are no strangers to copyright litigation.  From whether website reviews are copyrightable to defending individuals caught in the RIAA’s use of the Department of Justice to do RIAA’s litigation in the form of criminal copyright infringement prosecutions.   Now the pornographers are here and they are taking a page out of the RIAA’s playbook.  It appears that the pornographers’ strategy is to file lawsuits against unidentified parties, issue subpoenas and follow up with threatening letters to the identified individuals demanding payment of a few thousand dollars.  These individuals are accused of utilizing bit torrent software to infringe on the copyrights.  Multiply the $2k to $3k requested from each identified “John Doe” times a few hundred defendants in several jurisdictions and the pornographers can feasibly make more money through lawsuits than through selling their product.

To further the strategy, pornographer Patrick Collins filed an action in the U.S. District Court for the Eastern District of Virginia against 58 different unidentified (John Doe) defendants.  The case is
Civil Action No: 3:11CV531.  We were retained by one of the “John Doe” Defendants.  We identified a number of problems with Plaintiff’s case, not the least of which is the joinder of totally unrelated parties on the same litigation.  After seeing this situation, we filed a Motion to Quash on behalf of our client.  Some excerpts of the filing follow below:

Over the past several years, copyright owners across the nation, even those such as Plaintiff, who is yet to receive a copyright registration for its hardcore pornography, have attempted to take advantage of federal joinder rules in order to sue numerous John Doe defendants within a single complaint. These complaints are for copyright infringement via the Internet, and the complaints generally allege the use of peer-to-peer programs such as BitTorrent to download and/or upload copyrighted works. Some of these cases attempt to join defendants by the dozens, but many extend to hundreds and even thousands of unnamed defendants. See infra. Some courts have opined that the rationale for the joinder of multiple defendants in these copyright cases is an attempt by plaintiffs to “identify hundreds of Doe defendants through pre- service discovery and facilitate mass settlement.” See, for example, On the Cheap, LLC v. Does 1-5011, Case No. C10-4472, *11 (Zimmerman, M.J.) (N.D. Cal. Sept 6, 2011) (quoting IO Group, Inc. v. Does 1-435, 2011 U.S. Dist. LEXIS 14123, *9 (N.D. Cal. Feb. 3, 2011)).

Doe Defendant notes that this is not Plaintiff’s first mass-defendant copyright infringement lawsuit. For example, a similar copyright infringement suit regarding a different pornographic video was filed by Plaintiff in the Northern District of West Virginia against 281 John Doe defendants. In that case, all John Doe defendants except for John Doe 1 were severed on the basis of misjoinder, and subpoenas for the identities of the severed defendants were quashed. See Patrick Collins, Inc. v. Does 1-281, Case No. 3:10-cv-00091, *3-4 (Bailey, J.) (N.D. W.V. Dec 16, 2010). It appears that after failing in West Virginia, Plaintiff now asserts similar claims before this Court.

.
.
.

Under the Federal Rules of Civil Procedure, joinder of defendants is appropriate where two factors are met: 1) “any right to relief is asserted against them jointly, severally, or in the alternative with respect to or arising out of the same transaction, occurrence, or series of transactions or occurrences” and 2) “any question of law or fact common to all defendants will arise in the action.” Fed. R. Civ. P. 20(a)(2). If it is clear that misjoinder has occurred, then Fed. R. Civ. P. 21 permits a court, by a party’s motion or
sua sponte, to drop parties or to sever claims. “On motion or on its own, the court may at any time, on just terms, add or drop a party. The court may also sever any claim against a party.” Fed. R. Civ. P. 21.

.

.

.

The gravamen of Plaintiff’s Complaint is that John Doe Defendants all used a peer-to-peer client called BitTorrent to download and simultaneously upload the pornographic video. Essentially, Plaintiff alleges that all the John Doe Defendants “downloaded” the adult film and then “distributed” parts of that film to IPP, Limited, a company retained by Plaintiff to identify copyright infringement. Comp. ¶¶ 36-40. Yet other than some conclusory language regarding contributory copyright infringement and mischaracterizations of the application of BitTorrent “swarms,” discussed infra, there are no allegations that the John Doe Defendants acted in concert to infringe Plaintiff’s alleged copyright or that they were part of the same “transaction, occurrence, or series of transactions or occurrences” as required under Fed. R. Civ. P. 20(a)(2).

Plaintiff’s entire Complaint rests upon the premise that merely using BitTorrent to download the same file is sufficient to join different parties together as defendants in a single lawsuit.

However, numerous courts across the country have held that allegations that John Doe defendants “used the same peer-to-peer network to infringe a plaintiff’s copyrighted works are insufficient for joinder of multiple defendants under [Fed. R. Civ. P.] 20.” Boy Racer, Inc. v. Does 1-60, Case No. 3:11-cv-01738, *2 (Illston, J.) (N.D. Cal. Aug 19, 2011). The Northern District of California summarized some of these holdings:

Laface Records, LLC v. Does 1-38, 2008 U.S. Dist. LEXIS 14544 (E.D.N.C. Feb. 27, 2008) (ordering the severance of claims against thirty-eight defendants where plaintiff alleged each defendant used the same ISP as well as the same peer-to-peer network to commit the alleged copyright infringement, but there was no assertion that the multiple defendants acted in concert); Interscope Records v. Does 1-25, 2004 U.S. Dist. LEXIS 27782 (M.D. Fla. Apr. 1, 2004) (magistrate recommended sua sponte severance of multiple defendants in action where only connection between defendants was allegation that they used same ISP and peer-to-peer network to conduct copyright infringement); see also BMG Music v. Does, 2006 U.S. Dist. LEXIS 53237, No. 06-01579 (Patel, J.) (N.D. Cal. July 31, 2006) (finding improper joinder of four Doe defendants where the complaint alleged that each defendant used the same ISP to engage in distinct acts of infringement on separate dates at separate times, and there was no allegation that defendants acted in concert); Twentieth Century
Fox Film Corp. v. Does 1-12,
No. C 04- 04862 WHA (N.D. Cal. Nov. 16, 2004) (Alsup, J.) (severing twelve Doe defendants in a copyright infringement case where although defendants used the same ISP to allegedly infringe motion picture recordings, there was no allegation that the individuals acted in concert); cf. In the Matter of DIRECTV, INC. 2004 U.S. Dist. LEXIS 24263, No. 02-5912 (Ware, J.) (N.D. Cal. Jul. 26, 2004) (severing and dismissing hundreds of defendants in a case alleging that defendants purchased and used modified access cards and other pirate access devices to permit view of plaintiff’s programming without authorization).

Boy Racer, Case No. 3:11-cv-01738 at *2-3. Other cases holding similarly include multiple West Virginia cases (see, for example, Patrick Collins, Case No. 3:10-cv-00091, *3; Third World Media, LLC v. Does 1-1,243, Case No. 3:10-cv-00090, *3 (Bailey, J.) (N.D.W.V. Dec. 16, 2010); Combat Zone, Inc. v. Does 1-245, Case No. 3:10-cv-00096, *3 (Bailey, J.) (N.D.W.V. Dec. 16, 2010); and Axel Braun Production v. Does 1-7,098, Case No. 3:10-cv-00112, *3 (Bailey, J.) (N.D.W.V. Dec. 23, 2010), all holding that “defendants’ alleged use of some of the same ISPs and P2P networks to commit copyright infringement is, without more, insufficient for permissive joinder under Rule 20”); Lightspeed v. Does 1-1,000, 2011 U.S. Dist LEXIS 35392 (N.D. Ill. March 31, 2011) (finding misjoinder in a multiple-defendant copyright case involving BitTorrent); multiple cases from Texas (see, for example, Funimation Entertainment v. Does 1- 1337, Case No. 3:11-cv-00147-F, *3 (Furgeson, J.) (N.D. Tx. Feb. 10, 2011), holding that the plaintiff failed to allege any relationship among the defendants or any allegations that defendants acted in concert: “Plaintiff makes no allegation in this case that the claims against the joined defendants ‘arise out of the same transaction, occurrence, or series of transactions or occurrences.’ Instead, it seems that the copyright infringement claim against each Defendant is based on the individual acts of each Defendant”); and multiple California cases (see infra). In summation, courts from multiple jurisdictions have repeatedly concluded that “merely committing the same type of violation in the same way does not link defendants together for purposes of joinder.” Laface Records, 2008 WL 544992 at *2.

The Northern District of California has severed defendants and quashed subpoenas in multiple copyright infringement cases involving BitTorrent, including Boy Racer, Case No. 3:11- cv-01738; IO Group, Inc. v. Does 1-19, 2010 U.S. Dist. LEXIS 133717 (N.D. Cal. Dec. 7, 2010); and IO Group, Inc. v. Does 1-435, 2011 U.S. Dist. LEXIS 14123 (N.D. Cal. Feb. 3, 2011). In IO Group v. Does 1-19, the plaintiff claimed that nineteen different defendants reproduced eighteen different copyrighted films on fifteen different days. “The Court found that the plaintiff’s allegations that the defendants conspired with each other to provide the infringing reproductions of the works were ‘wholly conclusory and lack[ed] any facts to support an allegation that defendants worked in concert to violate plaintiff’s copyrights’.” Boy Racer, Case No. 3:11-cv- 01738 at *3 (quoting IO Group v. Does 1-19, 2010 U.S. Dist. LEXIS 133717 at *8-9). “The Court held that the ‘only factual allegation connecting the defendants’ – the allegation that they all used the same peer-to-peer network to reproduce and distribute the plaintiff’s copyrighted work – was insufficient for joinder of multiple defendants under Rule 20.” Id. “Similarly, in IO Group v. Does 1-435, the Court severed the Doe defendants, holding that use of the same ISP and peer-to-peer network was not sufficient for joinder, and that any ‘potential conspirator liability, based solely on use of a P2P network,’ does not stretch ‘so far as to make joinder of all users of a P2P network in one action proper.’” Id. at *4 (quoting IO Group v. Does 1-435, 2011 U.S. Dist. LEXIS 14123 at *15-16).

As the Northern District of California noted, “Courts have held specifically that the nature of the BitTorrent protocol does not make joinder appropriate where defendants allegedly used BitTorrent to infringe copyrighted works.” Boy Racer, Case No. 3:11-cv-01738 at *4. “In Diabolic Video Productions, the plaintiff alleged that 2,099 different defendants ‘acted in cooperation’ with one another ‘by agreeing to provide, and actually providing on a P2P network,an infringing reproduction’ of the plaintiff’s work.” Id. (quoting Diabolic Video Productions v. Does 1-2,099, 2011 U.S. Dist. LEXIS 58351, *10 (Grewal, M.J.) (N.D. Cal. May 31, 2011)). The plaintiff in Diabolic Video claimed that the “[d]efendants joined in a common ‘swarm,’ . . . that qualifies as the single transaction or series of closely-related transactions recognized under Rule 20.” Id. (quoting Diabolic Video, 2011 U.S. Dist. LEXIS 58351 at *10). “However, the court found that, apart from the alle
gation that the defendants all used the same peer-to-peer network to reproduce and distribute the plaintiff’s copyrighted work, the plaintiff offered ‘no allegations whatsoever to support its theory of a single or closely-related transactional theory.’”
Id. (quoting Diabolic Video, 2011 U.S. Dist. LEXIS 58351 at *10).

Boy Racer is on point. In that case, the Northern District of California concluded that the plaintiff failed to “plead facts showing that any particular defendant illegally shared plaintiff’s work with any other particular defendant.” Boy Racer, Case No. 3:11-cv-01738 at *5. Similarly, in this case, Plaintiff has not alleged that the John Doe Defendants shared the pornographic video with other John Doe Defendants; the Complaint merely alleges that all John Doe Defendants apparently connected with IPP, Limited’s computer on different dates and times. Comp. Exhibit A. The Northern District of California court also noted, “The Exhibit attached to plaintiff’s complaint indicates that defendants were allegedly present in BitTorrent swarms on approximately 18 different dates, and that defendants used approximately nine different ISPs.” Id. at *5-6. In the present case, Plaintiff, apparently realizing that it must allege some common transaction or occurrence in order to survive a motion to quash, attempts to portray all the John Doe Defendants are being a part of a single swarm. Comp. ¶¶ 31-33, 55-58. However, this claim is contradicted by Exhibit A of Plaintiff’s Complaint, which shows that John Doe Defendants allegedly communicated with IPP, Limited’s computer on multiple dates spanning a period of two months. Notably, the date and time that Doe Defendant allegedly communicated with IPP, Limited’s computer, July 15, 2011 at 15:23, fails to coincide with the dates and times of any of the other John Doe Defendants. Comp. Exhibit A. Thus, the logical conclusion is that the John Doe Defendants were part of multiple transactions, which is what the courts in Boy Racer and On the Cheap Order also concluded. The court in On the Cheap Order stated: “In Boy Racer, the Court was not persuaded by the copyright holder’s argument, which plaintiff sets forth here, that all of the defendants were involved in the same transaction because each one of them joined the same ‘swarm’ to download or distribute the copyrighted movie and were therefore acting in concert. Boy Racer found that the large gap of time – six weeks – between the alleged infringing act of the first Doe and the last Doe showed that the defendants may not have been cooperating with each other. The same is true for this case since Doe 1’s infringing act allegedly happened on June 19, 2010 while Doe 5011’s infringing act took place almost seven weeks later on August 6.” On the Cheap, Case No. 3:10-cv-04472 at FN4 (internal citations omitted).

If the Court were to accept Plaintiff’s rationale, then from the instant that a BitTorrent seed begins sharing a file with another peer, a single “swarm” would be created and would exist until the very last instant when a peer was sharing a file with another peer. Thus, a single swarm could conceivably last until perpetuity – or, more realistically, weeks, months, or even years. Someone who started a download six months after a BitTorrent torrent descriptor file was initially made available would thus, per Plaintiff’s characterization, be considered a participant in the same swarm as someone who had already completed the download, and was perhaps no longer even sharing the file, five months and twenty-nine days earlier. Under Plaintiff’s theory, the two individuals – whose computers may never have even communicated with each other – could be joined together as co-defendants in a single lawsuit, as a plaintiff could argue that they were both part of a single swarm and thus were both a part of the same transaction or series of transactions. Such a scenario is obviously overly broad in terms of joinder and was therefore rightfully rejected by other courts. Rejecting this scenario is further bolstered by other facts. For example, as many Americans presently have access to high-speed Internet and even multi- gigabyte files can be downloaded within a matter of hours, since Plaintiff’s alleged logs span two months, it is not clear how Plaintiff can seriously claim that each and every John Doe Defendant participated in the same transaction or same series of transactions. In order to transfer a file, the BitTorrent client must be open and the BitTorrent torrent descriptor file must be loaded into the client. Once a download is complete, an individual may exit out of the BitTorrent client, delete the BitTorrent torrent descriptor file, and/or eventually delete the downloaded file; in any of those situations, the file that was downloaded would no longer be shared with other peers. Additionally, to track the IP addresses used to download the pornographic video, IPP, Limited initiated a download of the film using a BitTorrent client. Comp. 40. Its own download of the adult video would hardly have taken two months to complete, and thus it would have had to initiate a new download each time the previous download completed. This is presumably what happened based upon Plaintiff’s allegation that “each of the Defendant’s computers used their identified IP addresses to connect to the investigative server from a computer … in order to transmit a full copy, or a portion thereof, of a digital media file.” Comp. 40 (emphasis added). Therefore, by Plaintiff’s own admission, IPP, Limited was involved in multiple file transfers, i.e., multiple transactions. Doe Defendant also notes that the “hash number” that Plaintiff mentions in its Complaint does not identify a particular transaction or occurrence, but rather, it is used to identify the particular file that is being transmitted. All individuals who downloaded the file via BitTorrent would – or should – have the same hash number for the file, regardless of when they downloaded it or from which computers they received pieces of the file. Therefore

, Plaintiff’s contention that the John Doe Defendants were all part of the same transaction, occurrence, or series of transactions or occurrences is without merit. The Complaint does not otherwise allege that John Doe Defendants were related in any way; the Complaint also does not allege any facts to support the conclusory claim that John Doe Defendants knew about each other. Thus, it is clear that Plaintiff’s Complaint is no different from other peer-to-peer complaints made and rejected by courts across the country. As the Northern District of California stated: “The nature of the BitTorrent protocol does not justify joinder of these otherwise unrelated Doe defendants. The BitTorrent protocol is of the same peer-to-peer architecture of other peer-to-peer protocols where this Court and other courts have found joinder improper. Allegations that defendants used a single peer-to-peer network to download plaintiff’s works – on different days, at different times, and through different ISPs – is insufficient to allow plaintiff to litigate against sixty different defendants in one action.” Boy Racer, Case No. 3:11- cv-01738 at *6.
Furthermore, courts have found improper joinder in multiple-defendant copyright cases because each defendant is likely to have a different defense:
Comcast subscriber John Doe 1 could be an innocent parent whose internet access was abused by her minor child, while John Doe 2 might share a computer with a roommate who infringed Plaintiffs’ works. John Does 3 through 203 could be thieves, just as Plaintiffs believe, inexcusably pilfering Plaintiffs’ property and depriving them, and their artists, of the royalties they are rightly owed. . . . Wholesale litigation of these claims is inappropriate, at least with respect to a vast majority (if not all) of Defendants.

BMG Music v. Does 1-203, Case No. 04-650, 2004 WL 953888, *1 (E.D. Pa. Apr. 2,

2004); see also Third World Media, Case No. 3:10-CV-90 at *3 and On the Cheap, Case No. 3:10-cv-04472 at *6 (“one factor weighing in favor of severance is that since the claims against the different Defendants most likely will involve separate issues of fact and separate witnesses, different evidence, and different legal theories and defenses, which could lead to jury confusion, separate trials will be required for each Defendant” (internal citations and quotation marks omitted)).

You may find our memorandum in support of the Motion to Quash here.  After we filed the Motion, the Plaintiff filed a notice of voluntary dismissal, which is permitted under the Federal Rules of Civil Procedure.  Although we are glad that our client was dismissed from the litigation, the entire scenario surrounding this litigation and the ensuing shakedown of the individuals identified (RIAA style), is still troublesome. 

Unfortunately for the Plaintiff, this questionable litigation strategy did not escape the Court’s attention.  The Court entered an Order severing all but one of the defendants from the litigation, quashed all the subpoenas, and may impose sanctions against Plaintiff and against Plaintiff’s attorney.  

Some interesting portions of the Court’s Order follow:

In short, the plaintiff has failed to demonstrate any right to relief against the defendants arising out of the same transaction,occurrence,or series of transactions or occurrences. “Merely committing the same type of violation in the same way does not link defendants together for purposes of joinder.” Laface Records, LLC v. Does 1-38, No. 5:07-CV-298, 2008 U.S. Dist. LEXIS 14544, at *7 (E.D.N.C. Feb. 27, 2008). The Court agrees with Judge Spero’s analysis in a recent decision from the United States District Court for the Northern District of California 

.

.

.

The mere allegation that the defendants have used the same peer-to-peer network to copy and reproduce the Work—which occurred on different days and times over a span of two months—is insufficient to meet the standards o f joinder set forth in Rule 20. See Diabolic Video Productions, Inc. v. Does 1-2099, No. 10-CV-5865, 2011 U.S. Dist. LEXIS 58351, at *10-11 (N.D. Cal. May 31,2011); see also Millennium TGA, Inc. v. Does 1-21, No. 11-2258,2011 U.S. Dist. LEXIS 53465, at *6-7 (N.D. Cal. May 12, 2011). Accordingly, the Court concludes that joinder of the Doe defendants in this action does not satisfy Rule 20(a). In the interest of fairness, the Court finds it appropriate to exercise its discretion under Rule 21 to sever all o f the defendants but one.

The Court also finds that the plaintiff shou

ld be required to show cause why certain conduct does not violate Rule 11 of the Federal Rules of Civil Procedure. The Court currently has three similar cases before it, all brought by the same attorney.2 The suits are virtually identical in their terms, but filed on behalf of different film production companies. In all three, the plaintiffs sought, and the Court granted, expedited discovery allowing the plaintiffs to subpoena information from ISPs to identify the Doe defendants. According to some of the defendants, the plaintiffs then contacted the John Does, alerting them to this lawsuit and their potential liability. Some defendants have indicated that the plaintiff has contacted them directly with harassing telephone calls, demanding $2,900 in compensation to end the litigation. When any of the defendants have filed a motion to dismiss or sever themselves from the litigation, however, the plaintiffs have immediately voluntarily dismissed them as parties to prevent the defendants from bringing their motions before the Court for resolution.

This course of conduct indicates that the plaintiffs have used the offices of the Court as an inexpensive means to gain the Doe defendants’ personal information and coerce payment from them. The plaintiffs seemingly have no interest in actually litigating the cases, but rather simply have used the Court and its subpoena powers to obtain sufficient information to shake down the John Does. Whenever the suggestion of a ruling on the merits of the claims appears on the horizon, the plaintiffs drop the John Doe threatening to litigate the matter in order to avoid the actual cost of litigation and an actual decision on the merits.

The plaintiffs’ conduct in these cases indicates an improper purpose for the suits. In addition, the joinder of unrelated defendants does not seem to be warranted by existing law or a non-frivolous extension of existing law.

A complete copy of the Court’s Order can be read here.  It will be interesting to see where this litigation goes next.

Attorney Domingo J. Rivera wins Summary Judgment in Computer Trespass Case

In another pioneer decision, attorney Domingo J. Rivera obtained summary judgment in a case involving an ex-husband accessing his wife’s email and social network accounts without authorization. 

There has been some discussion in the news about a Michigan man that criminally charged with with accessing his wife’s computer accounts.   Some commentators have argued that utilizing the computer hacking statutes to prosecute these acts is overreaching, but so far, the courts have provided little guidance on this issue.

Many Federal and State computer crime statutes provide not only criminal, but also civil remedies for the victims.  Recently, attorney Domingo Rivera handled one of these civil cases.   As is the case for many pioneering cases handled by attorney Domingo Rivera, this was a case that other attorneys expressed doubt about and that opposing counsel openly minimized. 

In this case, the opposing party claimed that the divorce property settlement agreement barred our client’s claims and filed a counterclaim against our client for breach of the agreement.  We also obtained summary judgment dismissing this claim against our client.

The Court not only agreed with the legal argument advance by attorney Domingo Rivera, but also granted summary judgment.   Obtaining summary judgment means that we prevailed as a matter of law and that a trial to establish liability was not necessary.   The Court expertly discussed the standard for summary judgment:

In determining whether summary judgment is appropriate, the burden is placed on the moving party to establish both the absence of a genuine issue of material fact and that it is entitled to judgment as a matter of law. See Fed. R. Civ. P. 56(c); Matsushita Elec. Indus. Co. v. Zenith Radio Corp., 475 U.S. 574, 586-87 (1986); Nat’l. Bank of Commerce of El Dorado, Ark. v. Dow Chem. Co., 165 F.3d 602 (8th Cir. 1999). The Court must review the facts in a light most favorable to the party opposing a motion for summary judgment and give that party the benefit of any inferences that logically can be drawn from those facts. Canada v. Union Elec. Co., 135 F.3d 1211, 1212-13 (8th Cir. 1998) (citing Buller v. Buechler, 706 F.2d 844, 846 (8th Cir. 1983)).
Once the moving party demonstrates that the record does not disclose a genuine dispute on a material fact, the non-moving party may not rest upon the mere allegations or denials of his pleadings, but his response, by affidavits or as otherwise provided in Rule 56, must set forth specific facts showing that there is a genuine issue for trial. Ghane v. West, 148 F.3d 979, 981 (8th Cir. 1998)(citing Burst v. Adolph Coors Co., 650 F.2d 930, 932 (8th Cir. 1981)). In order for there to be a genuine issue of material fact, the non-moving party must produce evidence “such that a reasonable jury could return a verdict for the nonmoving party.” Allison v. Flexway Trucking, Inc., 28 F.3d 64, 66 (8th Cir. 1994) (quoting Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986)). Furthermore, “[w]here the unresolved issues are primarily legal rather than factual, summary judgment is particularly appropriate.” Aucutt v. Six Flags Over Mid-America, Inc., 85 F.3d 1311, 1315 (8th Cir. 1996)(quoting Crain v. Bd. of Police Comm’rs, 920 F.2d 1402, 1405-06 (8th Cir. 1990)).

The Court then moved on to the respective arguments of the parties, attorney Domingo Rivera represented the Plaintiff.  The Court explained:

III. Plaintiff’s Claims

As a threshold matter, Defendant claims that Plaintiff is barred from bringing her claims by the terms of the Property Settlement Agreement (the “Agreement”) signed by both parties as a part of the parties’ divorce proceeding. Defendant’s counterclaim alleges that Plaintiff is in breach of contract for bringing the present claims. In signing the Agreement, both parties acknowledged that they had been represented by counsel prior to executing the Agreement. “Settlement agreements are contracts subject to the general rules of contract construction.” Hill v. Southside Public Schools, 688 F.Supp. 493, 497 (E.D. Ark. 1988) (quoting N.L.R.B. v. Superior Forwarding, Inc., 762 F.2d 695, 697 (8th Cir. 1985)). The Court is to construe any agreement to give effect to the intent of the parties. Id. The intent of the parties is determined by reviewing the language of the contract itself, as well as by considering “the circumstances surrounding the making of the contract, its subject, and the situation and relation of the parties at the time of its making.” Id. (quoting Louisiana-Nevada Transit Co. V. Woods, 393 F. Supp. 177, 184 (W.D. Ark. 1975)).

The Agreement was meant to settle any and all claims related to the divorce proceeding. It strains logic to infer that the parties’ intended to waive the ability to bring any and all claims, including federal claims that could not have been litigated in a state divorce proceeding, that could ever potentially arise between the parties. Taking into consideration the fact that the parties were forming and signing the agreement in the context of a divorce proceeding; the subject and purpose of the agreement was to settle issues “arising out of this [divorce] litigation”. (Doc. 8, p. 11, ex. A). The fact that the divorce proceeding took place in state court that would not have jurisdiction over many of the claims Plaintiff now raises, can only lead the Court to conclude that Plaintiff did not waive her ability to bring the instant claims. While the alleged conduct may have taken place prior to and during the pendency of the divorce proceedings, the Court does not find Plaintiff’s claims to be intertwined with the Agreement such that she would now be precluded from bringing her claims in federal court.

Defendant also argues that Plaintiff is precluded from bringing her claims because the court presiding over the custody proceeding admitted the materials that he accessed into evidence. A court’s admission of materials into evidence is not relevant to the issues currently before the court. The judge in that proceeding made no determination as to the merits of the present claims. As Defendant points out, Plaintiff may have been able to appeal the decision to admit the evidence, but she also has the independent ability to pursue separate claims in this Court. For these reasons, the Court finds that Plaintiff is entitled to Summary Judgment on Defendant’s Counterclaim, and her motion as to the counterclaim (doc. 22) is GRANTED.

Finally, the Court explored the applicability of the Stored Communications Act and the State Computer Trespass statutes:

ii. Federal Stored Communications Act (SCA)

The relevant section of the SCA provides that whoever “intentionally accesses without authorization a facility through which an electronic communication service is provided; or intentionally exceeds an authorization to access that facility; and thereby obtains . . . access to a wire or electronic communication while it is in electronic storage in such system shall be punished . . .” 18 U.S.C. § 2701(a). The statute allows for private causes of action where “any person” injured by a violati
on of the SCA can show that the person viola
ting the Act acted with a

Are Website User Reviews Copyrightable?

p { margin-

Are Website User Reviews Copyrightable? by Domingo J. Rivera , Esq.

Internet
review sites continue to gain popularity. Users can find a website where they can review just about anything. From whether
they like the breakfast bar at a particular hotel to their Toyota’s
breaking capabilities (or lack thereof), from whether their obstetrician is friendly
enough to whether their plastic surgeon made their nose a bit too
pointy. If an Internet user wants the world informed of his or her
every interaction with the outside world, there is a platform out
there to accommodate that.

The
question is, are these reviews copyrightable material. If they are,
the author grants a license to publish these materials to the website
and can generally revoke this license. What happens if the original
author demands removal of the review? Can the website refuse to do
so without incurring potential liability for copyright infringement ?
The answer depends on whether these reviews are copyrightable in the
first place and involves an Internet law question. In my opinion, they are. You do not need to be John
Grisham to copyright your writings.

According
to the notes of committee on the Judiciary (1976) for 17 U.S.C. §
102, “[t]he phrase ‘original works of authorship,’ which is
purposely left undefined, is intended to incorporate without change
the standard of originality established by the courts under the
present copyright statute. This standard does not include
requirements of novelty, ingenuity, or esthetic merit, and there is
no intention to enlarge the standard of copyright protection to
require them.” Additionally, regarding the nature of copyright,
the notes further state that “[c]opyright does not preclude others
from using the ideas or information revealed by the author’s work. It
pertains to the literary, musical, graphic, or artistic form in which
the author expressed intellectual concepts” (emphasis added).

It
is well-established that facts cannot be copyrighted. Rather, the
United States Supreme Court has held that “[t]he copyright is
limited to those aspects of the work—termed ‘expression’—that
display the stamp of the author’s originality.” Harper Row,
Publishers Inc v. Nation Enterprises
, 471 U.S. 539, 547, 105 S.Ct.
2218, 85 L.Ed.2d 588 (1985). However, “[c]reation of a nonfiction
work, even a compilation of pure fact, entails originality.” Id.

The
Supreme Court held:

To
qualify for copyright protection, a work must be original to the
author. Original, as the term is used in copyright, means only that
the work was independently created by the author (as opposed to
copied from other works), and that it possesses at least some minimal
degree of creativity. To be sure, the requisite level of creativity
is extremely low; even a slight amount will suffice. The vast
majority of works make the grade quite easily, as they possess some
creative spark, “no matter how crude, humble or obvious” it
might be. Id., § 1.08. Originality does not signify novelty…

Feist
Publications, Inc. v. Rural Telephone Service Company, Inc.
, 499 U.S.
340, 345, 111 S.Ct. 1282, 113 L.Ed.2d 358 (1991) (emphasis added,
internal citations omitted). “[O]riginality requires independent
creation plus a modicum of creativity”, and “creativity” is
“limited to ‘original intellectual conceptions of the author.’”
Id
. at 346.

Even
compilations of facts can be copyrighted, though the copyright is in
the compilation itself and not the facts. As the Feist court
explained:

Factual
compilations… may possess the requisite originality. The
compilation author typically chooses which facts to include, in what
order to place them, and how to arrange the collected data so that
they may be used effectively by readers. These choices as to
selection and arrangement, so long as they are made independently by
the compiler and entail a minimal degree of creativity, are
sufficiently original that Congress may protect such compilations
through the copyright laws. Id.
at 348. “[I]f the compilation author clothes facts with an
original collocation of words, he or she may be able to claim a
copyright in this written expression.”

The
U.S. Court of Appeals for 4th Circuit noted that “… copyright does not secure an exclusive
right to the use of facts, ideas, or other knowledge. Rather, a
copyright gives an author exclusive rights only with respect to his
manner of expression.” Bond v. Blum, 317 F.3d 385, 394 (4th Cir.,
2003) (emphasis added). “The copyright is the author’s right to
prohibit the copying of the author’s intellectual invention, i.e. the
originality of an author’s expression. Since individual expressions
of ideas inevitably vary, the originality inherent in each author’s
expression is the essence of the proprietary interest protected.”
Superior Form Builders, Inc. v. Dan Chase Taxidermy Supply Co., Inc.,
74 F.3d 488, 492 (4th Cir., 1996). What is copyrightable is the
author’s original expression of the facts, not the facts themselves,
and the Supreme Court has held that only a minimal amount of
“creativity” is needed to be considered “original.”

The
question of whether factual works are copyrightable thus focuses on
the original contribution of the author – how the author presents
the facts, how the author chooses, interprets, or analyzes those
facts, the words and terms the author uses to couch those facts, etc.
The Southern District of New York explained it as thus: “[copyright
law] afford[s] protection only to the author’s manner of expression,
that is, the author’s analysis or interpretation of events, the way
he or she structures material and marshals facts, the author’s choice
of words, and the emphasis the author gives to particular
developments.” Werlin v. Reader’s Digest Ass’n, Inc., 528 F.Supp.
451, 461-462 (S.D.N.Y., 1981).Thus,
this Court holds that the Review qualifies as a copyrightable work.

Therefore,
a review is copyrightable as the author’s independent creation and
original expression of facts. The reviewer’s choice of words,
interpretation and analysis of the facts, structuring of the review,
etc. satisfy the minimal creativity standard set by the Supreme Court
to meet the “originality” requirements of the Copyright Act.

Therefore, by refusing to remove reviews at the request of the
original author, the website owner is potentially exposed to a
copyright infringement claim. The ISP immunities under Section 230
of the Communications Decency Act do not apply to copyright claims.

Internet Lawyer New Website

We are in the process of updating the Internet Lawyer website.  The website was a bit dated and in desperate need of a “facelift.”  We have updated the appearance and will be updating the contents to better reflect the current state of our practice.  This has been a very successful year for our Internet Law practice, and hopefully the new website will better reflect our image.  During that time, some of the urls in the Internet Lawyer website may still resolve to the old pages.  I am aware that this has caused some confusion for some of our existing and potential clients, but it will be resolved soon.   We are going through the same process with our Cyber Crime Defense website.  This one is almost done, but some urls still need to be fixed.

We will continue updating the website in a manner that will hopefully reduce any confusion.  This has been a great year for our Internet Law firm.  We became the first law firm in the United States to win a jury trial in Federal Court involving accusations of criminal copyright infringement (music piracy).  This was also the most important case of its type.  Our client was alleged to be the leader of the most prolific music piracy group in the world.  After five days of trial, the jury agreed with us and returned a Not Guilty verdict.

U.S. v. Cassim: Domingo Rivera obtains first Federal “music piracy” jury trial defense victory

Today, a federal jury acquitted Adil Cassim who was represented by Domingo J. Rivera.  The United States Department of Justice had alleged that Adil Cassim was the leader of Rabid Neurosis (“RNS”).  On the DOJ website, the press release alleged that “according to the indictment, the defendants, led by Cassim for a
period of time, allegedly conspired to illegally upload to RNS
thousands of copyright protected music files, which were often
subsequently reproduced and distributed hundreds of thousands of times. According to the indictment, RNS was a “first-provider” or “release
group” for pirated music and other content to the Internet. Once a
group obtains and prepares infringing digital copies of copyrighted
works, the copies can then be distributed in a matter of hours to
secure computer servers throughout the world. According to the
indictment, RNS members were granted access to massive libraries of
pirated music, video games, software and movies by gaining a reputation
for providing previously unavailable pirated materials. The indictment
alleges that
t
he supply of pre-release music was often provided by music industry
insiders, such as employees of compact disc (CD) manufacturing plants,
radio stations and retailers, who typically receive advance copies of
music prior to its commercial release.Read the USDOJ press release here.

Various alleged members of RNS have been convicted.  The jury’s verdict was released a few hours ago, more details will be available soon.

The CDA, cyber-racketeers, the DMCA, and changes to Section 230 by Domingo Rivera

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Normal
0
<wunctuationKerning/>

false
false
false

<wontGrowAutofit/>

MicrosoftInternetExplorer4

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 


 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Times New Roman”;
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}

It has been quite a while since my previous post.  I have been extremely busy assisting my clients with Internet legal mattersInternet defamation continues to affect the reputation of
businesses and professionals as former customers, patients, and others who know
that they do not have valid legal claims assert their false and frivolous
complaints in blogs, forums and smear sites.  Even competitors are now posing as unsatisfied consumers in order to post false and defamatory statements
with hopes to gain an unwarranted economic advantage.  Everyday we protect
the reputation of businesses and professionals against these unlawful
practices.


With the elections over, it is now time to get back to business as normal.  Speaking
of the elections and politicians, many do not know that they can thank Congress for the
continued proliferation of Internet defamation.  The name of the culprit law is Section 230 of the Communications Decency Act.  The purpose of this law was to allow Internet service providers to be able to alter or remove objectionable content without assuming the liability associated with a traditional publisher of content.  Congress sought to allow providers of interactive computer services to perform some editing on user-generated content without becoming liable for all defamatory or otherwise unlawful messages that they didn’t edit or delete. In other words, Congress sought to immunize the removal of user generated content, not the creation of content. 


Sections 230(c)(1) and 230(e)(3) provide that “no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider,”  and that “[n]o cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section.”  Noble intentions behind this Congressional law, but not-so good intention behind “Internet street law” which could be read as saying “service provider, you can stand by while your services are used to ruin the reputation of good businesses and people, don’t worry, we will not hold you liable.” 

This has given rise to many consumer complaints websites.  While some of these are well-intentioned and responsible, the majority are not.  The lawlessness has now sparked many websites charging fees for “investigating” consumer complaints.  Some of these websites have their employees call their targets and offer to help with the defamatory postings… for a membership fee, of course.  Some of these websites have been known to have their employees actually create the postings in an “anonymous” manner. 


There are certain of these websites who charge a sliding scale fee for these memberships.  Therefore, if you are a successful business and you wish to have the false postings edited or removed, it may cost tens of thousands of dollars.  But the administrators of this scheme apparently have a kind and gentle heart.  Therefore, if you believe that their fee is not financially feasible to you, they offer you the opportunity to prove it to them and request a lower fee.  But you must provide them your private financial information first.  Are these practices any different from the mafia employee going to a store and demanding the boss’ “share” of the business earnings. Well, the threat of physical violence is now absent, but the demand is essentially the same “give us our share of your income or we will put you out of business.”  The name for this practice is racketeering. 

Now, if Domingo Rivera was a politician, which by the way is a very far-fetch thought, what would he do?  Well, Congress could look close to home for a smart, practical way to amend the CDA.  There is no reason for not adopting the takedown procedures mandated under the Digital Millennium Copyright Act (DMCA)


Under the DMCA, if a copyright owner discovers that contents are posted online in violation of the copyright owner’s rights, the copyright owner has the opportunity to have the allegedly infringing web site removed from a service provider’s network, or to have access to an allegedly infringing website disabled.  To accomplish this, the copyright owner must provide notice to the service provider.  Once proper notice is given, the service provider is required to expeditiously remove, or disable access to the material. The safe harbor provisions do not require the service provider to notify the individual responsible for the allegedly infringing material before it has been removed, but they do require notification after the material is removed.


Upon receiving notice that the allegedly infringing material has been removed, the person responsible for posting the contents has an opportunity to send a counter-notice to the service provider stating that the material has been wrongly removed. If a subscriber provides a proper counter-notice, the service provider must then promptly notify the copyright owner.  If, after receiving the counter-notice, the copyright owner does not bring a lawsuit in district court within 14 days, the service provider is required to restore the material. Additionally, under the DMCA, if it is determined that the copyright owner misrepresented the claim, the copyright holder then becomes liable to the individual who posted the contents for any damages that resulted from the improper removal of the material. 


A similar approach can be utilized for defamation claims.  Under this approach, a person discovering defamatory contents would be able to send a sworn notification to the service provider.  Upon receipt, the service provider would remove the contents or disable access to the contents.  At that time, the person posting the contents may serve a counter-notice.  If after a period of time, the defamation victim has not filed a lawsuit, then the contents could be restored.  This approach would allow for free truthful expression on the Internet while at the same time fairly providing a method that allows those defamed to protect their reputation online.


Do I see this happening anytime soon?  Probably not (and Domingo Rivera has no plans of running for office).  In the meantime, we will continue to devise novel strategies and techniques for protecting the reputation of Internet businesses against the cyber racketeers.  

If you enjoyed this post, you may also like:

Cease and Desist Letters: Balancing the Punishment for Bad Faith Against the Punishment for Bad Letters

There is no doubt that cease and desist letters serve a very important purpose in the litigation process, particularly in legal matters related to the Internet.  Many causes of action have bad faith as either an essential element or a factor that increases damages.  A party’s refusal to correct its acts after receiving a legitimate cease and desist notice can be interpreted as a sign of bad faith.  Although a recipient of a cease and desist notice has every right to decline pre-litigation requests without adverse consequences, he must do so in good faith.  Good faith means a reasonable belief of having the right to engage in the challenged behavior.  However, this “good faith belief” will not be interpreted broadly.  See, for example, Northern Light Tech., Inc. v. Northern Lights Club, 236 F.3d 57, 65 (1st Cir.2001) (approving district court’s use of defendant’s disregard of legitimate cease and desist letters as evidence of bad faith).

The question then becomes whether the recipient of the cease and desist letter willfully refused to comply with the law.  The answer involves an inquiry into the recipient’s state of mind.  In many cases there is no direct evidence of bad faith, however, the court may infer bad faith from the surrounding circumstances.  Therefore, if you receive a legitimate cease and desist letter from an attorney you should either cease the challenged behavior, or seek the immediate help of a competent attorney for candid advice as to whether your behavior violates the law.  You should select an attorney who is familiar with the area of law that is at issue.

If you receive a cease and desist letter from us, you can be sure that we will advice our client to seek additional remedies if the matter cannot be adequately resolved.  The letter may concern copyright infringement, trademark infringement, defamation, or other Internet legal matters.  Ignoring the letter is usually a bad bet, as the court may see it as a sign of bad faith.  The defense side of a courtroom is not a pleasant place to be. 

However, we understand that some attorneys venture into sending letters that make no legal sense.  I have previously commented about cease and desist letters and how ineffective they can sometimes be.  Some of these letters are so far-fetched, unrealistic, and unprofessional that many do not take them seriously.  Hence, the Third Circuit Court’s decision on Green v. Fornario, 486 F.3d 100 (3rd Cir. 2007). 

In Fornario, the plaintiff sent a cease and desist letter that included a threat from the attorney to refer the “conduct to the appropriate criminal authorities.” The small problem: this was a trademark dispute and the Lanham Act is a purely civil statute.  The big problem: lawyers should take threatening criminal prosecution very seriously.  In many States, a lawyer cannot threaten criminal prosecution for the purpose of gaining an advantage in a civil case.

The Fornario court refused to find that the defendant’s refusal to cease the allegedly infringing behavior was in bad faith.  Whether the court would have reached a different decision if the cease desist letter from the attorney been of better quality and without idle threats of criminal prosecution is anybody’s guess.  In Northern Light Tech. the court viewed the defendant’s disregard of legitimate cease and desist letters as evidence of bad faith.  To reconcile the decisions probably requires an understanding of the difference between bad faith and bad cease and desist letters.