Internet

A Framework for Assessing Technology Hubs in Africa

A Framework for Assessing Technology Hubs in Africa
Download a pdf version of this article here. This article explains the importance of technology hubs as drivers of innovation, social change, and economic opportunity within and beyond the African continent. It includes a thorough review and synthesis of findings from multi-disciplinary literature, and integrates insights from qualitative data gathered via interviews and fieldwork. It identifies three archetypes of hubs—clusters, companies, and countries—and discusses examples of each archetype using Kenya as a case study. The article then discusses potential collaboration, conflicts, and competition among these archetypes of hubs, and concludes with recommendations for future researchers.

Somewhere Beyond the ©: Copyright and Web Design

Somewhere Beyond the ©: Copyright and Web Design
By Florina Yezril* Download a PDF version of this article here.  

Introduction

“I think the ‘© 2015’ at the bottom of websites means that people aren’t allowed to reprint the content of the site (i.e. text and images) without permission. Honestly, I don’t know the full extent of its legal power.”[1]
Most websites, no matter the genre, source, or format, share a common element: if a user scrolls down far enough, a message will appear: “© 2015.” Despite its prevalence, few professional web designers know what the symbol means, even as they insert it into a web page. Web designers know that the “©” stands for “copyright,” which covers the content of a website and might cover the source code; however, they are not sure whether it protects the value web designers add to a website’s overall design.[2] Web design is an interesting lens through which to view innovation because the industry is so dynamic. It has a high rate of production, a low barrier to market entry, and is closely affected and constrained by changing technology.[3] This note focuses on professional website designers because they are repeat players in the field of web design and understand the industry’s norms. Part I describes what web design is and how web designers operate. Part II discusses the incentives of web designers to be creative. Part III describes the background of copyright law and its potential applicability to web design. This section demonstrates the ambiguity of copyright law as applied to web design. Part IV examines copyright protection for website design in several distinct contexts, including ownership disputes between web designers and their clients, copying by competitors, and design copying by unrelated websites. This section determines that copyright protection would not significantly alter creative incentives of web designers. This note concludes that the copyright symbol in the footer of websites can serve as a notice that socially pressures and deters potential copiers, protecting website design and incentivizing innovation, even in the absence of legal certainty.

I. Background of Web Design

“We generally review several websites for creative inspiration. We also follow some industry standard guides for layout and best practices for user interface design as well as information architecture. That’s part of our initial brainstorm and creative research. Beyond that, we start to build on our own.”[4]
Professional web designers view their work as a service, rather than a product.[5] As websites increase in complexity, the design process can take days or weeks,[6] and costs run in the thousands of dollars.[7] The web design process usually starts with a web designer asking the client to explain their goals and to identify websites that they like. The designer will then guide the client to determine what specific aspects of those websites the client hopes to see in their own website. The websites used for inspiration may be those of competitors, or they may be from an entirely unrelated field.[8] Designers will pull together elements of multiple sources, without taking too much inspiration from any one website.[9]
“I start with functionality, user flow diagrams, then wireframing, etc.. finally aesthetic design.”[10]
Designers may use various tools in the process because the source code for the visual representation is not very important.[11] The source code behind a website design is only relevant to its visual result, but a designer can achieve the same effects in multiple ways. For example, one designer might write her own software while another might use “WYSIWYG” (what you see is what you get) editing software. The latter, a more visual approach, allows the designer to drag-and-drop items in a graphical user interface (GUI), such as Wix, to alter the web design. Even if working purely in source code, the same effect can be determined by moving settings between HTML and CSS sections. If only the source code mattered, a person would be able to obfuscate a given piece of code to make it look entirely different from copyrighted software.[12] This note discusses the work of professional website designers as opposed to non-professional actors who use free or paid do-it-yourself tools. Such do-it-yourself website builders, such as WordPress, Wix, Twitter Bootstrap, or SquareSpace,[13] offer users some control,[14] but their users have a significantly reduced expectation of innovation and uniqueness. Therefore, the appearance of similar websites does not need protection because it does not advance copyright’s constitutionally stated purpose of “promot[ing] the progress of science and the useful arts.”[15] The clearest method of understanding a designer’s end product is by observation. For example, compare the before and after screenshots of Harvard Law Review’s website, which was redesigned by Upstatement,[16] below.
X
Harvard Law Review website before redesign, archived from January 5, 2014
 
X
Harvard Law Review website after redesign by Upstatement, from March 3, 2015
  The website looks significantly different after its redesign. There is a new color scheme that transitioned from muted, dull colors to bright, jewel tones. The font has changed to be more readable on computer screens, as have heading sizes and placement. Additionally, the visual layout shifted from three columns with a menu in the far right column to two columns of articles with a menu in a horizontal bar, giving readers a smoother browsing experience than the cluttered initial design presented. If the client had a logo, that would probably have been incorporated as well. The overall impression of the website has become more modern, and the colored geometric patterns are more vibrant and inviting than a graphic of business people walking away from the user. Despite the visual differences, many of the important elements of the website remain unchanged: links still lead a user to other pages, such as clicking on an article title to visit a web page with the full article. The important information is still conveyed, such as the source of the website (Harvard Law Review), various recently-published articles and their authors, and a search box for users to find specific articles. For a given website, the web design includes everything that is not content, and does not include content such as the text of blog posts or a client’s images. Web design includes the colors,[17] layout, and navigation[18] decisions that affect a user’s web browsing experience.

II. Web Designers’ Creative Incentives

In the web design community, there are competing incentives to standardize and to differentiate website design. This section explores this tension between standardization and the freedom to create original designs and finds that, ultimately, the two are not polar opposites because they are driven by mismatched purposes.
“I think trends and common practices of popular sites are important considerations to make sure your users are getting a good experience.”[19]
The movement towards standardization is driven by a desire to improve user experiences across multiple websites. As computer screens grew in size and resolution increased, and as Internet bandwidth increased, websites transitioned from displaying only text to incorporating GUIs with menus and images.[20] Users increasingly demand to access websites from computer browsers, tablets, and cell phones. Because websites are increasingly accessed from mobile devices, the reduced screen space has led to smaller icons and collapsible menus to save real estate. As users approach the Internet from devices that have more variation in screen resolution than ever before, it is necessary for websites to adapt their layout and resolution to suit viewers’ devices. The web design community now incorporates “responsive web design,” a term coined to refer to websites that translate flexibly between various layouts and image sizes, as the screen size permits.[21] There is societal benefit to standardization because it allows users to easily navigate new websites,[22] as opposed to the disruption of being confused or having to learn how to navigate each individual website. Users have come to expect such features, so web designers’ clients demand easily understandable navigation, and, in turn, designers are sensitive to this client need.[23]
“Copying parts of websites I think is fairly prevalent, but I don’t really consider copying websites to be a problem. I almost view the ability to do this as a good thing, because it can allow scrappy, resource constrained startups to move faster, and encourage innovation.”[24]
Standardization is also the logical result of building websites more efficiently. In the web design community, it is acceptable to start with pre-made templates. This is because there is a considerable amount of background work required to make a webpage render on a computer screen (such as an HTML framework) before the designer can add value with creative choices. Because those frameworks are often generic across different kinds of websites, there is little reason to spend time regenerating these basic elements. There are even guides online for “stealing” websites;[25] such guides are more often used as tutorials for learning purposes than as work product for paying clients.[26]
“I think if you’re paying a creative agency to produce an original website, that’s exactly what you should get.”[27]
I don’t directly copy from other designers because “it seems wrong and out of fear that it would be noticed within the community… I would be more afraid of embarrassment but would also be worried a little bit about being sued.”[28]
There are strong motivations, external and internal, that drive web designers to be creative within the technological constraints. Clients exert external pressure on designers to adapt websites to the client’s needs. For example, a blog should be navigable by users who want to read posts and also convenient for the client to add content, such as a post that is automatically labeled with its creation time and author. The design choices that would be useful for a blog are unlike those a designer might make for an online shopping website. Instead of arranging content chronologically, as is common on a default view of a blog, retail websites often need to be organized by different categories of goods that are searchable and sortable by different parameters, such as price or popularity. Retail sites need to allow visitors to order items, pay the shop owner, enter shipping information, resolve disputes, and display relevant information and product reviews. The shop owner may also want certain features, such as an automatic update to a product web page if the product is out of stock. Regardless of whether two websites share a color scheme, whether the designer starts with a basic template, or even whether one designer wants to directly copy the appearance of another website, a web design would need to make modifications to adapt the website to the client. These modifications could include posting the client’s shop items or articles, searching the client’s database of items for sale, and sending customer payments to the client.[29] The internal pressures to create a new product are as strong as the external motivations to adapt to client uses. Designers are motivated by the need to maintain gainful employment. As web design has evolved from a product to a service based on open communication between a client and a designer, networking and reputation have become very important to designers in generating new business.[30] Designers take pride in their work and prioritize creating original work from an internal motivation, as opposed to the external threat of legal ramifications. Some designers are upset when their work is copied because they are powerless to prevent another person from taking credit for their hard work.[31] The copyright symbol © derives its weight from reminding web designers about these internal pressures to deter blatant copying, even in the absence of legal backing.

III. Copyright Background

“There’s not enough conversation happening around IP for creative work”[32]
The backdrop to web designers’ motivations, even if not immediately discernable, is copyright. The legal landscape influences both the creative process of web design and how web designers can protect their work once it has been created. This section outlines the basics of copyright law and applies its principles to web design. However, the law is unclear as to whether web design is protectable by copyright, and courts have muddled the issue by adding the possibility of trade dress protection for website design. Remarkably, even though the application of copyright law to web design is muddled, web designers’ views on copying hew closely to copyright theory. This reverberation suggests that incentives within the web design community should influence the perception of how copyright law is applied in this field.

A. Copyright Overview

The Copyright Act protects “original works of authorship fixed in any tangible medium of expression, now known or later developed, from which they can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device…. Works of authorship include … pictorial, graphic, and sculptural works.”[33] A copyright lasts for the author’s life plus an additional seventy years.[34] The original rights holder may be, among others, the author’s employer under the “work for hire” doctrine.[35] The copyright holder’s exclusive rights in the protected work are limited by what is copyrightable and what constitutes unexcused infringement. To qualify for a copyright, there is a low originality requirement that the work possesses “at least some minimal degree of creativity,”[36] and is an expression instead of a mere idea.[37] These constraints incentivize creative expression by preventing copyright holders from making overbroad claims of ownership of undeveloped or underdeveloped ideas. Copyright infringement is the unauthorized copying of a protected work. Proving infringement involves showing misappropriation by two steps: (1) proof of copying, which can be shown circumstantially with proof of access, and (2) a demonstration that the protected and accused works are substantially similar.[38] Even if a work qualifies for a copyright, there is an exception from a finding of infringement for fair use.[39] Four factors determine whether fair use was made of a work: “(1) the purpose and character of the use … (2) the nature of the copyrighted work, (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and (4) the effect of the use upon the potential market for or value of the copyrighted work.”[40] That is to say, if a copyrighted work was used for nonprofit, educational purposes, or if only a small, inessential part of the work was used, then that would be a defense against literal infringement.

B. Copyright Law as Applied to Web Design Is Ambiguous

The Copyright Office has issued some guidance for registering online works in the form of Circular 66, but the document is silent on the question of web design protection.[41] As such, courts have attempted to address the ambiguity. As early as 1997, courts found that the “look and feel” of a website could infringe copyright.[42] However, because copyright infringement is a fact-specific inquiry and few, if any, cases reach even summary judgment stages, there have been no conclusive answers. It is important to recognize that copyright of a website could possibly apply to (1) the visual website, (2) the underlying source code, and (3) the client’s content that is on that website.[43] This note is primarily interested with the first of these points: the design of the website. As discussed above, protection of the underlying source code is too easy to circumvent,[44] and it is fairly undisputed that a client’s content, such as original text or images, would be protected.[45] Although cases addressing the latter issues are not the focus of this paper, precedent on the topics illuminates the applicability of copyright to web design.
1. Hurdles to Proving Copyrightability
In Apple Computer v. Microsoft,[46] the Ninth Circuit evaluated Microsoft’s use of GUI elements of which Apple claimed Microsoft infringed the “look and feel.” The Court held that “works cannot be substantially similar where analytic dissection demonstrates that similarities in expression are either authorized, or arise from the use of common ideas or their logical extensions.”[47] The question of whether web design can be a copyrightable subject matter is still unanswered. In BlueNile v. Ice.com,[48] one online diamond retailer sued a competitor for copyright and trade dress infringement of its website. The case is best known for the proposition that the “look and feel” of a website might fall within the scope of trade dress protection. However, for copyright purposes, it is significant that the court found that more factual development was required to establish whether the “look and feel” of a website was within the subject matter of copyright, because it implies that a web design could also be protected by copyright.[49] Thus, it is important to first determine which parts of a web design might not be protectable, and to remove those elements from a copyright analysis. There are several hurdles to proving copyrightability that remain open questions: how to plead, whether a web design is “original,” whether navigation-related design elements are protectable, and whether web design is separable from its useful articles. A 2010 case, Salt Optics, Inc. v. Jand, Inc.,[50] was brought on copyright and trade dress claims, but the copyright claims were dismissed because they were overbroad. The court stated that the “[p]laintiff needs to delineate more clearly which facts it alleges in support of its trade dress claim and which facts it alleges in support of its copyright claim.”[51] This suggests that potential “look and feel” plaintiffs should be careful to delineate which website elements they seek to protect through copyright versus through trade dress, because the claims are not identical. However, courts tend to avoid applying the Lanham Act in a way that would conflict with the Copyright Act, so these two sets of claims are not mutually exclusive and could both be infringed by a given website.[52] It is unclear whether those statements conflict with Conference Archives, Inc. v. Sound Images, Inc., a case from the same year, in which the Court found that “look and feel” of the web site does not receive protection under the Copyright Act but “individual elements of the … web site may receive copyright protection.”[53] The year after Apple Computer v. Microsoft, the First Circuit decided Lotus v. Borland and explicitly stated that navigation menus were not protectable under copyright because they were methods of operation.[54] Twenty years later, this seems directly applicable to the navigation a designer may create for a website. However, even though a navigation bar may seem more akin to an idea than an expression of that idea, designers have more freedom than computer programmers of earlier computers. This is because a particular interpretation may no longer be the only way to express a user’s options and therefore it may have fallen back into protectable scope. Early plaintiffs claiming website copyright infringement have struggled with the originality requirement. In Crown Awards, Inc. v. Trophy Depot,[55] a district court found that the simple structure of a webpage failed to meet the copyright originality standard. A trophy sales company used a three-frame design, a small picture of the catalogue on the upper-right side, and certain promotional language on its website. The company alleged appropriation of those design elements by a competitor that had made similar modifications to their website within just six hours of plaintiff’s website update. Despite the suspicious circumstances, the court found that the plaintiff could not demonstrate a substantial likelihood of success on the merits in its copyright action because the design elements in the main page of its website were insufficient to create an original compilation of elements as required.[56] It is particularly startling that the plaintiff failed to earn a preliminary injunction given the circumstantial evidence that the competitor was merely copying from the plaintiff, as opposed to reaching a similar layout organically.[57] More recent plaintiffs continue to struggle with the originality requirement. In 2010, the decision in Conference Archives, Inc. v. Sound Images, Inc. indicated that proving the originality of the look and feel of a website could be difficult, as Internet pages often present information in a straightforward or simplistic way. Such websites “may lack highly creative, visual graphics and, instead, contain mostly functional elements used for navigating through the information on the site.”[58] They often just “arrange facts or information” and may lack the “originality required for copyright protection.”[59] However, this decision did not indicate where the dividing line lies between “simplistic” and protectable websites. In Conference Archives, the court also pointed to the potential problem of functionality with respect to websites.[60] In trade dress, an element or feature is considered functional if it is “essential to the use or purpose of the product” or if it affects the cost or quality of the product;[61] therefore, a web design would not be functional if it could be expressed in alternate ways.[62] In the context of trade dress, the court pointed out that website design can in fact serve useful functions, such as providing branding or facilitating use of the website (for example, the process of making online purchases). In this way, trade dress ties back into copyright’s useful article doctrine,[63] which is evaluated under the conceptual severability test.[64] As applied to web designs, this doctrine would require that any design decision not purely dictated by function should be protectable. Given that modern websites have a significant amount of design freedom, having come a long way since a three-column layout could be considered special, this should cover any work that a designer performs. Although the number of alternatives is concededly not infinite and the process of web design is not arbitrary, each website does not have only one possible configuration, even under “industry standards.” The clearest way to conceptualize the higher-level non-functionality of web design is through the understanding that a web designer’s career is built by presenting the same information in a new way. For example, changing a website that updates news stories in a list chronologically to an “infinite scrolling” version, modifying the color scheme, and adding a large image to accompany each article.[65] The underlying content presented has not changed, but the “look and feel” has been altered. Instead, the functionality doctrine would only exclude those industry-standard features, such as the idea of using buttons and hyperlinks in organization and navigation, which would allow anticompetitive effects if a party could exclude others from use. Being able to present the same content in a different way demonstrates that a website’s features are not purely functional.
2. Hurdles to Proving Infringement
If a plaintiff could prove that she had a copyright in a protectable work, proving infringement would collapse into a fact-intensive inquiry for substantial similarity. The first step in analyzing copyright infringement, proving actual copying, is usually difficult. Plaintiffs may show it circumstantially, pointing to a defendant’s access to a plaintiff’s website, and then pointing to the probative similarity between the two websites to imply that only copying could lead to the convergence of appearance. The access is easy to show in a website infringement case because both parties necessarily have Internet access if they have created similar websites that the public can visit.[66] Proving similarity for the first step is similar to the second step of proving substantial similarity for the purposes of establishing misappropriation by the defendant. As Blue Nile, supra, established, analyzing the copyright infringement of nonliteral elements is a very fact-intensive inquiry.[67] In the computer software case Computer Assocs. Int’l, Inc. v. Altai,[68] the Second Circuit adopted a three-step Abstraction–Filtration–Comparison procedure to evaluate substantial similarity between computer programs, “draw[ing] on such familiar copyright doctrines as merger, scenes a faire, and public domain.”[69] This decision extends nicely to websites because both computer programs and website design involve “nonliteral elements,” which refer to a work’s organization beyond its creative scope. Websites and computer programs are both run on computers, and the similarities continue because both require significant amounts of code or other background information in order to run effectively. One difference is that a program is purely source code, but as already demonstrated, web design is not equivalent to source code. As such, web designs may not need application of the abstraction step because the visual representation has achieved that step. In both computer programing and website design, the elements essential to functioning would not be protectable by copyright, and this protection should not extend to stock elements, either. The most important step will be systematically filtering out non-protected elements before comparing the two web designs for substantial similarities. For websites, the three categories set out in Altai hold up remarkably well: elements made for efficiency alludes to the elements that fail under the idea-expression distinction, elements dictated by external factors would include industry standard techniques (perhaps such as using responsive design), and design elements taken from the public domain would include the use of known navigation organization and layouts. Any of these non-protected elements are thrown out, and the remaining elements are compared with the allegedly infringing program’s elements to determine substantial similarity. The application of this process is supported by the court in Conference Archives, which pointed out that under the merger doctrine, if “there are only a few alternatives available for creating the design of a Web site, such that the idea merges with the expression, copyright protection will not be extended to that expression.”[70]

C. Designers’ Views on Copying Align with the Copyright Infringement Standard

“Designers in particular are very sensitive to copying. There’s always a tweet/blog post/blowup from someone in the designer community feeling like another person took their ideas. Sometimes it’s blatant but a lot of times there’s just common patterns that people use (headers stuck to the top of the screen, etc.).”[71]
The fact that the views of professional website designers on offensive design copying closely parallel ideas under copyright law supports applying copyrights to the industry. Several designers have alluded to the ideas underlying the merger doctrine and scènes à faire in relation to their work, pointing out that common layouts or ideas, such as headings located at the top of a screen, could be freely copied.[72]
“Too close would be a direct copy of the site’s layout and design, perhaps with a couple style changes or color changes. That being said, there’s nothing new under the sun. There are standard layouts for website design, so there’s going to be some overlap out there, no matter how original your intention is.”[73]
Because designers regularly take inspiration from collections of other websites, and there are common trends in the industry (such as the adoption of responsive web design), there has evolved an implicit code of ethics, in which copying of elements is permissible, but only in moderation. This closely echoes the distinction between “close copying” and trends that are found in academic papers analyzing copying in the fashion industry.[74] Web design and clothing design share elements that make them uniquely similar: the fast rate of innovation within the industry is coupled with, and harnessed by, the necessity for designs to coalesce. In fashion, that effect might look like a trend emerging through differentiation and flocking, which signals purchasers to buy trending clothing.[75] In website design, this leads to standardization, such as how three stacked horizontal bars represent “menu,” which saves space on small screens,[76] but which would not be obvious to a first-time user unless they had experience in other websites or applications that used the convention. Unlike fashion, web design trends change more slowly and tend to persist until they are disrupted (such as by a shift in technology to variable sized screen). Unlike clothing, websites may fall farther from the ”useful articles” that are unprotected by copyright, thus website designs should have the possibility of copyright protection. Overlapping theories of copyright protection may justify the law’s support for industry norms. The utilitarian function of copyright, to “promote the progress of the sciences and useful arts,”[77] may seem to be achievable even without copyright protection because the internal and external motivations for making creative web designs are present even when a designer does not have the reward of the power to exclude others from copying their design. However, even in the absence of legal ownership (such as when a work is made for hire), designers still feel ownership in their work. They view their creations as part of their identity, something they labored on, and as a personhood interest in the reputation attached to the finished design as they send it into the public. This may be why web designers are so sensitive to copying.[78] By amplifying the moral-rights perspective of intellectual property protection and incorporating the norms of the web design community, the law would better emulate criminal law and deter undesirable conduct, such as blatant copying of website designs.[79]
“I have no idea what trade dress protection is… I would guess that it sounds related to trademark protection, and therefore might apply to certain things you put on a website but not generally to how you design the website.”[80]
As an aside, trade dress protection may not be the panacea that some hope can protect website design. The Lanham Act extends protection to trade dress, and therefore, like trademark, excludes elements that are functional or descriptive and lacking source identification.[81] Trade dress is essentially the “total image and overall appearance” of a business or product.[82] It may include features such as the “size, shape, color or color combinations, texture, graphics, or even particular sales techniques.”[83] This sounds like it applies well to a website design, in which design elements combine to produce a (hopefully) cohesive user experience; however, it fails to alert designers, is unneeded to protect consumers, and is vague enough to be overbroad. Designers are not aware of this doctrine or that it could potentially apply to their work,[84] negating any deterrent effect. Because trade dress seeks to protect consumers, an unambiguously stolen design applied to a website with unrelated or dissimilar content probably would not confuse users, and therefore the work would not be protected by trade dress. Finally, “mere cataloguing of a website’s features is not sufficient to describe protectable trade dress.”[85] What remains is likely to be a navigable modern website with some general style that is probably common among many modern websites. This template of sorts should not be removed from web designers’ arsenals because it would significantly inhibit the possible designs web pages could take, which is contrary to the goals of trade dress. Because of the shortcomings of trade dress protection, it is natural for copyright to be the primary intellectual property regime to protect and reinforce industry norms.

IV. Scenarios of Potential Web Design Copyright Infringement

Previous articles on the topic of copyright protection for website design have focused on finding the best fitting intellectual property regime to protect the “look and feel” of a website, paying special attention to trade dress following the Blue Nile decision.[86] In doing so, there has not been enough attention paid to the realities of the website design process. There are several factual situations which may lead to an accusation of website design infringement: first, and most frequent, are disputes arising from nonpayment of the designer’s fees. Next, competitors or imitators may strategically copy websites. Last, there is the catchall situation in which websites may be copied for non-competitive reasons. These scenarios are treated differently by the industry, and so they should not be considered as a cohesive unit.

A. Designer-Client Disputes

“Most people in my field do not go after other artists but after corporations who use their work without paying them.”[87]
Copyright raises ownership and work-for-hire questions,[88] which largely depend on the express or implied design contract. In most web design contracts, the intellectual property rights are transferred to the client only after the designer has been paid in full.[89] In a typical case, such as Smith v. Mikki More, LLC,[90] a designer might bring several claims against a corporate client who failed to pay a design fee, including claims of copyright infringement, breach of contract, unjust enrichment, and quantum meruit. The court held that the designs for a line of hair care products and corresponding website were not works made for hire because the designer was largely independent of the client and not treated like an employee. Thus, the client was not considered the author of the website and did not own the copyright. Because the client did not hold the copyright, the designer did have standing to sue for infringing uses. The court found that even if there were an implied license for the client to use the designs, that license was revoked when the web designer was not paid in full for his work, no later than when the designer filed a complaint against his client asserting a claim for copyright infringement.[91] Cases like Smith v. Mikki More are the simplest to analyze: as long as the design had at least a modicum of creativity, it would be copyrightable material. Because companies rarely staff web designers as employees, the designer is almost always an independent contractor.[92] Thus, if the client does not pay the designer, then the ownership and authorship of the copyright remains vested in the designer.[93] The designer then would have a relatively easy time proving copyright infringement because the client had access to the designer’s work as part of the relationship before it broke down, and the client usually continues to use the identical web design even after refusing to pay the designer. Thus, while copyright could protect web design, it may not be necessary given this context. Copyright protection in these situations would bolster the ability of a designer in seeking payment owed to him or her from a client, but they are likely to have other legal avenues, such as suing for breach of contract. Designers also have practical methods of ensuring payment, such as retaining control of the website at issue until the client pays in full.

B. Copying by the Client’s Competitors

The vast majority of web design cases are brought on multiple grounds, with IP protection such as copyright, trademark, and trade dress generally used to bolster allegations of fraud,[94] unfair competition, violation of nondisclosure agreements,[95] cybersquatting, and states’ Uniform Deceptive Trade Practices Act.[96] Copyright of web design (as opposed to copyright in images of products, for example) should be minimized in these situations because the right to exclude is being wielded against competitors instead of promoting copyright’s goal of encouraging innovation.
1. Copying by Competitors
In the context of competitor’s websites, copyright protection may be less appropriate than a trade dress regime. Blue Nile supported the idea of trade dress protection for the “look and feel” of websites. In that case, a portion of Blue Nile’s jewelry website allowed consumers to search for diamonds based on the cost, quality, and size of the stones. Blue Nile wanted to use copyright to prevent their competitor from providing customers with the good user experience that Blue Nile was offering on their website. There, it was understandable why the court was amenable to a trade dress claim: Blue Nile’s claim was principally directed at the consumer experience rather than towards copyright’s constitutional objective of incentivizing innovation. Often, as in Crown Awards,[97] competitors may have innocent reasons for the convergence of their website designs, such as the fulfilling the same underlying functional objectives. In Blue Nile, the diamond search pages described are largely functional; if the case had progressed to the merits, the concept of searching for diamonds online may have been found not protectable by copyright for that reason. In competitor cases, the plaintiff will have recourse to multiple causes of actions in addition to copyright infringement, such as claims of trade dress infringement under Lanham Act, violation of various consumer protection acts, unfair competition, and unjust enrichment.[98] The competitor scenario should not affect the evaluation of the copyrightability of web designs because copyright is likely to be neutralized by functionality.
2. Copying in Bad Faith: Counterfeiters and Phishers
There is a special subset of competitor websites that are created in bad faith. There are at least two types: the websites that are selling counterfeit goods, and phishing websites. An example of a plaintiff in the anti-counterfeiting space is Coach, a luxury fashion company specializing in leather and handbags, which has been aggressively pursuing counterfeiters in court since at least 2009. As part of Coach’s anti-counterfeiting program, “Operation Turnlock,” they have been seizing and taking down domain names selling counterfeit goods. Once Coach possesses the domain, it posts an image notifying potential users that the website was shut down for selling counterfeit merchandise.[99] The websites have not been substantially similar to Coach’s official website; rather, counterfeiters intended to lure consumers with low prices.[100] Notably, Coach did not bring trade dress or copyright infringement claims against owners of the websites, even when the counterfeit websites displayed images of the bags. The decision by Coach not to bring copyright claims is indicative that companies battling counterfeit websites would probably not bring copyright claims based on website design. The entire webpage of one former counterfeiter now consists entirely of the following image:[101]
X
Though copyrightability of web design might be neutral for websites selling counterfeit items, it could be very useful in combating phishing scams. Phishing scammers closely emulate the emails and websites of reliable businesses in order to trick users into divulging passwords, which the scammers use to access their victims’ bank accounts or other important personal information.[102] Because the malfeasors intentionally reproduce the look and feel of a website, banks and other hosts whose users fall victim may have good standing to bring trade dress and copyright cases for the use of their web designs. However, these incidents involve intentional violation of identity theft and fraud laws, which carry severe penalties,[103] so there is little reason to believe that the threat of copyright infringement would effectively deter scammers.

C. “Pure” Design Copying

Sometimes, a website design will be copied without any regard for the website’s content, such as the design complained about in the following images.[104]
X
  Without copyright protection for web design, website owners have no legal recourse if a design is copied by a non-competitor with whom they do not have a relationship.[105] This could manifest as a copying of website design elements, or as a second web designer posting images of another designer’s work as their own in a portfolio.[106] This is the scenario that should receive copyright protection because it would protect the work of the original designer, and the deterrent effect created by the threat of copyright infringement lawsuits may incentivize the second web designer to be more creative. Specific instances of copying are likely to be fact-intensive inquiries.[107] However, the indefiniteness of “how close is too close?” is dwarfed by the question of whether or not clarity on the protectability of web design would have a significant effect.
1. Copyright Ownership by Non-Designers Misaligns the Incentive to Enforce
Enforcement of infringement largely depends on ownership.[108] Although a designer may feel upset if a website has been duplicated or closely copied, they may have no right to pursue a copyright claim in court if the client owns the rights to the website. This situation is inversely related to the ownership question raised by designer-client disputes. The dichotomy that splits creativity from ownership exacerbates the disincentive to protect the work. In the absence of an effect on competition, only designers are likely to be upset by close copying of the design, but once ownership is transferred, they will not have the requisite standing to bring an action against the offending website’s owner. Even if the designer was upset or angered by seeing her copied web design on another website, it is unlikely that she would have standing to litigate against the imitator because the ownership would likely be in the hands of her client. The client, who will own the site after it is paid for, is unlikely to fight to protect the design for several reasons. First, the client is less likely to discover copying because they are not in touch with the design community, as evidenced by their need to hire an outside party to develop their website. Second, even if the client finds that another website copied their design, the client will be more invested in the content that they control, and not the finished product of the website design, so the client will have little incentive to engage in expensive litigation over a design that does not have an effect on their users. In each of the different situations discussed, copyright protection for web design is unnecessary. A designer does not need copyright to extract overdue fees from a client; in competitive situations, parties would likely have other legal recourse that renders copyright excessive and inappropriate. In scenarios not covered by those two situations, the divergence in interests between design creators who see their work used without attribution and the design owners who have standing would probably mean that web design copyright claims will not be pursued.

Conclusion

Professional website designers do not need the protection of copyright law as an incentive to innovate – the need to earn a paycheck, the internal rewards of their work, and the desire to build a good reputation are more than sufficient to motivate them. Designers have relatively little interest beyond client payment and the reputational attraction of future clients. If another website takes inspiration from a website designer’s work, the designer generally feels more flattered than devastated; little or no actual harm has been done, and in fact the imitation serves to reaffirm the wisdom of the designer’s choices.[109] Even if the designer were to be upset, it is unlikely that he or she would have standing to litigate against the imitator, as the ownership usually transfers to the client, who has less of an incentive to engage in expensive litigation over a design.
“I think the © means that we’ve publicly stated that we are the owner of the copyright. So, if we ever went to court, we could point to the web page at the time of theft and say ‘we had publicly declared that we owned this stuff, it was clear, the thief knew.’”[110]
There are other legal avenues to protect a website design, such as laws on topics of contract or unfair competition, so perhaps the question should be whether it is worth bothering with intellectual property protection for web design at all. Sharing elements among different websites allows for faster standardization of navigation, which helps users understand how to use any individual website. It also helps businesses communicate with their consumers, and permits the faster iteration and evolution of design, which is especially important as technology changes. Limiting copyright protection for website designs is in the interest of most website owners, designers, and users because it permits and encourages borrowing of elements without necessarily condoning close copying.[111] Perhaps the optimal solution, which balances the freedom to take inspiration and the desire to protect creative website design, lies in the © symbol itself, which derives significance not in legal strength, but rather in the cultural expectations of the web design community. In the absence of viable legal alternatives, the © works in a notice and deterrent role. The insignificance of the legal function of the © at the bottom websites is demonstrated by its failure to channel more parties to court when conflicts occur. This notice is a signal that self-respecting designers taking inspiration from a given site should not copy directly. For direct competitors, it is likely that a company established to sell counterfeit goods will have to hire a web designer to create their online presence, and the notice served by the legitimate website, combined with the difficulty in synchronizing the competitor’s preexisting content to a newly duplicated website, may deter designers from copying or make it more expensive for the counterfeiter to hire such a designer. Ultimately, the notice function served by marking a page as copyrighted shows an investment in the website that could deter potential copiers more effectively than an invisible trade dress protection could, despite the potentially greater legal strength of trade dress compared to copyright protection.
* J.D. Candidate, New York University School of Law, 2016; B.S.E. Electrical Engineering, Princeton University, 2011. The author thanks Professor Jeanne Fromer, NYU JIPEL Senior Notes Editor 2014-2015 Lin Weeks, and the 2015-2016 Editorial Board of the NYU Journal of Intellectual Property & Entertainment Law for their for their help throughout the editing process. Special thanks to web designers Jared Novack, John Kelleher, Michael Raybman, Dan Croak, Harriet Donnelly, Melinda Beck, and Jessica Watson for speaking about their views on the web design process and intellectual property protection.
[1] E-mail from Michael Raybman, Founder, Reactor Media (Mar. 9, 2015) (on file with author).
[2] All web designers interviewed in preparation of this note did so in their personal capacity. For illustrative samples of their design, see their websites: Melinda Beck of melindabeck.com, Dan Croak of thoughtbot.com, Harriet Donnelly of e5marketing.com, John Kelleher of openbay.com, Jared Novack of Upstatement.com, Michael Raybman of Reactor Media, and Jessica Watson of http://jwatsoncreative.com.
[3] E.g., Robert Mening, Website Setup, http://websitesetup.org/ (last visited Oct. 26, 2015) (the website says that anyone can design a website, “I wrote this guide to help anyone – from bloggers to business owners – make their own website without having to learn code.” but it relies on WordPress).
[4] E-mail from Jessica Watson, CEO/Creative Director, JWatsonCreative (Mar. 6, 2015) (on file with author).
[5] E.g., Ilya Posin, How Much Does a Website Cost?, Forbes (Aug. 7, 2013, 10:18 AM), http://www.forbes.com/sites/ilyapozin/2013/08/07/how-much-does-a-website-cost.
[6] E.g., Heidi Cool, On Average, How Much Time Does It Take for a Designer to Build a Professional Website?, Quora.com (Aug. 13, 2013), http://www.quora.com/On-average-how-much-time-does-it-take-for-a-designer-to-build-a-professional-website.
[7] See Richard Parr, How Much Does a Small Business Website Cost in 2014?, Executionists, http://www.executionists.com/blog/cost-to-build-websites-2014/; Posin, supra note 5.
[8] See Hora Loranger, Redesigning Your Website? Don’t Ditch Your Old Design So Soon, Nelson Norman Group (Dec. 07, 2014), http://www.nngroup.com/articles/redesign-competitive-testing/.
[9] E-mail from Jessica Watson, CEO/Creative Director, JWatsonCreative (Mar. 6, 2015) (on file with author).
[10] E-mail from Michael Raybman, Founder, Reactor Media (Mar. 9, 2015) (on file with author).
[12] E-mail from John Kelleher, Web Developer, Openbay (Feb. 22, 2015) (on file with author).
[13] Some builders offer more customization than others, such as WordPress, which is open source. See, e.g., Jeremy Wong, Wix vs WordPress – Our Detailed Comparison, Website Builder Expert (Oct. 2, 2015), http://www.websitebuilderexpert.com/wix-vs-wordpress/.
[14] While not the subject of this note, these services may provide an interesting jumping-off point and case study for a discussion of open sourced software and rights ownership.
[15] U.S. Const. art. I, § 8, cl. 8.
[16] For more discussion about redesigning Harvard Law Review’s website, see Responsive Redesign: Harvard Law Review, Upstatement, http://upstatement.com/portfolio/harvard-law-review/.
[17] Color carries distinctiveness, for example Phil Edwards, How Well Do You Know the Internet’s Most Famous Colors?, Vox (Feb. 10, 2015, 3:20 PM), http://www.vox.com/2015/2/10/8014365/internet-colors-brands-test, and meaning, for example Andy Cowles, And It Was All Yellow: What the Design of Vox and BuzzFeed Tells Us About Trusting Content, TheMediaBriefing (May 27, 2014, 12:30 PM), http://www.themediabriefing.com/article/cowles-vox-buzzfeed-trust-yellow. And courts have recognized that color could be an important tool in determining whether a website was copied. Conference Archives, Inc. v. Sound Images, Inc., No. CIV. 3:2006-76, 2010 WL 1626072, at *5 (W.D. Pa. Mar. 31, 2010) (“While some colors are more common than others, if two products utilize the same exact hex triplet, there is a likelihood that the color was copied”) .
[18] See generally Web Navigation, Wikipedia (Oct. 13, 2015, 7:15 AM), https://en.wikipedia.org/wiki/Web_navigation.
[19] E-mail from John Kelleher, Web Developer, Openbay (Feb. 22, 2015) (on file with author).
[20] See History of the Internet, Techopedia, https://www.techopedia.com/6/27861/internet/history-of-the-internet/8 (describing Mosaic browser).
[21] Ethan Marcotte, Responsive Web Design, A List Apart (May 25, 2010), http://alistapart.com/article/responsive-web-design.
[22] See, e.g., Conference Archives, Inc. v. Sound Images, Inc., No. CIV. 3:2006-76, 2010 WL 1626072, at *21 (“[The “look and feel” of a website] offers a familiar interface, with recognizable elements. Similar colors, sizes, and layouts make navigation and interaction facile.”).
[23] That being said, there is some criticism of how “boring” web design has become. See, e.g., Owen Williams, Web Design Is Now Completely Boring, The Next Web (Sept. 23, 2015, 3:15 PM), http://thenextweb.com/opinion/2015/09/23/zzzzzz/.
[24] E-mail from John Kelleher, Web Developer, Openbay (Feb. 22, 2015) (on file with author).
[25] E.g., Ilan Patao, Tutorial – How to Copy / Duplicate Web Sites, YouTube (May 19, 2008), https://www.youtube.com/watch?v=cue_uZWNfUY (note that the video is labeled “Category: Educational”).
[26] E.g., Mike Locke, Copying vs. Stealing in Web Design, YouTube (May 5, 2011), https://www.youtube.com/watch?v=kKxtD2tWqDk (note in the video, the emphasis on taking the image directly).
[27] E-mail from Jessica Watson, CEO/Creative Director, JWatsonCreative (Mar. 6, 2015) (on file with author).
[28] E-mail from John Kelleher, Web Developer, Openbay (May 17, 2015) (on file with author).
[29] Telephone Interview with Harriet L. Donnelly, Principal, e5 Marketing (Feb. 20, 2015).
[30] Id.
[31] See generally id.; Telephone Interview with Jared Novack, Partner, Upstatement (Feb. 4, 2015); E-mail from Michael Raybman, Founder, Reactor Media (Mar. 9, 2015) (on file with author); E-mail from Jessica Watson, CEO/Creative Director, JWatsonCreative (Mar. 6, 2015) (on file with author).
[32] E-mail from Jessica Watson, CEO/Creative Director, JWatsonCreative (Mar. 6, 2015) (on file with author).
[33] 17 U.S.C. § 102(a).
[34] Assuming that all relevant websites will have been created on or after January 1, 1978, see 17 U.S.C. § 302 . In the fast-paced Internet era, this seems like an extremely long period of exclusivity and protection, but that may not be too offensive if the protection is very narrow.
[35] 17 U.S.C. § 201(b).
[36] Feist Publications Inc. v. Rural Tel. Serv. Co., Inc., 499 U.S. 340, 345 (1991).
[37] 17 U.S.C. § 102(b) (codifying Baker v. Selden, 101 U.S. 99 (1879)); see also Mazer v. Stein, 347 U.S. 201, 217 (1954).
[38] Although the exact mechanics of determining copyright infringement require a nuanced analysis, this general two-step approach has been accepted by a majority of circuits. See, e.g., Arnstein v. Porter, 154 F.2d 464 (2d Cir. 1946); Selle v. Gibb, 741 F.2d 896 (7th Cir. 1984); Swirsky v. Carey, 376 F.3d 941 (9th Cir. 2004).
[39] 17 U.S.C. § 107.
[40] Id.
[41] United States Copyright Office, Circular No. 66, Copyright Registration for Online Works (2012), http://copyright.gov/circs/circ66.pdf.
[42] ConsulNet Computing, Inc. v. Moore, No. CIV.A. 04-3485, 2007 WL 2702446, at *7 (E.D. Pa. Sept. 12, 2007).
[43] This note assumes that professional web designers are not taking copyrighted images or other content without permission.
[44] In a trademark infringement analysis, a court pointed out that “whether defendants (and plaintiff) utilized code available in the public domain or not in creating their website does not affect the fundamental similarities between the two websites, which is the relevant criterion in a likelihood of confusion analysis.” Athleta, Inc. v. Pitbull Clothing Co., No. CV 12-10499-CAS FMOX, 2013 WL 142877, at *7 (C.D. Cal. Jan. 7, 2013). This analysis should easily extend to the proposition that source code is not dispositive in the analysis of web design when analyzing the “look and feel” of two web sites.
[45] See 17 USC § 102.
[46] Apple Computer v. Microsoft Corp., 35 F.3d 1435 (9th Cir. 1994).
[47] Id. at 1439.
[48] Blue Nile, Inc. v. Ice.com, Inc., 478 F. Supp. 2d 1240 (W.D. Wash. 2007).
[49] Id. at 1245.
[50] Salt Optics, Inc. v. Jand, Inc., No. SACV 10-0828 DOC (RNBx), 2010 WL 4961702 (C.D. Cal. Nov. 19, 2010).
[51] “The copyright registrations alleged by Plaintiff are broad, referring to all ‘text(s), photograph(s), selection, arrangement and compilation’ of the Salt Website and all rights related to the Salt Catalogs. Plaintiff makes no attempt to identify which portions of the website or catalog it accuses Defendants of infringing. . . . Plaintiff needs to delineate more clearly which facts it alleges in support of its trade dress claim and which facts it alleges in support of its copyright claim.” Id. at *6.
[52] Id. at *7.
[53] Conference Archives, Inc. v. Sound Images, Inc., Civil No. 3:2006–76, 2010 WL 1626072 (W.D. Pa. Mar. 31, 2010).
[54] Lotus v. Borland, 49 F.3d 807 (1st Cir. 1995).
[55] Crown Awards, Inc. v. Trophy Depot, No. 2:03-CV-02448-DRH, 2003 WL 22208409 (E.D.N.Y. Sept. 3, 2003).
[56] Id.
[57] Note that some authors claim that this case stands for the proposition that some courts have required a “virtually identical” standard for copied websites because the knockoff website avoided a finding of infringement entirely by slightly changing the color scheme and adding some text. See Kevin D. Hughes & David E. Rosen, The Marketplace, More than the Courthouse, May Determine the Ultimate Winner in Web Site Infringement Battles, L.A. Lawyer, June 2010 at 40, 40, available at http://www.lacba.org/Files/LAL/Vol33No4/2716.pdf. This is not accurate because the case failed on originality grounds before the two websites could be compared. The idea that merely changing colors could avoid copyright infringement is inconsistent with the view of website designer Jessica Watson, who opined in her interview that just changing some colors would still constitute “too close” a copying of a website.
[58] Before commenting on the court’s findings, it is interesting to note that the approach to “look and feel” of a website design was well explained and creatively bifurcated: “A web site is conceptually different from traditional print media. It is useful to visualize a web site user interface not as a static presentation, but rather as a series of overlapping layers aimed at accomplishing specific tasks. At the most concrete level is the ‘visual design,’ which is the graphic treatment or interface elements. This layer represents the ‘look’ in the ‘look and feel.’ Below the ‘visual design’ is the ‘interface design,’ which facilitates user interaction with functionality. The information in this layer facilitates the user’s understanding and interaction with the page. This would represent the ‘feel’ in the ‘look and feel.’ The ‘feel’ corresponds to certain dynamic navigation elements, including buttons, boxes, menus, and hyperlinks. These intangible and interactive elements contribute to the feel. The feel can also consist of the ‘information design of a web site, including the … location of common elements such as navigation elements.’ According to this model, the two critical layers to consider when defining the ‘look and feel’ are the ‘visual design’ and the ‘interface design.’ These two elements combined ‘encompass not only static elements such as particular photos, colors, borders or frames, but also interactive elements and the overall mood, style or impression of the site.’ Conference Archives, Inc. v. Sound Images, Inc., Civil No. 3:2006–76, 2010 WL 1626072, at *14 (W.D. Pa. Mar. 31, 2010)(internal citations omitted).
[59] Id. at *13.
[60] Id. at *17.
[61] TrafFix Devices, Inc. v. Marketing Displays, Inc., 532 U.S. 23 (2001)
[62] Lisa M. Byerly, Look and Feel Protection of Web Site User Interfaces: Copyright or Trade Dress?, 14 Santa Clara Computer & High Tech. L.J. 221, 260 (1998).
[63] 17 U.S.C. § 101, “the design of a useful article, as defined in this section, shall be considered a pictorial, graphic, or sculptural work only if, and only to the extent that, such design incorporates pictorial, graphic, or sculptural features that can be identified separately from, and are capable of existing independently of, the utilitarian aspects of the article.”
[64] The conceptual severability test is set out in Brandir: “if design elements reflect a merger of aesthetic and functional considerations, the artistic aspects of a work cannot be said to be conceptually separable from the utilitarian elements. Conversely, where design elements can be identified as reflecting the designer’s artistic judgment exercised independently of functional influences, conceptual separability exists.” Brandir Int’l, Inc. v. Cascade Pac. Lumber Co., 834 F.2d 1142, 1145 (2d Cir. 1987).
[65] This was a hypothetical, but plenty of real examples exist online. See, e.g., Sana Bakshi, Before & After: 6 Beautiful Website Redesigns [SlideShare], HubSpot, (Jan. 29, 2014, 11:00 AM), http://blog.hubspot.com/marketing/best-website-redesigns-list.
[66] Gary Franklin & Kevin Henry, Protecting Your Company’s Website: The Application of Intellectual Property to the Digital Marketplace, 37 Vt. B.J. 26 (2012).
[67] Blue Nile, Inc. v. Ice.com, Inc., 478 F. Supp. 2d 1240, 1245 (W.D. Wash. 2007).
[68] Computer Assocs. Int’l, Inc. v. Altai, 982 F.2d 693 (2d Cir. 1992).
[69] Id. at 706.
[70] Conference Archives, Inc. v. Sound Images, Inc., Civ. No. 3:2006-76, 2010 WL 1626072 (W.D. Pa. Mar. 31, 2010).
[71] E-mail from Dan Croak, Chief Marketing Officer, Thoughtbot (Feb. 23, 2015) (on file with author).
[72] E.g., id.; E-mail from Jessica Watson, CEO/Creative Director, JWatsonCreative (Mar. 6, 2015) (on file with author).
[73] E-mail from Jessica Watson, CEO/Creative Director, JWatsonCreative (Mar. 6, 2015) (on file with author).
[74] See, e.g., C. Scott Hemphill & Jeannie Suk, The Law, Culture, and Economics of Fashion, 61 Stanford L. Rev. 1147 (2009) (discussing whether intellectual property protections should extend to fashion).
[75] Kal Raustiala & Christopher Jon Sprigman, The Piracy Paradox Revisited, 61 Stanford L. Rev. 1201, 1205 (2009) (describing how differentiation and flocking creates trends in fashion).
[76] Antonio, A Brief History of the Hamburger Icon, Placeit (Oct. 29, 2014), http://blog.placeit.net/history-of-the-hamburger-icon/.
[77] U.S. Const. art. I, § 8, cl. 8.
[78] Jeanne Fromer, Expressive Incentives in Intellectual Property, 98 Va. L. Rev. 1745, 1768-69 (2012) (discussing why creators do not like to see their works altered).
[79] Id. at 1783-84.
[80] E-mail from John Kelleher, Web Developer, Openbay (Apr. 3, 2015) (on file with author).
[81] 15 U.S.C. § 1125 (2012).
[82] Two Pesos, Inc. v. Taco Cabana, Inc., 505 U.S. 763, 764 n.1 (1992) (quoting Blue Bell Bio-Medical v. Cin-Bad, Inc., 864 F.2d 1253, 1256 (5th Cir. 1989)).
[83] Id. (quoting John H. Harland Co. v. Clarke Checks, Inc., 711 F.2d 966, 980 (11th Cir. 1983)).
[84] E-mail from John Kelleher, Web Developer, Openbay (Apr. 3, 2015) (on file with author).
[85] Lepton Labs, LLC v. Walker, 55 F. Supp. 3d 1230, 1239 (C.D. Cal. 2014).
[86] See, e.g., Elizabeth Brown, Bridging the Gap: Improving Intellectual Property Protection for the Look and Feel of Websites, 3 N.Y.U. J. Intell. Prop. & Ent. L. 310, 314 (2014); Amber R. Cohen, A Square Peg into a Round Hole: Trade Dress Protection of Websites, the Perspective of the Consumer and the Dilemma for the Courts, 3 U. Mass. L. Rev. (2008); Matt Mikels, Surfing for Protection: Why Websites Should Be Categorically Excluded from Trade Dress Protection, 23 CommLaw Conspectus: J. Comm. L. & Tech. 158 (2014).
[87] E-mail from Melinda Beck, Independent Illustrator, Animator, and Graphic Designer (Mar. 2, 2015) (on file with author).
[88] Franklin & Henry, supra note 66.
[89] There are many web design contract templates available online, some of which differentiate between the client owning the rights at the outset, the designer assigning rights only after payment (in full, as protection), or the client as licensee of the designed site. See, e.g., Grace Smith, 10 Free Contract Templates for Web Designers, Mashable (June 30, 2014), http://mashable.com/2014/06/30/free-contract-templates/.
[90] Smith v. Mikki More, LLC, 59 F. Supp. 3d 595 (S.D.N.Y. 2014).
[91] Id. at 610.
[92] The copyright office has issued Circular 9, available at http://copyright.gov/circs/circ09.pdf, interpreting the Supreme Court’s decision in Community for Creative Non-Violence v. Reid, 490 U.S. 730 (1989), which addressed the definition of “work made for hire. ” The definition depends on 3 factors, influenced by agency law: (1) control by the employer over the work, (2) control by employer over the employee, and (3) the status and conduct of employer. United States Copyright Office, Circular No. 9, Works Made for Hire (2012).
[93] Rinaldo Del Gallo, Who Owns the Web Site?: The Ultimate Question When a Hiring Party Has a Falling-Out with the Web Site Designer, 16 J. Marshall J. Computer & Info. L. 857 (1998).
[94] E.g., Lepton Labs, LLC v. Walker, 55 F. Supp. 3d. 1230 (C.D. Cal. 2014).
[95] E.g., Conference Archives, Inc. v. Sound Images, Inc., No. 3:2006-76, 2010 WL 1626072 (W.D. Pa. Mar. 31, 2010).
[96] E.g., Coach v. The Partnerships and Unincorporated Associations Identified on Schedule “A”, No. 13 C 6618, 2013 WL 5477573 (N.D. Ill. Oct. 1, 2013).
[97] Crown Awards, Inc. v. Trophy Depot, No. 2:03–CV–02448–DRH, 2003 WL 22208409 (E.D.N.Y. Sept. 3, 2003).
[98] Blue Nile, Inc. v. Ice.com, Inc., 478 F. Supp. 2d 1240, 1242 (W.D. Wash. 2007).
[99] For more, see Lindsay Goldwert, Coach Awarded $257 million in Counterfeiting Suit; Coach Can Also Seize 573 Domain Names Linked to Knocking Off the Popular Brand, N.Y. Daily News (Nov. 5, 2012, 2:58 PM), http://www.nydailynews.com/life-style/fashion/coach-awarded-257-million-counterfeiting-suit-article-1.1196902; Shishana Evans, Coach Is Winning the War on Internet Counterfeiting (Seizing Names and Taking Assets), Styleblazer (Nov. 3, 2012), http://styleblazer.com/98032/coach-is-winning-the-war-on-internet-counterfeiting-seizing-names-and-taking-assets/.
[100] See Kurt Bayer, Nigerian Scam Letters Intentionally Unbelievable – Study, N.Z. Herald (June 22, 2012), http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=10814893.
[101] Websites that Coach defeated in Operation Turnlock, such as www.mycheapcoach.com, redirects to http://204.232.149.59/shutdown.htm which display the notification pictured above.
[102] Jennifer Lynch, Identity Theft in Cyberspace: Crime Control Methods and Their Effectiveness in Combating Phishing Attacks, 20 Berkeley Tech. L.J. 259, 259 (2005).
[103] See State Laws Addressing “Phishing”, Nat’l Conference of State Legislatures (Jan. 9, 2015), http://www.ncsl.org/research/telecommunications-and-information-technology/state-phishing-laws.aspx; N.Y. Gen. Bus. Law § 390-b (McKinney 2006).
[104] E.g., Matt Everson, Hey, You Stole My Website Design!, Astuteo (Mar. 18, 2009), https://www.astuteo.com/desktop/articles/stolen-website-design.
[105] As far as intellectual property protection goes, a patent is inapplicable to a given design, which is probably not patented, not useful, and even if it is novel, it is probably obvious. Design patents would likely fail to protect most designs for the same reasons. Trademark would not apply in most cases. Similarly, trade dress may not apply if the websites are unrelated because the website content would differ, so consumers would not be confused. In any event, those intellectual property regimes do not offer notice to a potential infringer at or before the point when infringement is occurring, so they are unlikely to deter copying. In this hypothetical, the websites are unrelated so fraud and unfair competition claims are inapplicable. One academic suggested that website owners might resort to private law remedies instead of IP protection, such as breach of contract for violations of the terms of service found on websites. Brown, supra note 86; Telephone Interview with Jared Novack, Partner, Upstatement (Feb. 4, 2015). For the vast majority of websites, this will be a nonstarter because although there is often a “Terms” link on every page of a website, it is not binding because the mere link fails to serve as legal notice for users unless they are required to perform some affirmative action confirming their assent, which they might only do if required to create an account, for example. (That is, clickwrap is binding but browsewrap isn’t, and the terms are especially not binding if the imitating designer never sees them). See Specht v. Netscape Communications Corp., 306 F.3d 17 (2d Cir. 2002).
[106] Telephone Interview with Jared Novack, Partner, Upstatement (Feb. 4, 2015). However, Jared added that the web design community is fairly tightly knit, so a designer who passed someone else’s work off as his or her own would be caught and publicly reprimanded.
[107] It is not even clear whether the pictured example from Astuteo deserves protection. Although the colors are similar, the second heading is thicker and stacked, with the search bar integrated into the heading, and only one out of three icons looks like it has been copied. Note that specific elements should be analyzed in copyright analysis, as compared to a trade dress analysis which would look at the overall “look and feel.” One can only imagine the headache this would cause judges and juries.
[108] See Del Gallo, supra note note 93.
[109] Telephone Interview with Jared Novack, Partner, Upstatement (Feb. 4, 2015).
[110] E-mail from Dan Croak, Chief Marketing Officer, Thoughtbot (Feb. 23, 2015) (on file with author).
[111] That is not to say that a court should conclusively hold that copyright protection does not apply to web design, because a well-publicized case could negate this notice function.

Using Copyright to Combat Revenge Porn

Using Copyright to Combat Revenge Porn
By Amanda Levendowski* A pdf version of this article may be downloaded here.  
“Revenge is a kind of wild justice, which the more a man’s nature runs to, the more ought law to weed it out.” – Sir Francis Bacon, from Essays Civil and Moral

Introduction

At twenty-five, Hunter Moore started the website IsAnyoneUp, where Moore posted sexually explicit photographs of the young women he met at parties.[1] But after a few months, Moore dramatically changed his business model: he began allowing anyone to submit sexually explicit images to the website.[2] Soon after, IsAnyoneUp hit more than 500 million page views and Moore netted more than $13,000 a month in advertising revenue and hired a lawyer, public relations consultant, server administrator, and two security specialists.[3] By twenty-seven, Moore—the “most hated person on the Internet”[4] —was indicted for identity theft and conspiring to hack into e-mail accounts to obtain nude photographs to feature on his website.[5] IsAnyoneUp featured more than nude images: Moore often included information about the individuals whose images were posted on the site, including full names, social media accounts, and other personal, identifying information.[6] Any person who shares intimate images with a partner is Schrdinger’s victim: according to one survey, one in ten former partners threaten to post sexually explicit images of their exes online and an estimated sixty percent of those follow through.[7] The victims featured on revenge porn websites frequently receive solicitations over social media, lose their jobs, or live in fear that friends, lovers or employers will discover the images.[8] The images hosted by websites like IsAnyoneUp are often referred to as “revenge porn.” Defining revenge porn, however, is difficult – journalists and activists, lawyers and pundits have used the term revenge porn to refer to all manner of non-consensual pornography, including images captured without a victim’s knowledge,[9] images of a victim’s face transposed on a sexually explicit body,[10] hacked images,[11] and images uploaded by jaded ex-lovers.[12] This paper defines revenge porn in terms of its content, not distribution: Revenge porn refers to sexually explicit images that are publicly shared online without the consent of the pictured individual.[13] Victims’ attempts to use harassment, stalking and privacy laws to punish uploaders and remove images are often met with apathy from local police.[14] Additionally, tort law is ill equipped to address the problem of revenge porn. Because websites are afforded a great deal of legal protection under Section 230 of the Communications Decency Act, which protects interactive service providers (“ISPs”) from liability for user-generated content, tort actions against the websites that traffic in revenge porn are unlikely to succeed.[15] To further complicate matters, victims are not looking solely for injunctive relief, civil penalties, or monetary damages, which are the remedies available under tort law. Instead, victims’ primary goal is to have the images removed as quickly as possible, with the tort remedies coming into play as threats for non-compliance with an order to remove the images in question. Of the states with legislation expressly applicable to revenge porn, none provide such a radical remedy.[16] Some activists argue that there are only two possible solutions: amend Section 230 to create liability for ISPs or pass new laws with hefty penalties for revenge porn uploaders and traffickers.[17] However, there is already a federal law that provides all of these remedies: copyright law. Copyright establishes a uniform method for revenge porn victims to remove their images, target websites that refuse to comply with takedown notices and, in some cases, receive monetary damages. A survey of 864 revenge porn victims revealed that more than eighty percent of revenge porn images are “selfies,” meaning that the author and the subject are the same.[18] For this portion of victims, copyright law can be used to combat revenge porn. While not a perfect solution, copyright requires no amendments to Section 230, no reinterpretation of settled doctrine, no abridgment of free speech rights and no new criminal laws.[19] Thus, it is the most efficient and predictable means of protecting victims of revenge porn. In Part I, I examine how Section 230 protects revenge porn traffickers, like IsAnyoneUp, from liability. Part II discusses why harassment, stalking and privacy laws are often inadequate means of fighting revenge porn. In Part III, I explain why existing and proposed legislation presents problems for both victims and free speech. Finally, Part IV outlines why copyright functions as a solution to the revenge porn problem.

I. Legal Protection For Revenge Porn: The Communications Decency Act Section 230

The damage caused by revenge porn is inextricably tied to the nature of the Internet. Once a single, sexually explicit image is posted, the uploader loses control of the image. Victims are often able to identify the original uploader based on whom the original image was shared with,[20] but hiring a lawyer and obtaining an injunction against the uploader does not protect the victim from posted, cached or linked versions of the image on websites.[21] Although uploaders may be subject to tort law for posting the images, Section 230 of the Communications Decency Act (“CDA”) makes it nearly impossible for victims to go after traffickers of revenge porn using the same laws. In the early 1990s, lawyers and young companies were still questioning how to classify online services like message boards and forums, chat rooms and listservs. Were ISPs like digital stores that sold newspapers or like the media companies that published them?[22] If ISPs were more analogous to one than the other, what would that mean for liability? In 1995, the New York Supreme Court answered both questions: ISP Prodigy was more like a publisher because Prodigy exercised some “editorial control” over user-generated content and thus could be held liable for the defamatory statements made by one of its users.[23] To combat the perverse incentive of rewarding ISPs that did not monitor content – and to protect the “vibrant and competitive free market” of the Internet – Congress enacted Section 230,[24] which immunizes ISPs from being held liable for content generated by third parties.[25] ISPs may even engage in some amount of reviewing, editing, withdrawing, postponing or altering content – like Prodigy did, before Section 230 was passed – without sacrificing immunity.[26] The solution to revenge porn is not upsetting the broad protection afforded by Section 230, but rather understanding the limitations that Section 230 places on revenge porn victims’ remedies.

A. Section 230 Shields Revenge Porn Sites From Tort Liability

Although Section 230 broadly protects websites from liability, it does not give ISPs carte blanche to allow any and all content without concern for liability. ISPs are not required to monitor or proactively remove user-generated content, but Section 230 immunity does not extend to violations of child pornography, obscenity,[27] or copyright laws.[28] Similarly, Section 230 immunity does not apply if the ISP is also an “information content provider.”[29] Immunity does not extend to original information or content that an ISP creates or develops. Websites that traffic in revenge porn do not create the content they post – victims or uploaders create the images.[30] When revenge porn websites post user-submitted images, that content is, in the language of Section 230, “information provided by another information content provider.”[31] Because revenge porn websites are not taking on the role of information content providers, Section 230 protection will apply and render nearly any lawsuit against the ISPs for stalking, harassment, defamation, or invasion of privacy dead on arrival. Revenge porn websites may even exercise some discretion over posted images without losing Section 230 protection.[32] In 1997, the Fourth Circuit set the tone for courts’ broad approach to interpreting Section 230.[33] Kenneth Zeran sued America Online (“AOL”) for statements posted by third parties to an AOL bulletin that stated he was selling shirts with tasteless slogans about the Oklahoma City bombings and included his personal telephone number.[34] The court refused to hold AOL held liable as an information service provider, echoing Congress’ findings:
[the] specter of tort liability in an area of such prolific speech would have an obvious chilling effect … Faced with potential liability for each message republished by their services, interactive computer service providers might choose to severely restrict the number and type of messages posted. Congress considered the weight of the speech interests implicated and chose to immunize service providers to avoid any such restrictive effect.[35]
Courts continue to interpret Section 230 to comport with Congress’ policy decision not to chill harmful online speech by immunizing interactive service providers that “serve as intermediaries for other parties’ potentially injurious messages” from tort liability.”[36]

B. Recent Court Decisions Narrowing the Scope of Section 230 Are Anomalous

In Sarah Jones v. Dirty World Entertainment, a Kentucky district court held that Section 230 immunity “may be forfeited if the site owner invites the posting of illegal materials or makes actionable postings itself.”[37] The defendant managed TheDirty.com, a website which invites users to submit images – many of which are sexually explicit – and share gossip about individuals featured on the website. Even though TheDirty.com did not create the images, the court determined that the website could not use Section 230 as a shield against liability because it “invited and accepted postings” that were alleged to be either libelous per se or invasions of the individuals’ right of privacy.”[38] The court ignored the plain text and history of Section 230 when it later asserted that ISPs lost immunity if they “invite invidious postings, elaborate on them with comments of their own, and call upon others to respond in kind.”[39] In nearly identical pending tort claims against TheDirty.com, district courts in Arizona and Missouri declined to hold TheDirty.com and its corporate parent liable for comments on the site.[40] Sarah Jones and the en banc Ninth Circuit decision it relied upon, (Fair Housing Council of San Fernando Valley v. Roomates.com) remain outliers among Section 230 cases.[41] Some advocates have suggested that Section 230 ought to be amended to better protect victims of revenge porn,[42] whereas others have heralded the interpretation adopted by Sarah Jones as a much-needed limitation on Section 230 protection.[43] But as the Ninth Circuit recognized in perhaps the earliest digital revenge porn case, “the language of the statute that defines and enacts the concerns and aims of Congress; a particular concern does not rewrite the language.”[44] Relying on courts to misinterpret Section 230 to create liability for revenge porn websites is a dangerous way to empower victims. By narrowing the protection of Section 230 to target revenge porn websites, courts and advocates are necessarily narrowing the protection afforded to websites that depend on user-generated content, like Wikipedia, Yelp, and WordPress.[45]

II. Existing Tort Law Is Ill Equipped To Handle Revenge Porn

The experiences of victims of revenge porn – living in fear that their identities will be discovered, concerned with repercussions in both their professional and personal lives, and worrying that the images will reappear – are similar to those of victims of harassment, stalking, and invasion of privacy.[46] Despite this similarity, the remedies that accompany the torts of harassment, stalking, and invasion of privacy are unlikely to provide a meaningful remedy for revenge porn victims. Even if victims are successful in bringing a civil lawsuit against the uploader, Section 230 prevents them from going after the websites that continue to distribute their images.

A. Harassment and Stalking

Harassment laws typically require the aggressor to communicate (or cause communication) with the victim in a way that is likely to cause annoyance or alarm.[47] A single communication can constitute harassment.[48] Although revenge porn websites often frame victims’ images with uploaders’ demeaning or humiliating commentary, those comments are not direct communication with victims any more than a Letter to the Editor about Hillary Clinton is conversing with Ms. Clinton herself. To be found guilty of stalking, an aggressor must intentionally engage in a “course of conduct” that is likely to cause fear of some material harm.[49] Nearly all states interpret “course of conduct” to mean that the behavior is repetitive or ongoing.[50] The harm caused by revenge porn, however, is accomplished through the one-off act of uploading a sexually explicit image.[51] An image’s viral spread only mirrors an ongoing act or repetitive actions –any harm that results (such as the fear of losing one’s job or destroying personal relationships) is caused by the Internet’s magnification of a single act, rather than a course of conduct by the website.[52] More than one third of states’ stalking statutes also require the aggressor to make a “credible threat,”[53] which can almost never be shown without direct contact between the aggressor and the victim.[54] The federal cyberstalking statute takes the “credible threat” requirement one step further, criminalizing only communications that contain a “threat to injure the person of another.”[55] Revenge porn websites often employ aggressive, hyper-sexualized language, including frequent references to rape and assault, to discuss featured individuals.[56] However, courts have interpreted what constitutes a “threat to injure” quite narrowly so as not to encroach on the free speech protections afforded by the First Amendment.[57] In United States v. Baker, a federal district court judge dismissed the government’s claim against a man who corresponded via e-mail with an unidentified Internet acquaintance about brutally raping a female classmate because his conversations were shared fantasies that could not “possibly amount to a true threat.”[58]

B. Privacy Torts

The right to privacy is not rigidly defined, and thus may be more capable of responding to changing technology than codified harassment and stalking laws. The “right to privacy” is covered by four privacy torts, which often overlap: false light, misappropriation, invasion of privacy, and public disclosure of private fact.[59] Frequently, one or more of these privacy torts are alleged in the complaints of lawsuits against revenge porn uploaders and websites.[60]
1. False Light
False light requires that the “publicized matter” is false, in the sense that the publicity attributes false beliefs, characteristics, or conduct to the victim.[61] Non-consensual pornography created through digitally manipulated images of victims is entirely false because the victim never posed for the image. Non-consensual pornography obtained through hacking, may be similarly false if the victim never shared the images with anyone else. False light claims present an interesting riddle for victims of revenge porn who both posed for and consented to sharing the images with at least one other person: is revenge porn “false?” The earliest non-consensual pornography lawsuit[62] involved a Hustler Magazine spread featuring sexual photographs that had been stolen and submitted to the magazine.[63] The Fifth Circuit determined that Hustler falsely represented that the subject of the photographs “consented to the submission and publication [of her photographs] in a coarse and sex-centered magazine.”[64] When presented with a nearly identical case two years later, the Sixth Circuit granted summary judgment in favor of Hustler because the victim was unable to show that the magazine acted with actual malice by deciding to publish the images.[65] It is easy to analogize between the “false light” of indicating that a woman consented to pose for Hustler and the “false light” that she consented to appear on a pornographic website. Because revenge porn derives its appeal from being non-consensual and “false,” victims may be able to convince a court that any website trafficking in revenge porn is per se acting with reckless disregard for the images’ truth. Yet, few courts have grappled with how false light operates in the context of non-consensual pornography and each state’s statutes and governing case law regarding revenge porn differ; thus, facts that may protect a victim in California may fail completely in New York. For victims of revenge porn, false light is a capable fix for the few, not the many.
2. Misappropriation
Misappropriation is the appropriation of a person’s name or likeness by another.[66] Despite the exploitative character of revenge porn, misappropriation only applies when the name or likeness has been used to benefit the appropriator, reputationally, socially, or commercially.[67] Revenge porn serves as a way to humiliate victims, rather than to benefit uploaders, which pushes most victims beyond the bounds of misappropriation protection.[68]
3. Invasion of Privacy and Public Disclosure of Private Fact
To prevail under either an invasion of privacy or public disclosure of private fact theory, victims must show a “reasonable expectation of privacy” in the images.[69] Social norms determine whether the same sexually explicit image is perceived as a courtship ritual or as revenge porn. Despite identical content, the context in which the image is shared differs,[70] a phenomenon that privacy theorist Helen Nissenbaum has termed “contextual integrity.” Nissenbaum has written extensively about contextual integrity, which explains why an employee may feel comfortable sharing details about her personal life with Facebook friends, but outraged if those details were shared with her co-workers;[71] why that same person may readily share her age with her doctor, but feel uneasy if her prospective employer were to ask the same question; and why she may share a sexually explicit selfie with a lover, but feel as if her privacy has been violated if that image were shared with thousands of strangers on the Internet.[72] Contextual integrity emphasizes howinformation is shared, rather than what it reveals. No courts have yet addressed the issue of whether revenge porn victims have a reasonable expectation of privacy in the images they have shared. As the District of Puerto Rico stated, “[a] reasonable person does not protect his private pictures by placing them on an Internet site,” even if those images are unavailable to the general public or protected by passwords.[73] Other courts have followed suit.[74] Victims of revenge porn may find themselves subject to a similarly flawed analysis: a reasonable person does not protect private pictures by sharing them with others via text message, e-mail or other means. Courts may not be prepared to rejigger the privacy torts to reflect that context determines the extent to which an expectation of privacy is reasonable.

III. Overbroad Revenge Porn Legislation Threatens Free Speech

Although many civil and criminal laws apply to revenge porn,[75] some scholars argue that using those laws is often hindered by disinterested law enforcement, and suggest that new criminal legislation is necessary to protect victims.[76] If police and prosecutors are reluctant to acknowledge that the activities of revenge porn uploaders and traffickers may violate the law, however, additional legislation may have no affect on victims’ remedies.[77] Yet, the arrests of Moore and another revenge porn website operator, Kevin Bollaert, indicate that law enforcement’s attitude toward investigating revenge porn using existing laws is changing.[78] Generally, the First Amendment prevents the government from restricting expression based on “its message, its ideas, its subject matter, or its content.”[79] As the Supreme Court explained in United States v. Stevens, the First Amendment has only accommodated restrictions on the content of speech in a handful of limited areas (including obscenity, defamation, fraud, incitement) and has never interpreted the First Amendment to include a “freedom to disregard these traditional limitations.”[80] The Court has held that offensive,[81] embarrassing,[82] and disgusting[83] speech warrants protection, even when it causes tangible harm.[84] Even so, nine states – Alaska, Arizona, California, Georgia, New Jersey, Idaho, Utah, Virginia, and Wisconsin – have enacted targeted revenge porn that criminalizes the distribution of intimate images of another person without that person’s consent.[85] From a First Amendment perspective, targeted revenge porn legislation occupies a tricky space: imprecisely drafted revenge porn legislation protects many victims but risks criminalizing protected expression,[86] but whittling down legislation to avoid trammeling free speech excludes many of the victims the law intended to protect.[87] Although broad legislation makes it easier to prosecute revenge porn uploaders and traffickers, it could also have unintended consequences on protected speech by criminalizing distributions made in the public interest,[88] linking to revenge porn websites for purposes of critique,[89] or disclosures made to document the harassment itself.

IV. Copyright Can Combat Revenge Porn

Even if revenge porn victims were able to successfully state claims for harassment, stalking or invasion of privacy, they may still be unable to remove their images from the Internet. An injunction could force uploaders to remove the images and pay monetary damages, but subsequent postings and re-postings would remain untouched because Section 230 protects the websites/ISPs hosting the content. Copyright is not a perfect solution but, unlike the aforementioned alternatives, victims’ invocation of copyright law does not threaten to erode the protections of free speech or Section 230, nor does it shoehorn revenge porn liability into existing tort schemes or create new criminal liability. The works protected, rights afforded, and remedies provided by copyright law empower the vast majority of victims to protect themselves.[90]

A. Authoring and Owning the Selfie

When Hunter Moore was asked whether the images he posted on IsAnyoneUp violated copyright laws, he offered this fascinatingly misguided explanation:
[B]ut when you take a picture of yourself in the mirror, it was intended for somebody else so, actually, the person you sent the picture to actually owns that picture, because it was intended as a gift. So whatever the – that person does with the picture, you don’t even own the nude picture of yourself anymore … So that’s how I’m protected.[91]
The majority of revenge porn images are “selfies,” like the ones described by Moore.[92] Copyright law protects any original work of authorship fixed in a tangible medium of expression, including photographs.[93] As the authors of their selfies, the vast majority of victims thereby own the copyright in their images.[94] Revenge porn features sexually explicit imagery, and neither Congress nor the Supreme Court have addressed the copyrightabilityof pornography. However, as the Fifth Circuit decision in Mitchell Brothers Film Group v. Cinema Adult Theater explained, “the protection of all writings, without regard to their content, is a constitutionally permissible means of promoting science and the useful arts.”[95] Subsequent decisions and treatises have recognized that the author of a sexually explicit work is afforded the full panoply of copyright protections.[96] Hence, the authors of a sexy selfie and a New York Times bestseller both retain the exclusive rights to their respective works, including the rights of reproduction and display.

B. Positive and Negative Rights of Copyright Owners

The reproduction and display of revenge porn victims’ copyrighted images without their permission constitutes copyright infringement. Section 104 of the Copyright Act grants the authors of unpublished and published works the same rights and protections.[97] Limited distribution of a copyrighted work – to a prospective publisher or a love interest –has no effect on the exclusive rights granted to an author.[98] The author of an unpublished work retains the exclusive right to decide whether to publish a work, and exercise or authorize any reproduction or display of the copyrighted work.[99] By definition, revenge porn victims did not authorize the reproduction or display of their copyrighted images, thus revenge porn uploaders and traffickers infringe upon the exclusive right to make and show copies in several ways. Uploaders reproduce victims’ copyrighted images when submitting them to a website,[100] traffickers reproduce the images when creating copies to store on webservers, and display copies of the original images when users direct their browsers to these websites.[101] Although these actions often occur simultaneously or concurrently, this doesn’t pose a problem to victims asserting their rights as the Copyright Act allows the rights protected by Section 106 to overlap.[102] The Supreme Court takes seriously the idea that the limited monopoly provided by copyright law incentivizes creativity and innovation.[103] Implicit in the positive rights enumerated in Section 106 is an equally powerful “negative right” not to exercise those exclusive rights.[104] The Supreme Court has acknowledged this negative right, explaining that
[T]he limited monopoly conferred by the Copyright Act is intended to motivate creative activity of authors and inventors by the provision of a special reward, and to allow the public access to the products of their genius after the limited period of exclusive control has expired. But nothing in the copyright statutes would prevent an author from hoarding all of his works during the term of the copyright.[105]
Consider the treasure trove of J.D. Salinger stories, which he chose never to publish, that are only available for limited viewing at Princeton’s Firestone Library.[106] In some way, that rareness, manufactured by Salinger’s decision not to fully exercise his exclusive rights, enhances the stories’ value.[107] Revenge porn victims are a perfect example of the ways in which negative copyrights incentivize creation: those images would never have been shared if victims did not believe they could control who saw them.

C. What Goes Up Must Come Down: The Digital Millennium Copyright Act

The same threat that drove Congress to pass Section 230, primarily crushing liability, pushed Congress to enact the Digital Millennium Copyright Act in 1998.[108] As part of its amendments and updates to the Copyright Act, Congress codified the Online Copyright Infringement Liability Limitation Act (“Section 512”).[109] In passing Section 512, Congress sought to provide “greater certainty to service providers concerning their legal exposure for infringements that may occur in the course of their activities.”[110]
1. Using DMCA Notices to Takedown Revenge Porn
Qualified ISPs[111] that comply with Section 512’s “notice and takedown” procedures are protected from liability for copyright infringement.[112] A procedure that is deemed complying is one in which the ISP creates and maintains a system for copyright owners to report infringement and allows the ISP to promptly respond to takedown requests.[113] Revenge porn victims do not need to register their copyrights or hire a lawyer to file a takedown notice.[114] Victims need only submit their name and signature; identify the image; and provide links to the infringing material, contact information and written verification that they believes the use is unauthorized.[115] Victims who discover their images re-posted to commercial porn websites, rather than revenge porn sites, are more likely to have success with takedown notification: commercial porn sites are hotbeds of pirated and infringing content and many link to DMCA notice and takedown procedures directly from their homepages and quickly comply with verified requests.[116] Victims can also issue de-indexing requests to search engines, like Google or Yahoo, to remove infringing links from search results.[117]
2. The Trouble With Takedowns
Websites that traffic exclusively in revenge porn present a problem for victims, as they may run into the problem that mainstream content creators encounter during takedown procedures[118] often called the “Whac-a-Mole” problem. The dynamic nature of the Internet means that as soon as infringing content is removed from one source, it “pops up” elsewhere, reminiscent of the whac-a-mole arcade game. In the case of revenge porn, this phenomenon is magnified. Revenge porn websites are meant to damage reputations and ruin lives.[119] By issuing a takedown notice – which requires the disclosure of personal information – victims may inadvertently draw more attention to the image as the websites might create additional posts about victims who request takedowns or encourage users to re-post victims’ images onto other websites.[120] Reposting is not the only problem that victims encounter. Identifying the location of revenge porn websites’ servers may require a subpoena. For victims who are able to afford a lawyer, filing a subpoena seeking the disclosure of servers’ locations could potentially attract attention to the images at issue.[121] Websites with servers in countries that do not have intellectual property agreements with the United States may refuse to comply with US law and ignore takedown requests entirely.[122] While additional investigation may buoy the success of revenge porn victims’ takedown notices, hiring a lawyer is not an option for most victims. Despite the shortcomings of takedown notices, revenge porn sites that choose to ignore takedown requests sacrifice the immunity afforded by Section 512, thereby risking exposure to tremendous legal liability.[123]

D. Monetary Damages and Criminal Penalties

The rare victim who is willing to register a copyright and file a lawsuit can seek up to $150,000 in statutory damages for each instance of willful infringement.[124] If a revenge porn site successfully rebuts the presumption of willfulness, victims are still entitled to have their images removed.[125] Although high criminal penalties for copyright infringement are meant to deter would-be infringers, website operators who know they are “judgment proof,” meaning they do not have the assets to sustain a judgment, may not be deterred by the threat of monetary damages.[126] In 1997, Congress enacted the No Electronic Theft (NET) Act to target infringers whose behavior could not be deterred by monetary damages alone.[127] The NET Act criminalizes willful copyright infringement when the total retail value of the infringed work exceeds $1,000.[128] Violations are punishable by up to ten years in prison.[129] The NET Act is frequently and justifiably critiqued for its harsh penalties, and it is unlikely that a revenge porn site operator could be charged with criminal infringement. Courts have expressed a willingness to use the highest dollar value possible to calculate the “retail value” of infringed works.[130] Revenge porn websites can fetch anywhere from $3,000[131] to $13,000[132] per month in advertising revenue, but it remains unclear whether advertising revenue is a satisfactory metric for “retail value.” While the arrests of Hunter Moore and Kevin Bollaert indicate that prosecutors are willing to test the waters using existing laws,[133] courts should be wary of permitting prosecutors to use criminal copyright infringement laws to prosecute revenge porn traffickers.

Conclusion

Existing tort laws, like harassment, stalking and privacy laws, are poorly equipped to handle the problem of revenge porn. Even if victims succeed in their cases against uploaders, those same claims will most likely be unable to pierce revenge porn websites’ Section 230 immunity or force operators to remove victims’ images. Working backward from the remedy victims most want – takedown procedures – copyright law stands out as the most efficient and predictable way to achieve those goals. Copyright is not a panacea for revenge porn. Victims must be willing to invest time to submit takedown notices and, if that fails, money into hiring an attorney to proceed with litigation. Copyright laws are also imperfect: the protections may well be too broad and the penalties too draconian. Still: for the vast majority of revenge porn victims, copyright presents an efficient means of self-help.
* J.D. Candidate, New York University School of Law, 2014; B.A. Publishing, Copyright & Technology, summa cum laude, New York University, 2011. Thanks for their suggestions and support are owed to the NYU Law Engelberg Center on Innovation Law and Policy, including Barton Beebe, Rochelle Dreyfuss, Jeanne Fromer, Jason Schultz, Chris Sprigman, Kathy Strandburg, and Chris Wong, the members of the Information Law Institute’s Privacy Research Group, and the participants in the Tri-State Region IP Workshop. And a special thanks to family and friends, who kept listening.
[1] Danny Gold, The Man Who Makes Money Publishing Your Nude Pics, The Awl (Nov. 10, 2011), http://www.theawl.com/2011/11/the-man-who-makes-money-publishing-your-nude-pics [hereinafter Gold].
[2] Kashmir Hill, Revenge Porn with a Facebook Twist, Forbes (Jul. 6, 2011), http://www.forbes.com/sites/kashmirhill/2011/07/06/revenge-porn-with-a-facebook-twist/
[3] Camille Dodero, Bullyville Has Taken Over Hunter Moore’s IsAnyoneUp: Open Letter from Hunter Moore, The Village Voice (Apr. 19, 2012), available at http://blogs.villagevoice.com/runninscared/2012/04/bullyville_isanyoneup.php; Gold supra note 1.
[4] See Charlotte Laws, I’ve Been Called the Erin Brockovitch of Revenge Porn, and For the First Time Ever, Here Is My Entire Uncensored Story of Death Threats, Anonymous and the FBI, JaneXO (Nov. 21, 2013), http://www.xojane.com/it-happened-to-me/charlotte-laws-hunter-moore-erin-brockovich-revenge-porn.
[5] Moore, along with alleged hacker Charles “Gary Jones” Evens, was indicted for conspiracy, identity theft, and unauthorized access of a protected computer to obtain information in violation of the Computer Fraud and Abuse Act. Indictment at 1, United States v. Moore, No. CR13-0917 (C.D. Cal. Dec. 30, 2013).
[6] Camille Dodero, Hunter Moore Makes a Living Screwing You, The Village Voice (Apr. 4, 2012), available at http://www.villagevoice.com/2012-04-04/news/revenge-porn-hunter-moore-is-anyone-up/full.
[7] The survey included 1,182 online interviews amongst American adults ages 18-54. Kim Eichorn, Lovers Beware: Scorned Exes May Share Intimate Data and Images Online, McAfee (Feb. 4 2013), http://www.mcafee.com/us/about/news/2013/q1/20130204-01.aspx.
[8] Lorelei Laird, Victims Are Taking On ‘Revenge Porn’ Websites For Posting Pictures They Didn’t Consent To, A.B.A. J.(Nov. 1, 2013, 4:30 AM CDT), http://www.abajournal.com/magazine/article/victims_are_taking_on_revenge_porn_websites_for_posting_photos_they_didnt_c. According to a Cyber Civil Rights Initiative study, the vast majority of revenge porn victims are female. Danielle K. Citron, Revenge Porn: A Pernicious Form of Cyber Gender Harassment, Balt. Sun (Dec. 15, 2013), available at http://articles.baltimoresun.com/2013-12-15/news/bs-ed-cyber-gender-harassment-20131214_1_cyber-civil-rights-initiative-nude-images-harassment.
[9] Victims who were videotaped without their knowledge represent an estimated ten percent of victims, though these victims were not expressly discussed in the non-consensual pornography statistics. Why One Mom’s Investigation Might Actually Stop Revenge Porn, On The Media (Dec. 6, 2013), http://www.onthemedia.org/story/why-one-moms-investigation-might-actually-stop-revenge-porn/transcript [hereinafter One Mom’s Investigation]. Those victims may be able to use state video voyeurism or Peeping Tom laws. See Voyeurism Statutes 2009, National Defense Attorneys Association (Mar. 2009), http://www.ndaa.org/pdf/voyeurism_statutes_mar_09.pdf.
[10] An estimated twelve percent of non-consensual pornography was Photoshopped, or otherwise edited and manipulated. One Mom’s Investigation, supra note 9.
[11] Roughly forty percent of non-consensual pornography was hacked. Id. These victims may be able to use the Computer Fraud and Abuse Act. See 18 U.S.C. § 1030(a)(2) (2012).
[12] The remaining 36 percent constitutes the subset of revenge porn analyzed by this Note.
[13] The author developed this definition of revenge porn for Wikipedia. Revenge Porn, Wikipedia (Version Oct. 8, 2013, Amphiggins) available at https://en.wikipedia.org/w/index.php?title=Revenge_porn&oldid=593224773. This definition was adopted by the Criminal Court of the City of New York. People v. Barber, 2014 NY Slip. Op. 50193(U) (Feb. 18, 2014), available at http://www.courts.state.ny.us/reporter/3dseries/2014/2014_50193.htm.
[14] See Maureen O’Connor, The Crusading Sisterhood of Revenge Porn Victims, N.Y. Mag.(Aug. 29, 2013), available at http://nymag.com/thecut/2013/08/crusading-sisterhood-of-revenge-porn-victims.html.
[15] 47 U.S.C. § 230(c) (1998).
[16] See infra Part II. Israel, France, the Phillipines, and the Australian state of Victoria also have laws applicable to revenge porn. See, e.g., Pén.226-1 (Fr.); An Act Defining and Penalizing the Crime of Photo and Video Voyeurism, Prescribing Penalties Therefor, and for Other Purposes, Rep. Act No. 9995, § 4 (2009) (Phil.); see alsoRevenge Porn’ Outlawed: Israel and Australia Ban Spurned Lovers from Posting Compromising Photos of Their Exes, Daily Mail (Jan. 8, 2014) http://www.dailymail.co.uk/femail/article-2535968/Revenge-porn-outlawed-Israel-state-Australia-ban-spurned-lovers-posting-compromising-photos-exes.html.
[17] Danielle K. Citron and Mary Anne Franks, Criminalizing Revenge Porn, 49 Wake Forest L. Rev. (forthcoming 2014). Amending existing law, or creating new criminal ones, to tackle revenge porn creates additional problems for free speech and pornography, and poses a threat to websites, aggregators, and other Internet-based businesses. See Sarah Jeong, Revenge Porn Is Bad. Criminalizing It Is Worse, (Oct. 28, 2013), http://www.wired.com/opinion/2013/10/why-criminalizing-revenge-porn-is-a-bad-idea.
[18] Proposed CA Bill Would Fail to Protect up to 80% of Revenge Porn Victims, Cyber Civil Rights Initiative (Sept. 10, 2013), http://www.cybercivilrights.org/press_releases [hereinafter CCRI Survey]. The remaining twenty percent of non-selfie revenge porn often falls into other categories of non-consensual pornography in which other federal laws are applicable.
[19] New revenge porn-specific legislation poses a threat to free speech by imprecise or overbroad drafting of new laws or amendments to old ones. For an in-depth discussion about the clash between free speech and revenge porn, see infra Part III.
[20] See, e.g., Erica Goode, Victims Push Laws to End Online Revenge Posts, N.Y. Times (Sept. 23, 2013), available at http://www.nytimes.com/2013/09/24/us/victims-push-laws-to-end-online-revenge-posts.html?_r=0.
[21] Hunter Moore encouraged users to repost the images he shared on IsAnyoneUp. One Mom’s Investigation, supra note 9.
[22] See Stratton Oakmont, Inc. v. Prodigy Servs. Co., 1995 WL 323710, at *3 (Sup. Ct., Nassau County1995) (“In short, the critical issue to be determined by this Court is whether … PRODIGY exercised sufficient editorial control over its computer bulletin boards to render it a publisher with the same responsibilities as a newspaper.”); see also Conor Clarke, How the Wolf of Wall Street Helped Write the Rules for The Internet, Slate(Jan. 7, 2014), http://www.slate.com/articles/news_and_politics/jurisprudence/2014/01/the_wolf_of_wall_street_and_the_stratton_oakmont_ruling_that_helped_write.html.
[23] Stratton Oakmont, Inc., 1995 WL 323719 at *2.
[24] See 47 U.S.C. § 230(b)(1)-(2) (1998).
[25] Id.§ 230(c)(1) (“No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”).
[26] Zeran v. Am. Online, Inc., 129 F.3d 327, 330 (4th Cir. 1997). (“[L]awsuitsseeking to hold a service provider liable for its exercise of a publisher’s traditional editorial functions-such as deciding whether to publish, withdraw, postpone or alter content-are barred.”).
[27] 47 U.S.C. § 230(e)(1) (1998). Explaining why categorizing revenge porn as “obscenity” could open a Pandora’s box of problems goes beyond the scope of this paper. For a sense of why using obscenity law might be problematic, see Amy M. Adler, Post-Modern Art and the Death of Obscenity Law, 99 Yale L.J. 1359, 1362 (1990).
[28] It also does not apply to harassing telephone calls made in Washington, D.C., among other limited carve-outs. 47 U.S.C. § 230(e)(2) (1998).
[29] Id. § 230(f)(3).
[30] CCRI Survey, supra note 18.
[31] 47 U.S.C. §230(c)(1) (1998).
[32] The content-related exceptions to Section 230 protection for posting obscenity, child pornography and copyright infringement still apply. For that reason, the two “security experts” who worked for Moore were tasked with ensuring that he did not post images of under-aged victims. Gold, supra note 1.
[33] Zeran, 129 F.3d at 330.
[34] Id. at 329.
[35] Id. at 331.
[36] Id.; see also Chicago Lawyers’ Comm. for Civil Rights Under Law, Inc. v. Craigslist, Inc., 519 F.3d 666, 669 (7th Cir. 2008) (“[Section] 230(c)(1) provides broad immunity from liability for unlawful third-party content. That view has support in other circuits.”) (internal quotations omitted) (citing Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997); Ben Ezra, Weinstein & Co. v. America Online, Inc., 206 F.3d 980 (10th Cir. 2000); Green v. America Online, 318 F.3d 465 (3d Cir. 2003); Batzel v. Smith, 333 F.3d 1018 (9th Cir. 2003); Universal Commc’n Sys., Inc. v. Lycos, Inc., 478 F.3d 413 (1st Cir. 2007)).
[37] Jones v. Dirty World Entm’tRecordings, LLC, 766 F. Supp. 2d 828, 836 (E.D. Ky. 2011), aff’d, Jones v. Dirty World Entertainment Recordings, LLC, 840 F. Supp. 1008 (E.D. Ky. 2012) (citing Fair Hous. Council of San Fernando Valley v. Roommates.Com, LLC, 521 F.3d 1157 (9th Cir. 2008)).
[38] Id. at 832. The court denied defendants’ for judgment as a matter of law. Jones v. Dirty World Entm’t Recordings, LLC, 840 F. Supp. 2d 1008, 1013 (E.D. Ky. 2012). TheDirty.com is appealing to the Sixth Circuit. Kashmir Hill, Big Deal For Internet Law: Ex-Bengals Cheerleader Sarah Jones Wins Suit Against The Dirty Over ‘Reputation-Ruining’ Comments, Forbes (July 11, 2013), http://www.forbes.com/sites/kashmirhill/2013/07/11/big-deal-for-internet-law-ex-bengals-cheerleader-wins-suit-against-the-dirty-over-reputation-ruining-comments.
[39] Jones v. Dirty World Entm’tRecordings, LLC, No. 09-219-WOB, 2013 WL 4068780 (E.D. Ky. Aug. 12, 2013); Cf. Doe v. MySpace, Inc., 528 F.3d 413, 419 (5th Cir.2008) (“[S]o long as a third party willingly provides the essential published content, the interactive service provider receives full immunity [under Section 230] regardless of the specific editing or selection process.”) (citations omitted) (internal quotation marks omitted).
[40] See Dyer v. Dirty World, LLC, No. CV-11-0074-PHX-SMM, 2011 WL 2173900 (D. Ariz. June 2, 2011); S.C. v. Dirty World, LLC, No. 11-CV-00392-DW, 2012 WL 3335284 (W.D. Mo. Mar. 12, 2012) (“[M]erely encouraging defamatory posts is not sufficient to defeat CDA immunity.”). Although the Arizona district court claimed not to be addressing Section 230 liability expressly, its analysis of provider versus publisher indicates otherwise. As Eric Goldman noted, “[I]t appears that this is a 47 USC 230 case where the court denies it’s relying on 47 USC 230.” TheDirty Defeats Privacy Invasion Lawsuit–Dyer v. Dirty World, Tech. and Mktg. L. Blog (June 4, 2011), http://blog.ericgoldman.org/archives/2011/06/thedirty_defeat.htm.
[41] See Fair Hous. Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d 1157 (9th Cir. 2008) (holding that Roommates.com, which provided dropdown menus users could select to reflect housing-mate and apartment-mate preferences, was not protected by Section 230).
[42] “By writing Section 230 into law, Congress left . . . Internet harassment victims vulnerable and helpless.” Ann Bartow, Internet Defamation As Profit Center: The Monetization of Online Harassment, 32 Harv. J. L. & Gender 383, 417-18 (2009).
[43] Mary Anne Franks, The Lawless Internet? Myths and Misconceptions About CDA Section 230, Huffington Post (Dec. 18, 2013), http://www.huffingtonpost.com/mary-anne-franks/section-230-the-lawless-internet_b_4455090.html (discussing the merits of a Sarah Jones-type interpretation of Section 230).
[44] Barnes v. Yahoo!, Inc., 570 F.3d 1096, 1097 (9th Cir. 2009) (refusing to hold Yahoo! liable for false accounts featuring Cecilia Barnes’ name and nude pictures created by her ex-boyfriend, pursuant to Section 230).
[45] See CDA 230 Success Cases Series, (2013), https://www.eff.org/issues/cda230/successes (featuring interviews with legal counsel about the importance of broad Section 230 protections).
[46] Victims’ descriptions of feeling victimized when images reappear or strangers approach them in public because of the images is eerily reminiscent of the “haunting harm” described by child pornography victims. See New York v. Ferber, 458 U.S. 747 (1982).
[47] Though many states have online-specific harassment and stalking statutes, some continue to apply existing civil laws to digital torts. See generally State Cyberstalking and Cyberharassment Laws, Nat’l Conference of State Legis. (Dec. 5, 2013), http://www.ncsl.org/research/telecommunications-and-information-technology/cyberstalking-and-cyberharassment-laws.aspx.
[48] Id.
[49] Many statutes do not define “material harm.” The specific standards vary amongst the states. Compare N.Y. Penal Law § 120.45 with Cal. Penal Code § 646.9. All 50 states and Washington, D.C. have anti-stalking laws. State and Federal Stalking Laws, BerkmanSoc’y (Nov. 6, 2013), http://cyber.law.harvard.edu/vaw00/cyberstalking_laws.html.
[50] See generally Naomi Harlin Goodno, Cyberstalking, A New Crime: Evaluating the Effectiveness of Current State and Federal Laws, 72 Mo. L. Rev. 125, 134 (2007).
[51] See Somini Sengupta, ‘Revenge Porn’ Could Be Criminalized in California, N.Y. Times (Aug. 27, 2013), http://bits.blogs.nytimes.com/2013/08/27/revenge-porn-could-be-criminal-offense-in-california.
[52] It is unclear whether uploading the same image to different sites, several images to the same site or repeatedly re-uploading images in response to removals would sufficiently establish a “course of conduct.”
[53] States’ approaches to assessing what constitutes a “credible threat” differ. For deeper analysis, see Goodno supra note 50, at 196.
[54] Id.
[55] 18 U.S.C. § 875(c) (2012).
[56] Danielle Keats Citron, Cyber Civil Rights, 89 B.U. L. Rev. 61, 64 (2009); see also Azy Barak, Sexual Harassment on the Internet, 23 Soc. Sci. Computer Rev. 77, 80 (2005) (discussing the frequency of rape-related comments and threats directed at women on the Internet).
[57] See Bonnie D. Lucks, Electronic Crime, Stalkers, and Stalking: Relentless Pursuit, Harassment and Terror in Cyberspace, in Stalking Crimes and Victim Protection: Prevention, Intervention, Threat Assessment and Case Management 179 (Joseph A. Davis ed., 2001).
[58] United States v. Baker, 890 F. Supp. 1375, 1388-90 (E.D. Mich. 1995), aff’d sub nom. United States v. Alkhabaz, 104 F.3d 1492 (6th Cir. 1997).
[59] Although many states have additional privacy laws, Dean Prosser formulated the distinctions among the privacy torts that was adopted by the Restatement of Torts. See William L. Prosser, Privacy, 48 Calif. L. Rev. 383 (1960). Revenge porn lawsuits tend to focus on one or more privacy torts.
[60] See, e.g., Compl. at 5-6, Jacobs v. Seay, No. 2013-013626-CA-01 (Fla. Miami-Dade County Ct. Apr. 18, 2013) (alleging invasion of privacy and public disclosure of private facts); Compl. at 3-4, Wells v. Avedisian, No. 112013CA0014570001XX (Fla. Collier County May 13, 2013) (alleging invasion of privacy and publication of private facts); Compl. at 4, Toups v. GoDaddy, No. D130018-C (Tex. Orange County Ct. Jan. 18, 2013) (alleging intrusion upon the right to seclusion, public disclosure of private facts, wrongful appropriation of name or likeness and false light).
[61] Restatement (Second) of Torts § 652E cmt. a (1977).
[62] Alexa Tsoulis-Reay, A Brief History of Revenge Porn, N.Y. Mag. (Jul. 21, 2013), http://nymag.com/news/features/sex/revenge-porn-2013-7.
[63] Wood v. Hustler Magazine, Inc., 736 F.2d 1084 (5th Cir. 1984), cert. denied, 469 U.S. 1107 (1985); see also Douglass v. Hustler Magazine, Inc., 769 F.2d 1128 (7th Cir. 1985) (refusing to dismiss plaintiff’s false light claim because the re-publication of her provocative photos, which appeared in another publication, falsely “insinuate[d] that she is the kind of person willing to be shown naked in Hustler.”).
[64] Judge Reavely also noted that the publication falsely attributed a “lewd fantasy” to the victim, which is mirrored in the explicit, demeaning comments that frequently accompany revenge porn. Id. at 1089.
[65] Ashby v. Hustler Magazine, Inc., 802 F.2d 856, 860 (6th Cir. 1986). The Supreme Court decision in Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 259 (1986), requiring plaintiffs in actions governed by an actual malice standard—including defamation and false light plaintiffs—to demonstrate actual malice with “convincing clarity” to survive summary judgment, was decided just before Ashby. The Liberty Lobby decision perhaps explains the Sixth Circuit dismissal, and the Fifth Circuit’s change of course shortly thereafter. See Faloona by Fredrickson v. Hustler Magazine, Inc., 799 F.2d 1000 (5th Cir. 1986).
[66] Restatement (Second) of Torts § 652C (1977); see also Digital Media Law Project, Using the Name or Likeness of Another, BerkmanSoc’y (July 30, 2008), http://www.dmlp.org/legal-guide/using-name-or-likeness-another.
[67] If no value has been appropriated, there is no tort. Restatement (Second) of Torts § 652C cmt. c (1977). New York, Oklahoma, Utah and Virginia require that the misappropriation be for “advertising, or for purposes of trade.” Id.
[68] State-specific misappropriation laws often define “benefit” in more stringent terms. See, e.g. N.Y. Civ. Rights Law § 50 (limiting to advertising or purposes of trade). It is not clear how courts might evaluate page views or advertising revenues in misappropriation claims against revenge porn websites.
[69] Kristin M. Beasley, Up-Skirt and Other Dirt: Why Cell Phone Cameras and Other Technologies Require A New Approach to Protecting Personal Privacy in Public Places, 31 S. Ill. U. L. J. 69, 93 (2006) (“A plaintiff’s ability to recover on an invasion of privacy tort is premised on her having had a reasonable expectation of privacy.”); see also Restatement (Second) of Torts §§ 652D & 652B (1977).
[70] “[F]inely calibrated systems of social norms, or rules, govern the flow of personal information in distinct social contexts (e.g. education, health care, and politics).” Helen Nissenbaum, Privacy in Context: Technology, Policy and the Integrity of Social Life 2-3 (2010). See generally Jaime A. Madell, Note, The Poster’s Plight: Bringing the Public Disclosure Tort Online, 66 Surv. Am. L. 895 (2011).
[71] Id.
[72] As one victim put it after a sexually explicit image she shared with her boyfriend went viral, “I didn’t ever think he’d ever use this to try to ruin my life.” Gilma Avalos, Miami Woman Fighting to Outlaw Revenge Porn, NBC Miami (Oct. 31, 2013), http://www.nbcmiami.com/news/local/Miami-Woman-Fighting-To-Outlaw-Revenge-Porn-229983581.html?akmobile=o.
[73] United States v. Gines-Perez, 214 F. Supp. 2d 205, 225 (D.P.R. 2002) (declining to find that a criminal defendant had a reasonable expectation of privacy in images posted to a password-protected, non-public Internet site under the Fourth Amendment).
[74] See Woodrow Hartzog and Frederic Stutzman, The Case for Online Obscurity, 101 Calif. L. Rev. 1, 26 (2013) (“[T]he type of analysis employed in Gines-Perez persists.”).
[75] See Citron, supra note 17 at 3.
[76] Id.
[77] See Derek Bambauer, Exposed, 98 Minn. L. Rev. (forthcoming 2014).
[78] Both men were indicted under existing criminal laws. Neither was charged under the California revenge porn law because the alleged crimes occurred before the law was enacted. See United States v. Moore, No. CR13-0917 (C.D. Cal. Dec. 30. 2013). Bollaert was arrested and charged with 31 felony counts, in part because his website, UGotPosted, accepted money in exchange for removing victims’ images from the site. Attorney General Kamala D. Harris Announces Arrest of Revenge Porn Website Operator, Calif. Office of the Attorney Gen. (Dec. 10, 2013), https://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-announces-arrest-revenge-porn-website-operator.
[79] Ashcroft v. American Civil Liberties Union, 535 U.S. 564, 573 (2002) (internal quotation marks omitted).
[80] United States v. Stevens, No. 08–769, slip op. at 5 (3rd Cir. Apr. 20, 2010) (internal citations omitted).
[81] Carey v. Population Servs., Int’l, 431 U.S. 678, 701 (1977) (“At least where obscenity is not involved, we have consistently held that the fact that protected speech may be offensive to some does not justify its suppression.”).
[82] NAACP v. Claiborne Hardware Co., 458 U.S. 886, 910 (1982) (“Speech does not lose its protected character, however, simply because it may embarrass others . . . . ”).
[83] United States v. Stevens, 559 U.S. 460 (2010) (striking down an overbroad statute criminalizing crush videos, “which feature the torture and killing of helpless animals and are said to appeal to persons with a specific sexual fetish,” on First Amendment grounds).
[84] See Bambauer, supra note 77, at 54.
[85] For an up-to-date digest of states’ proposed and enacted revenge porn legislation, see State Revenge Porn Legislation, Nat’l Conf. State Leg. (Apr. 16, 2014), http://www.ncsl.org/research/telecommunications-and-information-technology/state-revenge-porn-legislation.aspx.
[86] The American Civil Liberties Union, Electronic Frontier Foundation and Digital Media Law Project at Harvard opposed broader drafts of the California legislation out of concern that the law would “clamp down” on free speech. Laura Sydell, Calif. Bans Jilted Lovers From Posting ‘Revenge Porn’ Online, NPR’s All Tech Considered (Oct. 2, 2013), available at http://www.npr.org/blogs/alltechconsidered/2013/10/02/228551353/calif-bans-jilted-lovers-from-posting-revenge-porn-online.
[87] As California Senator Anthony Cannella, who authored the revenge porn bill that was ultimately enacted, put it, “My bill would have died if we didn’t [limit the scope of the law].” Id.
[88] The Arizona law, for example, would apply to journalists’ coverage of New York mayoral candidate Anthony Weiner’s second sexting scandal. H.B. 2515, 51st Leg., 2d Reg. Sess. (Ariz. 2014), available at http://www.azleg.gov/FormatDocument.asp?inDoc=/legtext/51leg/2r/bills/hb2515p.htm&Session_ID=112.
[89] An early draft of the California law would have applied to linking to revenge porn websites for purposes of critique. S.B. 255, 2013-2014 Sess. (Feb. 13, 2013), available at http://www.leginfo.ca.gov/pub/13-14/bill/sen/sb_0251-0300/sb_255_bill_20130507_amended_sen_v98.htm.
[90] See Amanda Levendowski, Our Best Weapon Against Revenge Porn: Copyright Law?, The Atlantic (Feb. 4, 2014), available at http://www.theatlantic.com/technology/archive/2014/02/our-best-weapon-against-revenge-porn-copyright-law/283564.
[91] Revenge Porn’s Latest Frontier, On The Media (Dec. 6, 2013), http://www.onthemedia.org/story/revenge-porns-latest-frontier/transcript.
[92] Press Releases, Cyber Civil Rights Initiative, available at http://www.cybercivilrights.org/press_releases (last visited Apr. 27, 2014).
[93] 17 U.S.C. § 102 (2012); 17 U.S.C. §101 defines “pictorial, graphic, and sculptural works,” the language used in §102(a)(5), to include “photographs.”
[94] 17 U.S.C. § 201 (2012).
[95] Mitchell Bros. Film Grp. v. Cinema Adult Theater, 604 F.2d 852, 860 (5th Cir. 1979), cert. denied, 445 U.S. 917 (1980).
[96] The Fifth Circuit decision has been described as the “most thoughtful and comprehensive analysis of the issue.” 1 Nimmer on Copyright, § 2.17 (2013). Both the Ninth Circuit and the S.D.N.Y. have adopted the Fifth Circuit standard for copyrightability of obscenity. See Jartech, Inc. v. Clancy, 666 F.2d 403, 406 (9th Cir. 1982) (“Acceptance of an obscenity defense [to copyright infringement] would fragment copyright enforcement, protecting registered materials in a certain community, while, in effect, authorizing pirating in another locale.”); Nova Products, Inc. v. KismaVideo, Inc., 02 CIV. 3850 (HB), 2004 WL 2754685, at *3 (S.D.N.Y. Dec. 1, 2004) (“In short, even if the videos were ultimately proven to be obscene, following the Fifth and Ninth Circuits’ holdings [in Mitchell Bros. and Jartech], this would not be a defense to copyright infringement.”).
[97] 17 U.S.C. § 104(a) (2012).
[98] See Harper & Roe Publishers, Inc. v. Nation Enterprises, 471 U.S 539, 555 (1985). The distinction between unpublished and published works also factors into the fair use inquiry: an “author’s right to control the first public appearance of his undisseminated expression will outweigh a claim of fair use” because “the scope of fair use is narrower with respect to unpublished works,” Id. at 554, 564.
[99] See 17 U.S.C. §§ 106(1), (3), (5)..
[100] See, e.g., Sega Enters. v. MAPHIA, 852 F. Supp. 679, 686 (N.D. Cal. 1994) (“[U]nauthorized copies . . . are made when such games are uploaded . . .”; Ohio v. Perry, 697 N.E.2d 624, 628 (Ohio 1998) (“Uploading is copying”).
[101] See 4 Patry on Copyright §13:11.
[102] Perfect 10, Inc. v. Amazon.com, Inc., 508 F.3d 1146, 1161 (9th Cir. 2007).
[103] See Eldred v. Ashcroft, 537 U.S. 186, 247 (2003) (copyright gives “authors an incentive to create”) (quoting H. R. Rep. No. 100-609, p. 17 (1988)); Golan v. Holder, 132 S. Ct. 873, 889 (2012) (copyright “supplies the economic incentive to create and disseminate ideas”) (quoting Harper & Row, Publishers, Inc. v. Nation Enterprises, 471 U.S.C. 539, 558 (1985)) (emphasis omitted).
[104] This negative right is contemplated by the Copyright Act itself, which protects unpublished works. 17 U.S.C. §104(a) (“Unpublished Works.— The works specified by sections 102 and 103, while unpublished, are subject to protection under this title . . . . ”).
[105] Stewart v. Abend, 495 U.S. 207, 228-29 (1990) (internal citations and quotations omitted).
[106] The stories were leaked online in December 2013. For a discussion of the stories, see The Ocean Full of Bowling Balls, On The Media (Feb. 5, 2010), available at http://www.onthemedia.org/story/132669-the-ocean-full-of-bowling-balls/transcript.
[107] As Salinger obsessive PJ Vogt explained, “I don’t know if there’s an aura around something that, that you can’t possess, and if maybe, if you were to possess that, that loses something.” Id.
[108] See 3 Nimmer on Copyright § 12A.02[A].
[109] 144 Cong. Rec. S11,889 (daily ed. Oct. 2, 1998) (statement of Sen. Hatch).
[110] S. Rep. No. 105–190, at 20 (1998); H.R. Rep. No. 105–551, pt. 2, at 49 (1998).
[111] As defined by 17 U.S.C. § 512(k)(1)(A) or (B) (2012).
[112] Id. § 512(c)(3), (f) and (g) (2012).
[113] 17 U.S.C. § 512(c)(3).
[114] Cory Brittain, who managed the revenge porn site IsAnybodyDown, encouraged victims to pay $250 to a “takedown lawyer.” Brittain is suspected of posing at the lawyer, David Blade III, and using takedown requests to extort victims. Is Anybody Down?, On The Media (Nov. 16, 2012), http://www.onthemedia.org/story/251306-is-anybody-down/transcript.
[115] 17 U.S.C. § 512(c)(3).
[116] See Jim Edwards, The Porn Industry Is Being Ripped Apart by Piracy-Fueled ‘Tube’ Websites, Business Insider (Jul. 19, 2012), http://www.businessinsider.com/the-porn-industry-is-being-ripped-apart-by-tube-site-litigation-2012-7.
[117] Removing Content From Google, Google (Dec. 2013), https://support.google.com/legal/troubleshooter/1114905?hl=en; Copyright and Intellectual Property Policy, Yahoo (Dec. 2013), http://info.yahoo.com/copyright/us/yahoo/en-us/details.html?pir=7HthGQlibUlfPalRk9tbOEXwzlWdqV6ynVEdNQ–.
[118] Ben Sisario and Tanzina Vega, Playing Whac-A-Mole With Piracy Sites, N.Y. Times (Jan. 28, 2013), available at http://www.nytimes.com/2013/01/29/business/media/playing-whac-a-mole-with-piracy-sites.html?ref=technology&_r=1&.
[119] Marlow Stern, Hunter Moore, Creator of ‘Revenge Porn’ Website Is Anyone Up?, Is the Internet’s Public Enemy No. 1, The Daily Beast (Mar. 13, 2012), http://www.thedailybeast.com/articles/2012/03/13/hunter-moore-creator-of-revenge-porn-website-is-anyone-up-is-the-internet-s-public-enemy-no-1.html.
[120] Increasing publicity for information by trying to suppress it is called the “Streisand Effect.” The term was coined after Barbara Streisand issued a request to remove a photograph of her home from the Internet. The image was subsequently re-posted across dozens of websites. What is the Streisand Effect?, The Economist (Apr. 15, 2013), http://www.economist.com/blogs/economist-explains/2013/04/economist-explains-what-streisand-effect (hereinafter Streisand Effect).
[121] See Streisand Effect, supra note 131.
[122] Susanna Lichter, Comment, Unwanted Exposure: Civil and Criminal Liability for Revenge Porn Hosts and Posters, Harv. J.L. & Tech. Digest (May 28, 2013), available at http://jolt.law.harvard.edu/digest/privacy/unwanted-exposure-civil-and-criminal-liability-for-revenge-porn-hosts-and-posters.
[123] Hunter Moore bluntly explained why he was undeterred by the threat of legal action for managing IsAnyoneUp: “It takes you $50,000 to get me into court, and people who work at Starbucks don’t make that kind of money.” Stern, supra note 130.
[124] 17 U.S.C. §504(c)(2) (West).
[125] Id. Courts also retain the discretion to award anywhere from $750 to $30,000 in damages. 17 U.S.C. § 504(c)(1).
[126] The Digital Theft Deterrence and Copyright Damages Improvement Act of 1999 amended section 504(c) and raised the statutory damages available under the Copyright Act. Pub. L. No. 106-160, 113 Stat. 1774.
[127] Pub. L. No. 105-147, 111 Stat. 2678.
[128] Id.
[129] See 18 U.S.C. § 2319 (providing scaled penalties based on a number of aggravating factors, including whether the infringement was a first offense and the size of the infringement operation).
[130] See, e.g., United States v. Armstead, 524 F.3d 442, 443 (4th Cir. 2008) (holding that retail value is determined by taking the “highest of the face value, par value, or market value of copies of the copyrighted material in retail context” (internal quotations excluded).
[131] Cory Brittain’sself-reported revenue during the height of IsAnybodyDown. ‘Revenge Porn’ Website Has Colorado Women Outraged, CBS4 (Feb. 3, 2013, 10:13 PM), http://denver.cbslocal.com/2013/02/03/revenge-porn-website-has-colorado-woman-outraged/ – at_pco=cfd-1.0.
[132] Hunter Moore’s self-reported revenue for IsAnyoneUp. David Kluft, Revenge Porn: “IsAnyoneUp” on Copyright Law?, Foley Hoag Trademark and Copyright Law Blog (Dec. 20, 2011), http://www.trademarkandcopyrightlawblog.com/2011/12/revenge-porn-is-anyone-up-on-copyright-law.

Handle with Care: The Evolving Actual Malice Standard and Why Journalists Should Think Twice before Relying on Internet Sources

Handle with Care: The Evolving Actual Malice Standard and Why Journalists Should Think Twice before Relying on Internet Sources
By Kimberly Chow* A pdf version of this article may be downloaded here.  

Introduction

Readers of the People’s Daily November 27, 2012 online version were largely mystified to read that North Korean ruler Kim Jong-Un had been named the “Sexiest Man Alive.”[1] Quoting the original article in The Onion, the People’s Daily (the Chinese Communist Party’s official newspaper) extolled the leader’s “devastatingly handsome, round face, his boyish charm and his strong, sturdy frame,” and his “air of power that masks an unmistakable cute, cuddly side.”[2] The Onion is an American satirical newspaper and website. Previous winners of its Sexiest Man Alive title included Unabomber Ted Kaczynski and disgraced financier Bernie Madoff,[3] both of whom had as little in common with conventional sex symbols as Kim. The online version of the People’s Daily is apparently less rigorously edited than the print version,[4] and someone had fallen into the trap of giving too little scrutiny to a source that, on its face, should have prompted skepticism. This pattern of taking sources at face value has become too common in the current journalistic landscape in which Internet sources play a large part in breaking the news. News outlets reporting on a 24-hour news cycle place a premium on speed. Unfortunately, that emphasis, coupled with a distressing lack of caution when journalists use sources from the Internet, threatens standards for accuracy. When journalists republish material found on the Internet without conducting their own fact-checking, they run the risk of putting their stamp of approval on source material that has not been properly vetted or edited in the first instance. The tendency, even among established news organizations, to blindly trust what they read online is troubling, even more so given how quickly news spreads. The actual malice standard for defamation is deeply engrained in judicial opinions dating back to the 1960s, with subsequent case law fine-tuning its requirements. As new forms of media and speech have arisen, commentators have increasingly questioned whether the structures for finding defamation should change. The Internet has spurred a disconcerting practice of irresponsible journalism, but when established defamation law is applied, writers are largely protected from being found guilty of actual malice. When both professional and less-traditional writers rely on Internet sources in their work, they engage in journalistic practices that are removed from traditional reporting methods—information found on the Internet is inherently different from information gathered by speaking to sources or witnessing events firsthand. When use of Internet sources erodes the accuracy of reporting, journalists relying on them risk becoming the target of defamation suits. A goal of this paper is to help those in the media industry avoid such suits by recommending best practices with respect to web sources. As defined in the seminal 1964 First Amendment case New York Times Co. v. Sullivan, a defendant may be found guilty of defamation if actual malice was present,“that is, with knowledge that it was false or with reckless disregard of whether it was false or not.”[5] Later cases such as St. Amant v. Thompson proposed specific sources that might provide circumstantial evidence of actual malice.[6] One of St. Amant’s suggestions was that actual malice might be found if writing were “based wholly on” a source the defendant had obvious reasons to doubt.[7] The possibility of courts’ viewing a writer’s use of dubious sources as proof of actual malice becomes more striking when viewed in the context of recent decisions about information on the Internet. In light of some courts’ statements that Internet material should always be viewed with skepticism and doubt,[8] there is a strong possibility that courts may begin to view a journalist’s use of Internet sources as circumstantial evidence of actual malice, and may even impose additional duties of fact-checking. The first section of this note outlines the history of the actual malice standard for defamation through landmark cases. In it I also define terms and provide background for understanding the current state of the law and how susceptible it is to change. The second section discusses the current state of information dissemination on the Internet, explaining how the focus is a 24-hour news cycle. Part two also examines many courts’ belief that consumers should be skeptical of information they read online and points out reasons why these developments could indicate a need for reform. The third section presents possible ways the actual malice standard could change based on the nature of Internet sources, using current examples to demonstrate why changing the standard is necessary and considering whether such changes will realistically occur. The fourth section addresses the overarching policy concern of encouraging increased responsibility among writers and offers practical advice to professional journalists and other writers.

I. The History of the Actual Malice Standard for Defamation

In the United States, defamation is a false statement of fact that tends to harm the reputation of the subject of the statement or deter others from associating with him.[9] To find a party guilty of defaming a public figure or official, that party must have possessed “actual malice.” The Supreme Court first articulated the concept of actual malice in 1964 in Times v. Sullivan, defining it as a statement made, “with knowledge that it was false or with reckless disregard of whether it was false or not.”[10] Gertz v. Robert Welch further elucidated the definition, explaining that the actual malice standard applied when public figures and officials are subjects of defamation, while each state could set the standard for private individuals.[11] The St. Amant court expanded the requirements for a finding of actual malice, stating, “[t]here must be sufficient evidence to permit the conclusion that the defendant in fact entertained serious doubts as to the truth of his publication. Publishing with such doubts shows reckless disregard for truth or falsity and demonstrates actual malice.”[12] St. Amant identified three types of circumstantial evidence that could support a finding of recklessness and lack of good faith:
Professions of good faith will be unlikely to prove persuasive, for example, where a story is fabricated by the defendant, is the product of his imagination, or is based wholly on an unverified anonymous telephone call. Nor will they be likely to prevail when the publisher’s allegations are so inherently improbable that only a reckless man would have put them in circulation. Likewise, recklessness may be found where there are obvious reasons to doubt the veracity of the informant or the accuracy of his reports.[13]
Similarly, the 1989 Harte-Hanks v. Connaughton decision defined actual malice as occurring when a defendant made the false publication with a high degree of awareness of probable falsity.[14] One of the biggest obstacles to plaintiff victories in defamation suits is the subjectivity of the standard. According to St. Amant, the defendant must have “in fact entertained serious doubts.”[15] Likewise, Gertz described actual malice as having “subjective awareness of probable falsity.”[16] While the court in St. Amant conceded that such subjectivity might appear to put “a premium on ignorance,” the use of the recklessness standard and requirement of subjective belief were actually the most effective measures to protect First Amendment values and promote the public interest.[17] While the three types of circumstantial evidence that indicate recklessness are indeed important, the subjective belief requirement remains a prerequisite to a finding of actual malice. For example, in 1984 the court in Bose Corp v. Consumers Union distinguished a finding of actual malice from a finding of falsity, stating that even when the information disseminated was found to be false, it did not necessarily follow that the disseminator knew it was false.[18] Similarly, the First Circuit used the subjectivity requirement to justify the lower court’s holding in Levesque v. Doocy, refusing to impute serious doubts to news commentators even though the commentators/anchors were relying on an Internet source that the court pointed out was ridiculous.[19] Another wrinkle in the analysis is whether the defendant’s statement was an asserted fact (which is actionable) or if it was simply an opinion (which is generally not actionable). It is possible, though, to sue for defamation based on a hybrid opinion that includes both elements of fact and opinion. According to Milkovich v. Lorain Journal Co., statements of opinion can be actionable if they imply a provably false fact, whereas the First Amendment protects pure opinions.[20] Furthermore, in Gross v. New York Times Co., the New York Court of Appeals explained that a statement of opinion could be actionable if it implied a basis in facts that are not disclosed to the reader or listener. However, the court also held that a statement of opinion is not actionable when accompanied by a recitation of the facts upon which it is based or when it does not imply the existence of undisclosed underlying facts.[21] In spite of the actual malice line of cases, recent cases pose challenges for the courts hearing them, as they bring up novel issues of journalistic practice and technologies that did not exist when courts first articulated defamation law. Increasingly, it appears that the old guidelines are inadequate to address these new problems. Whether or not the courts or legislators will fashion new tools remains unknown.

II. Skepticism toward Internet Sources Could Cause a Reevaluation of Defamation

A. Internet Journalism Emphasizes Speed over Accuracy

The Internet has created new forms of journalism that are vastly different from the traditional forms used in the past. In particular, the “24-hour news cycle” allows news outlets to post articles and updates on their websites, broadcasting them at any time, day or night, rather than waiting for the next day’s newspaper or the next week’s magazine.[22] With each outlet racing to be the first to post breaking news, a premium is placed on speed at the expense of accuracy.[23] The 24-hour news cycle, which began with CNN’s coverage of the Gulf War in 1991,[24] has transformed both the quality of news and the format in which it is presented. Editors must now make on-the-spot decisions about whether to publish or send a story back for additional fact-checking. Previously, such decisions were made with a comfortable next-day or next-week deadline.[25] As a result, more opinions, sometimes masquerading as facts or interpreted as facts, are part of the collective consciousness of news. This development is leading courts to reevaluate the role of media and the professional responsibility of journalists, particularly on the Internet.

B. Courts Have Encouraged Skepticism toward Internet Sources

Strikingly, courts have begun placing the onus on consumers of Internet information, ruling that they should be skeptical of what they read. This warning reflects courts’ awareness of the often-unverified nature of information disseminated on the Internet. With the ever-evolving nature of Internet sources, courts are addressing each new source as it enters the marketplace—from standard websites, to blogs, to Twitter feeds. While these cases do not always directly implicate the actual malice standard, that traditional measure remains the backdrop against which courts shape standards of journalistic responsibility. In the 2011 case Obsidian Finance Group v. Cox, an Oregon federal district court warned of the danger in relying on blogs for information, writing that they are “a subspecies of online speech which inherently suggest that statements made there are not likely provable assertions of fact.”[26] Similarly, a federal court in California addressing personal websites and Internet discussion groups held that, “[i]n this context, readers are less likely to view statements as assertions of fact.”[27] In Too Much Media, LLC v. Hale, the New Jersey Supreme Court distinguished online message boards from other information sources on the Internet because of the lack of editorial oversight.[28] New Jersey’s high court explained that hyperbole, exaggeration, and a “looser, more relaxed communications style”[29] promote an environment in which the border between fact and opinion is blurred, and commenters should not be taken at their word. In fact, as discussed in Obsidian Finance Group, just the name of a website can be enough to alert the reader that he should be skeptical of what he finds therein. For example, a site such as www.romneyexposed.com can indicate a one-sided opinion.[30] Such rulings seem to make the consumers responsible for determining what is an untrustworthy source. The distinction between fact and opinion becomes especially confusing when writers make claims supposedly based on research, but expressed as statements that are deemed too informal to be trustworthy. For example, in Too Much Media v. Hale, the defendant wrote many posts on message boards that cited extensive research she had conducted on the pornography industry, including interviews with participants and her congressional representatives and studying websites and information in the mainstream media. Based on her purported research, the defendant made accusations in these posts regarding a security breach that released identifying information of adult website subscribers and singled out specific individuals as responsible for the breach and subsequent cover-up.[31] The court rejected Hale’s argument that she should benefit from the New Jersey shield law, which requires a “sufficient relationship or connection to the ‘news media,’”[32] holding that as a mere writer of posts on a message board, she did not have a strong enough relationship to the media.[33] Even if the writer claims to have done research, the medium of the message—in this case, an online forum—should make consumers skeptical of such claims. Most importantly, consumers should attempt to differentiate pure opinion from opinion purporting to be fact. This distinction is important because, as discussed in Part I, pure opinion is not actionable under defamation law, while opinion masquerading as fact can be actionable.[34] The dividing line between fact and opinion is especially fuzzy in the context of blogs, web forums, and other unedited content. For example, in Obsidian Financial Group, a blogger used the website “obsidianfinancesucks.com” to accuse members of Obsidian of violating bankruptcy laws.[35] As the court noted, the hostile tenor of the comments suggested that the blogger had a personal vendetta against the targets of her accusations and the vitriolic language she used invited further comment and debate.[36] Such biased content “undermine[s] the reader’s expectations that defendant’s statements are to be understood as assertions of provable fact.”[37] Thus, even if a defendant includes statements that imply provable assertions, the statements “lose the ability to be characterized and understood as assertions of fact when the content and context of the surrounding statements are considered.”[38] Regarding the actual malice standard, the problem with opinions is that the protection for republishing them grossly expands the First Amendment freedom of speech principles at the heart of Times v. Sullivan—there is no actual malice when a writer republishes something he believes is opinion, since by definition he has no reason to doubt the facts therein since he does not realize that there are even facts there, thinking he is simply restating another’s beliefs. Because the actual malice standard’s heavy-handed exclusion of opinion from defamation shows no signs of revision in the foreseeable future, such instances of over-protection where journalists republish what they believe to be purely opinion ends up distributing false or misleading information to the public, thereby undermining journalistic responsibility.

C. Redmond v. Gawker Takes a Different Tack

While exercising suspicion towards Internet sources has become the judicial position, the 2012 case Redmond v. Gawker seems to push back against this stance.[39] The Redmond ruling shielded defendant bloggers from defamation charges, in part because their piece had cited to a multitude of other Internet sources. The court reached this result even though the bloggers had not verified the sources’ accuracy before citing to them. Gawker’s Gizmodo blog published a post on plaintiff Scott Redmond’s business ventures, including Peep Wireless Telephony Company, entitled Smoke & Mirrors: The Greatest Scam in Tech. The article questioned whether or not Redmond’s inventions actually did what they promised. The piece went on to note that Redmond had a pattern of getting funding for projects that never materialized. The writers provided links to websites that described now-defunct past projects of Redmond’s.[40] The court stated that providing the links made the article “transparent” because it cited to many Internet sources: Having ready access to the same facts as the authors, readers were put in a position to draw their own conclusions about Redmond and his ventures and technologies. As shown by the comments posted, many readers did view these sources, and not all of them agreed with the authors’ views. Statements are generally considered to be nonactionable opinion when the facts supporting the opinion are disclosed.[41] The court’s statement raises two key issues. First, it can be argued that the skeptical tone of Redmond’s post and the questions the authors raised might, by themselves, qualify the authors’ assertions as opinions. Yet, the court’s declaration that revealing the facts behind the opinions rendered the opinions nonactionable means the court viewed the other Internet sources as facts. This leads to the second issue of whether the Gross court was using the proper definition of facts; perhaps Redmond did not disclose facts at all, and instead merely cited other unverified articles.[42] Notwithstanding Redmond, the judicial position of distrusting Internet sources suggests that journalists should be on notice that courts will begin considering their use of online sources in determining the presence of actual malice. Essentially, courts are ruling that everyone should be skeptical of Internet sources that have not undergone significant editing. Hence, one would expect that it should be easier to find actual malice, using a defendant’s reliance on Internet sources as circumstantial evidence of recklessness and subjective doubts. However, such circumstantial evidence may be rebutted by evidence of diligent fact-checking.

III. New Times May Mean a New Actual Malice Standard

A. News Organizations Are Not Being Careful Enough

Myriad examples illustrate how the current standard for defamation combined with the need for speed in the 24-hour news cycle encourage mistakes that are difficult for courts to prevent and punish. While thus far courts have focused on informal Internet information sources such as blogs or message boards, more established news media are also susceptible to the inaccuracy that accompanies tight deadlines. Driven by the pressure to constantly disseminate information, news outlets often rush to publish before their reports have been adequately checked. This practice has far-reaching consequences, as other outlets rely on the first outlet’s reporting, taking the initial story at face value without vetting it themselves and thereby falling prey to spreading misinformation. In the fall of 2012 during Hurricane Sandy, the Twitter handle “@comfortablysmug” published several Tweets on the social media site Twitter. The Tweets, which alarmingly reported that the New York Stock Exchange floor was flooded with three feet of water, Governor Andrew Cuomo was trapped in Manhattan, and other such panic-inducing statements, were later revealed to be lies created by Shashank Tripathi.[43] During the storm, Tripathi’s Tweets were retweeted on Twitter more than six hundred times, heightening anxiety during the disaster.[44] Unfortunately, several news outlets including CNN and the National Weather Service (“NWS”) picked up the Tweets.[45] Reporting them as news, CNN and the NWS gave the Tweets a legitimacy they had not had when they were merely posts on Twitter. CNN and the NWS’s decision to republish implied editorial oversight and a degree of fact-checking. While it was reported that law enforcement officials were pursuing action against Tripathi, claiming that he endangered the public by stirring hysteria without a proper foundation,[46] currently no action is being taken against the news outlets for furthering the spread of false information even though their actions seem to constitute a much graver lapse of judgment as the public places tremendous trust in the media. Immediately following the December 2012 Sandy Hook Elementary School shooting in Newtown, Connecticut, police found Ryan Lanza’s ID card at the scene of the shooting.[47] Citing Connecticut law enforcement officials, early reports identified Ryan Lanza as the shooter. These reports sparked a veritable witch-hunt that spread to many other news organizations. By 5pm that day, Ryan Lanza’s Facebook profile picture had been shared more than fourteen thousand times,[48] and websites such as Slate and The Huffington Post displayed a screenshot and provided links to the profile.[49] Ryan Lanza received countless messages from Facebook users vilifying him, and people listed as his Facebook friends were harangued for being connected to the suspected shooter.[50] When it turned out that the initial reports had mistakenly identified Ryan Lanza instead of his brother Adam, the media was quick to issue retractions and expose CNN as the source of the inaccurate reporting.[51] CNN defended itself by noting that it had continued to report new information as it developed, and the information had come from law enforcement officials.[52] Still, as Washington Post writer Eric Wemple points out, while it is difficult to do rapid fact-checking of police statements, other outlets that were heavily covering the Sandy Hook story did not simply take the police’s word for it and directly report, choosing instead to report with a citation to CNN.[53] In an apparently unique attempt to fact-check, among the reporting outlets, at approximately 3pm a former Jersey Journal reporter said he had spoken with Ryan Lanza earlier in the day and that Ryan denied his involvement.[54] Unfortunately, by that point Ryan Lanza’s reputation had already been subject to hours of damage. The summer before, ABC News had been the culprit, due to its coverage of the July movie theater shooting in Aurora, Colorado. After federal law enforcement officials released the name of the shooter, James Holmes, to media outlets, ABC reporter Brian Ross speculated, on air, that an Aurora man named Jim Holmes who had a page on the Colorado Tea Party website was the suspect.[55] In fact, Jim Holmes was a 52-year-old father and former law enforcement officer,[56] and was not the actual shooter, who was a 24-year-old.[57] In ABC’s apology, the network acknowledged its error in “disseminating . . . information before it was properly vetted.”[58] According to Wemple, by reporting this unverified story, Ross committed a serious “journalistic felony.” As Wemple explains, “[y]ou can speculate on air about Mitt Romney’s motives for not releasing his tax returns; you can speculate on air about whether the heat wave will pass; [but] you cannot speculate on air about the identity of an alleged mass murderer.”[59] The consequences for the other Jim Holmes could have been disastrous. Apart from allegations of political bias, many criticized ABC for not adequately checking its facts.[60] Fortunately for ABC, Jim Holmes did not bring an action for defamation against the network, and as I will discuss, under the current state of defamation law, he probably would not have been successful anyway. Thus far, the courts have only heard a handful of cases brought against news outlets for irresponsibly reporting information found on the Internet without first conducting proper fact-checks. However, the recent case Levesque v. Doocy illustrates how the subjective belief requirement of the actual malice standard can sink a plaintiff’s case even when the news outlet did not properly fact-check their sources, in some cases reporting information that on its face alone is plainly ridiculous.[61] At issue in Levesque was an incident that occurred in a middle school cafeteria in Maine. A student put a bag containing ham on a table where some Muslim students were eating lunch. After the Muslim students became upset and reported the incident to the school administration, the offending student was suspended for ten days and the incident was reported to local police as a hate crime. Plaintiff Leon Levesque, the superintendent of the school district, gave an interview to a local paper, the Lewiston Sun Journal, and was quoted as saying that the incident was being taken seriously: “All our students should feel welcome and safe in our schools.”[62] Upon seeing this article, freelance writer Nicholas Plagman wrote a parody piece that was mostly true but changed some of the facts and quotes to mock what he saw as an excessive emphasis on political correctness.[63] The ham became a ham sandwich and Plagman fabricated quotes by Levesque including, “[t]hese children have got to learn that ham is not a toy, and that there are consequences for being nonchalant about where you put your sandwich” and “[a]ll our students should feel welcome in our schools, knowing that they are safe from attacks with ham, bacon, porkchops, or any other delicious meat that comes from pigs.”[64] The website Associated Content published the piece, which falsely cited the Associated Press as a source.[65] On April 24, 2011, Fox and Friends, a daily morning television show hosted by defendants Steve Doocy and Brian Kilmeade, included a segment on the Plagman article, which they did not realize was a fabrication.[66] A Fox News researcher had done a web search on the incident to confirm certain facts reported in the Plagman piece such as the existence of the school. The researcher found the local news article and confirmed that the Sun Journal was legitimate.[67] After the news bit was passed on to the hosts, Doocy used Google News to find both the Plagman and Sun Journal articles as well as a Boston Globe article, sourced to the Associated Press, confirming the general facts of the incident. The hosts appeared on the show that morning speaking derisively of Levesque’s involvement in the ham incident.[68] Doocy and Kilmeade attempted to interview Levesque on-air, leaving two messages at his office at 8AM.[69] Levesque, who did not return the calls, sued for defamation and false light invasion of privacy.[70] The crux of the case was the actual malice inquiry. Although the district court found that the defendants had conducted very limited research on the Internet before broadcasting,[71] the First Circuit emphasized that “[a]ctual malice then is measured neither by reasonably prudent conduct nor an industry’s professional standards; rather, it is wholly subjective.”[72] Levesque pointed to both the defendants’ failure to adequately check the outrageous quotes in the Plagman article as well as their statements during the broadcast that they hoped they weren’t being “duped,” as evidence of reckless disregard for the truth. The court disagreed:
It is true that a more deliberate consideration of the Plagman article should have caused reasonable skepticism about the source and that the defendants were careless in relying on it, but this is an indication of negligence, not actual malice, and Superintendent Levesque faces the heavy burden of providing evidence that the defendants recognized the carelessness with which they were proceeding.[73]
Thus the court recognized that despite the absurdity of the defendants’ actions, because they did not actually entertain serious doubts, their conduct did not amount to reckless disregard of the truth and therefore was not actual malice, however professionally irresponsible their behavior may have been.

B. Courts May Impose Additional Duties on Journalists

In light of incidents such as those described in the previous section, it is worth considering whether additional duties should be imposed on reporters to make it more difficult to republish untrustworthy material found on the Internet without conducting adequate fact-checking. Currently, there is no duty to investigate. Still, perhaps there should be an intermediate duty of care that is higher than the current duty of not being reckless while not as strict as requiring investigation. Courts should consider using the established dubious nature of Internet sources to justify requiring increased vigilance for reporters relying on them. One possible revision of the actual malice standard is the creation of a heightened duty to investigate when citing to Internet sources. The Redmond decision illustrates the ease with which defendants may protect themselves in defamation actions by simply using their citation of unverified Internet sources to reveal the supposed facts behind their stated assertion(s).[74] While this appears to be the Gross designation of facts making opinions unactionable,[75] courts’ view of Internet sources as dubious casts doubt on whether Internet sources can be treated as “facts.” In Redmond, some of the “facts” the bloggers relied on were websites and online promotional material posted by the plaintiff himself[76] (and thus were more likely to be actual facts than if the bloggers had only read third-party accounts of the plaintiff’s work). But the court’s reasoning does not seem to rely on the quality of the facts; it wrote that the blog post was “transparent,” holding that citing sources (the “facts”) made the piece unactionable.[77] The court did not say what would result if the piece had cited to sources that were less favorable to the plaintiff’s work. For example, what would have been the result if the bloggers had cited to a website such as Obsidianfinancesucks.com? The court in Obsidian Financial indicated that the very name of the website, as well as the personal tone of its criticism, should put the reader on alert that this was a possibly biased source.[78] Would this qualify as citing to a fact under Redmond? The uncertainty of what ought to be treated as a fact should encourage a heightened fact-checking standard when using Internet sources. Arguably, forming an opinion based on Obsidianfinancesucks.com when that source should obviously be subject to further investigation is not a journalistic practice that should be automatically shielded from a defamation action. At the very least, the source should not be cited baldly without any couching to indicate its potential bias.[79] It is one thing to report that such allegations exist, but it is another to use them as support for one’s own argument. For example, a reporter for the New York Times would not use a person screaming conspiracy theories on a street corner to support an article she was writing on possible corrupt bank practices. The existence of Obsidianfinancesucks.com gives it a guise of respectability, albeit thin, because it is written down in some form. But it is important to remember that it is not much harder to obtain a domain name than it is to shout theories on the street. When sources report information quickly, basing their information on unchecked sources that subsequent news outlets republish without checking the sources themselves, an additional difficulty arises. Should there be a heightened standard to investigate even when a supposedly reliable outlet reports first? The more these incidents happen with a specific outlet, such as CNN’s reporting the Hurricane Sandy Twitter rumors and the incorrect name of the Newtown shooter, the more other publications should be on notice that they need to check the facts behind what CNN reports before putting the information under their own names and exacerbating the problem. Most likely, CNN trusting the Twitter reports would fall under the previous discussion of the Obsidian hypothetical, since courts would likely hold that Twitter, as a journalistic source, should be viewed skeptically like a website with a name such as Obsidianfinancesucks.com, since there is no editorial oversight of Tweets. Other news outlets certainly have a reasonable belief that CNN is trustworthy because it has historically been a mostly accurate, dependable news source. Still, the frequency with which established news organizations are now stumbling should put other outlets on notice. Perhaps even more significantly, the rapidity with which information can spread online means that reputations can be destroyed within moments and may even endanger people’s lives. By naming the wrong suspect in the Aurora shooting, Brian Ross could have instigated a vigilante justice lynch mob. The same could have happened to Ryan Lanza, and indeed there was a huge backlash online. With such high stakes, a heightened standard of fact-checking, even when the information comes from other news outlets, should be encouraged as industry practice. As such, the current subjective belief standard is too forgiving. The defendant’s victory in Levesque signified a victory for the stringent subjective belief standard that is unsettling. By relieving the defendant of liability for beliefs that when examined are clearly ridiculous simply because he subjectively held them, stretches the desire to protect journalistic freedom too far. Where it is absurd for defendants to believe they were reporting the truth or that the underlying facts could be relied upon, their actions should rise to the level of recklessness. At the very least, such defendants ought to be punished more severely than merely having to issue a retraction. Such a revision in the subjective belief standard might amount to courts viewing the use of Internet sources, when unverified, as circumstantial evidence of the defendant possessing serious doubts as to their sources.

C. The Ingrained Legal Standards Will Be Resistant to Change

Despite the impulse to impose heightened obligations or revise the subjective belief requirement, courts and legislators (as well as journalist interest groups) will likely resist such change. Traditional defamation standards are extremely protective of writers in order to protect their First Amendment rights and avoid chilling their ability to report. New York Times v. Sullivan established the rationale for this protectiveness, citing “a profound national commitment to the principle that debate on public issues should be uninhibited, robust, and wide-open.”[80] In defending the often-harsh results of the subjective belief requirement, the Supreme Court in St. Amant balanced the interest of plaintiffs in achieving justice against society’s interest in protecting the press, emphasizing the importance of furthering First Amendment values: “[T]o insure the ascertainment and publication of the truth about public affairs, it is essential that the First Amendment protect some erroneous publications as well as true ones.”[81] These cases push back against tightening the actual malice standard. One factor that might impact a court’s decision of whether to view a writer’s use of Internet sources as a reason to impute doubts to them is whether society, as a whole, believes what is read on the Internet. According to a Pew Research Center study, twenty-nine percent of Americans believe that news organizations get the facts straight, and forty-two percent of Americans use the Internet as their primary news source.[82] While a significant part of society may be aware that they should not trust everything they read on the Internet, not every reader is savvy enough to know that what he reads on a blog, or even on CNN.com, may not have been verified. It may be possible for the unreliable nature of Internet sources to be integrated into defamation law in the category of “dubious sources.”[83] Some courts have said that a journalist’s reliance on such untrustworthy sources may support a finding of actual malice, while St. Amant states, “recklessness may be found where there are obvious reasons to doubt the veracity of the informant or the accuracy of his reports.”[84] Similarly, in Foretich v. American Broadcasting Companies, the district court stated, “[a] broadcaster’s complete reliance on dubious sources can support a finding of actual malice.”[85] Likewise, in Bentley v. Bunton, the court laid out the requirements for finding actual malice based on unprofessional reporting:
The defendant’s state of mind can—indeed, must usually—be proved by circumstantial evidence. A lack of care or an injurious motive in making a statement is not alone proof of actual malice, but care and motive are factors to be considered. An understandable misinterpretation of ambiguous facts does not show actual malice, but inherently improbable assertions and statements made on information that is obviously dubious may show actual malice. A failure to investigate fully is not evidence of actual malice; a purposeful avoidance of the truth is.[86]
Given the receptiveness of courts to treat at least some sources as dubious, it seems probable that they would consider use of dubious Internet sources as circumstantial evidence of recklessness.

IV. How Writers Can Adapt with the Times

A. What Can Be Done to Encourage More Responsibility among Writers?

A judicial revision of the actual malice standard would be a forceful way to crack down on irresponsible journalism stemming from the use of Internet sources, and, as seen above, would likely meet strong resistance due to traditional First Amendment values. Nevertheless, judicial enactment of less dramatic changes might be feasible. Such changes could ensure recognition of the need for greater responsibility when dealing with Internet sources. Likely all journalists can agree that the 24-hour news cycle has increased the frequency of instances in which unverified reports go viral. In the case of informal journalists, greater enforcement of professional standards is highly desirable since they do not have editors to keep them in line. However, how such enforcement would be carried out is unclear. As seen in Obsidian Financial, anyone who can afford a domain name (which can be obtained for an average of eight to ten dollars a year)[87] can buy a mouthpiece to the world. Blogs are even more accessible as they are free on most platforms.[88] Additionally, commenting on message boards and articles published by other news sources is free, though one might have to first register with the website.[89] Admittedly, people who utilize these channels to disseminate information are at the extreme end of the spectrum of types of journalists. They are not usually subject to any editorial scrutiny and despite their lack of affiliation with an established news organization, their words have power and are often the subjects of defamation suits. The New Jersey Supreme Court discussed this phenomenon in Too Much Media:
[S]elf-appointed journalists or entities with little track record … claim the [shield law] privilege require[s] more scrutiny … The popularity of the Internet has resulted in millions of bloggers who have no connection to traditional media. Any of them, as well as anyone with a Facebook account, could try to assert the privilege.[90]
The question is whether traditional defamation standards are enough to encourage professionalism among these writers whose voices are disproportionately loud compared to the legitimacy of their messages. When respected news outlets rely on sources like these, the problem is compounded. One solution would require bloggers and anonymous disseminators of information to show that what they publish has been vetted by others in the form of acknowledgements attached to their pieces. Both Obsidian Financial Group, LLC and John Dougherty’s Reformulating Shield Laws to Protect Digital Journalism in an Evolving Media World, suggest that this vetting process is necessary to encourage accurate reporting.[91] Digital authors could provide proof of editorial oversight in the form of a colleague, co-contributor, or traditional editor, or there could be an area for comments to enable crowd-sourcing.[92] In Wiki Authorship, Social Media, and the Curatorial Audience, Jon Garon encourages the development of citizen journalism and new media, while emphasizing that only those who maintain standards of accuracy, attribution, impartiality, and integrity will survive.[93] Unfortunately, due to lack of resources or the fact that most bloggers work alone and are not sponsored by a larger organization, it may be difficult for informal journalists to provide such assurances of editorial oversight to their readers. Still where possible, bloggers would be well advised to strive for standards of accuracy.

B. Practical Advice to Journalists and Other Writers

What constitutes due diligence when relying on Internet sources? The root of the problem for professional journalists is that the time pressure of the news cycle encourages publishers to be irresponsible, whereas less-established writers simply may not know how to be responsible. Given the growing recognition among courts that what one reads on the Internet should be questioned, all writers, amateur and professional alike, should take note. The level of fact-checking most journalists must adhere to should be above merely republishing Internet sources without any attempt to verify them. An encouraging development in this direction took place in the aftermath of the Boston Marathon bombings on April 15, 2013. Two days after the bombing, CNN reported that authorities had identified and arrested a suspect.[94] The Associated Press followed suit, citing an unnamed law enforcement official.[95] While many other news outlets hurried to republish the material and announce the arrests, some remained skeptical and attempted to verify the reports before getting on the bandwagon. NBC and CBS, citing their own sources, reported that no arrest had been made and held firm to this line despite numerous reports to the contrary.[96] Their refusal to publish unverified news was rewarded when the FBI released a statement that refuted arrest reports and asked for better fact-checking:
Contrary to widespread reporting, there have been no arrests made in connection with the Boston Marathon attack. Over the past day and a half, there have been a number of press reports based on information from unofficial sources that has been inaccurate. Since these stories often have unintended consequences, we ask the media, particularly at this early stage of the investigation, to exercise caution and attempt to verify information through appropriate official channels before reporting.[97]
Based on the case law and trend of unreliability of Internet sources, the following is a list of basic tips to guide journalists and other writers faced with the task of searching for truth on the World Wide Web:
• When evaluating a website’s trustworthiness, do not overlook the name of the site. Obsidianfinancesucks.com, a site that obviously has a strong opinion, should be met with more skepticism than a well-established news organization known for impartial reporting such as nytimes.com. • Check the website for evidence of editorial oversight. A one-man blogging operation should be viewed differently than a site known for the rigor of its editorial process. In the same vein, a Tweet, even by a professional journalist, usually does not undergo a second look from an editor or colleague. • Be aware of a website’s record for accuracy. If a website is known to have frequent slip-ups, it is not wise to take its reporting at face value. • When republishing what other well-respected news organizations have reported, it is advisable to corroborate the facts before putting one’s own imprimatur on the news. NBC’s reluctance to republish news that an arrest had been made in Boston, based on its own sources’ insistence that no arrest had been made, provides a perfect illustration. Furthermore, in the digital age in which we live, accounts and websites of even the most respected institutions can be hacked, allowing for the spread of misinformation.[98] Where possible, it is always preferable to speak with live people to confirm or deny a story or fact, rather than relying solely on an unconfirmed Internet report. • Keep in mind that there are many joke news sites, most of which do not make it obvious that their content is tongue-in-cheek. For example, The Duffel Blog posts satirical content about the U.S. Military, but its name is less recognized than other sites like The Onion.[99] As a result of an article published therein, in the fall of 2012 Senator Mitch McConnell’s office sent a letter to the Pentagon complaining about the Department of Defense offering veterans’ benefits to prisoners at Guantanamo Bay.[100] The Army veteran who created the site told the Wall Street Journal, “Incidents like this only illustrate a serious problem with our education system [.] … Apparently, they aren’t teaching skepticism or critical thinking in some parts of the country anymore.”[101]

Conclusion

While this paper has discussed possible ways to revise the actual malice standard, including imposing additional duties journalists should follow, making it easier to punish journalists is not my intent. Rather, I am striving to convey a cautionary tale for writers who may not fully grasp the dubious nature of many sources of information they encounter each day. To avoid defamation actions, journalists of all stripes, from the New York Times to the solo blogger, should operate under high standards of accuracy. Today, anyone with an Internet connection wields power, thus those who choose to make their voices heard must do so responsibly.
* Kimberly Chow is a 2014 J.D. candidate at NYU School of Law. Her academic and professional interests lie in traditional media law and its intersection with new technologies and forms of expression. She received a B.A. in History from Yale University in 2009. She would like to thank Barton Beebe, Lynn Oberlander, David McCraw, and the JIPEL editorial team for their thoughtful comments and editing.
[1] Edward Wong, Kim Jong-Un Seems to Get a New Title: Heartthrob, N.Y. Times (Nov. 28, 2012), http://www.nytimes.com/2012/11/28/world/asia/chinese-news-site-cites-onion-piece-on-kim-jong-un.html.
[2] See id.
[3] See Kim Jong-Un Named The Onion’s Sexiest Man Alive for 2012, The Onion (Nov. 14, 2012), http://www.theonion.com/articles/kim-jongun-named-the-onions-sexiest-man-alive-for,30379/.
[4] Wong, supra note 1.
[5] New York Times Co. v. Sullivan, 376 U.S. 254, 280 (1964).
[6] See St. Amant v. Thompson, 390 U.S. 727 (1968).
[7] Id. at 732.
[8] See, e.g., Obsidian Fin. Grp., LLC v. Cox, 812 F. Supp. 2d 1220, 1231 (D. Or. 2011) (holding that blog entries posted on an obviously critical website should be viewed with a skeptical eye); Too Much Media, LLC v. Hale, 20 A.3d 364, 379 (2011) (explaining that posts on Internet message boards do not undergo a rigorous editorial oversight process and do not have the credibility of publications that do).
[9] Restatement (Second) of Torts § 559 (1977).
[10] Times v. Sullivan, 376 U.S. at 280.
[11] See Gertz v. Robert Welch, Inc., 418 U.S. 323 (1974).
[12] St. Amant, 390 U.S. at 727, 731.
[13] Id. at 732.
[14] See Harte-Hanks Communications, Inc. v. Connaughton, 491 U.S. 657, 667 (1989).
[15] St. Amant, 390 U.S. at 731.
[16] Gertz, 418 U.S. at 335 n.6.
[17] St. Amant, 390 U.S. at 731.
[18] Bose Corp. v. Consumers Union of U.S., Inc., 466 U.S. 485, 511 (1984).
[19] See Levesque v. Doocy, 560 F.3d 82, 92-93 (1st Cir. 2009).
[20] See Milkovich v. Lorain Journal Co., 497 U.S. 1, 20 (1990).
[21] See Gross v. New York Times Co., 623 N.E.2d 1163, 1168 (N.Y. 1993).
[22] David A. Logan, All Monica, All the Time: The 24-Hour News Cycle and the Proof of Culpability in Libel Actions, 23 U. Ark. Little Rock L. Rev. 201, 205-06 (2000).
[23] See id. at 213.
[24] Lili Levi, A New Model for Media Criticism: Lessons from the Schiavo Coverage, 61 U. Miami L. Rev. 665, 686 (2007).
[25] See id.
[26] Obsidian Fin. Group, LLC v. Cox, 812 F. Supp. 2d 1220, 1223 (D. Or. 2011).
[27] Nicosia v. De Rooy, 72 F. Supp. 2d 1093, 1101 (N.D. Cal. 1999).
[28] Too Much Media, LLC v. Hale, 20 A.3d 364, 379-80 (N.J. 2011).
[29] Krinsky v. Doe 6, 72 Cal. Rptr. 3d 231, 238 (App. Dep’t Super. Ct. 2008).
[30] See Obsidian, 812 F. Supp. 2d at 1232.
[31] See Too Much Media, 20 A.3d at 369-70.
[32] Id. at 238.
[33] The court explained that message boards were too far removed from traditional media outlets to be eligible for shield law protection, in part because writers in those forums were not subject to any editorial scrutiny. See id at 235.
[34] See Gross v. New York Times Co., 623 N.E.2d at 1167-68 (N.Y. 1993).
[35] See Obsidian, 812 F. Supp. 2d at 1230.
[36] Id. at 1232.
[37] Id.
[38] Id. at 1234.
[39] Redmond v. Gawker Media, LLC, No. CGC–11–508414, 2012 WL 3243507 (Cal. App. Dep’t Super. Ct. Aug. 10, 2012) (unpublished decision).
[40] See id.
[41] Id. at *6.
[42] As a side note, I would advocate an examination of Redmond with regard to its treatment of unverified Internet sources as facts. Awarding defendants an automatic out just for pointing readers to other, possibly dubious source material is poor policy that does not encourage fact-checking.
[43] Kim LaCapria, Twitter Sandy Hoaxer May Face Criminal Charges for Spreading False Information, The Inquisitr (Nov. 1, 2012), http://www.inquisitr.com/384679/twitter-sandy-hoaxer-may-face-criminal-charges-for-spreading-false-information.
[44] Mark Duell, Hoaxer, 29, who fooled CNN with false ‘NYSE has flooded’ tweet during Superstorm Sandy is outed as Wall Street Analyst, The Daily Mail Online (Nov. 1, 2012), http://www.dailymail.co.uk/news/article-2226188/Superstorm-Sandy-Twitter-user-fooled-CNN-believing-NYSE-flooded-Wall-Street-analyst-Shashank-Tripathi.html.
[45] See id.
[46] Suzanne Choney, Man Who Made False Tweet about Sandy Apologizes; Could Face Prosecution, http://www.nbcnews.com (Nov. 2, 2012), http://www.nbcnews.com/technology/man-who-made-false-tweet-about-sandy-apologizes-could-face-1C6807076.
[47] Brian Ross, Chris Cuomo, & Richard Esposito, Connecticut Shooter Adam Lanza: ‘Obviously Not Well’, ABC News The Blotter (Dec. 14, 2012), http://abcnews.go.com/WNT/video/conn-shooter-adam-lanza-17979660.
[48] Spencer Ackerman, Internet Identifies, Threatens Wrong Man as Newtown Shooter, WIRED (Dec. 14, 2012), http://www.wired.com/dangerroom/2012/12/newtown-shooter-facebook.
[49] Adam Serwer, How the Press Got It Wrong on the Newtown Shooter, Mother Jones (Dec. 14, 2012), http://www.motherjones.com/mojo/2012/12/ryan-lanza-newtown-shooting-me.
[50] Alyson Shontell, What It Was Like Being Ryan Lanza’s Facebook Friend When The World Thought He Was A Killer, Business Insider (Dec. 17, 2012), http://www.businessinsider.com/what-it-was-like-to-be-ryan-lanzas-facebook-friend-when-the-world-thought-he-was-a-killer-2012-12.
[51] Erik Wemple, CNN Addresses Ryan-Adam Lanza Mis-ID, The Washington Post (Dec. 15, 2012), http://www.washingtonpost.com/blogs/erik-wemple/wp/2012/12/15/cnn-addresses-ryan-adam-lanza-mis-id/.
[52] Id.
[53] Id.
[54] Terrence T. McDonald, Facebook page of Hoboken man identified as Connecticut shooter: ‘It wasn’t me’, NJ.com (Dec. 14, 2012), http://www.nj.com/hudson/index.ssf/2012/12/hoboken_man_identified_by_medi.html.
[55] Jack Mirkinson, Aurora Shooting: ABC’s Brian Ross Incorrectly Suggests Tea Party Link, The Huffington Post (July 10, 2012), http://www.huffingtonpost.com/2012/07/20/brian-ross-tea-party-colorado-shooting_n_1689471.html.
[56] Alex Pappas, Colorado tea partier describes ‘surreal’ day of wrongly being linked to theater massacre, The Daily Caller (July 20, 2012), http://dailycaller.com/2012/07/20/colorado-tea-partier-describes-surreal-day-of-wrongly-being-linked-to-batman-massacre.
[57] Id.
[58] Matthew Mosk, Brian Ross, Pierre Thomas, Richard Esposito, & Megan Chuchmach, Aurora Suspect James Holmes’ Mother: ‘You Have the Right Person’, ABC News The Blotter (July 20, 2012), http://abcnews.go.com/Blotter/aurora-dark-knight-shooting-suspect-identified-james-holmes/story?id=16818889 – .UVc9Jqsjr4g.
[60] Erik Wemple, Aurora shootings: Was Brian Ross’s mistake evidence of bias?, Wash. Post (July 24, 2012), http://www.washingtonpost.com/blogs/erik-wemple/post/aurora-shootings-was-brian-rosss-mistake-evidence-of-bias/2012/07/24/gJQACCu76W_blog.html.
[61] Levesque v. Doocy, 560 F.3d 82 (1st Cir. 2009).
[62] Id. at 84.
[63] Nick Plagman, The Ham Hate Crime, Nick Plagman for Daily Show Intern http://nplagman.myweb.uga.edu/lawsuit.html (last visited Apr. 29, 2013).
[64] Levesque, 560 F.3d at 85.
[65] See Plagman supra note 63.
[66] Levesque, 560 F.3d at 85.
[67] Id.
[68] Id.
[69] Id. at 86.
[70] Id. False light invasion of privacy is a tort that occurs when a non-public figure is portrayed in a misleading way to the public, thereby having his privacy invaded. See generally, Time, Inc. v. Hill, 385 U.S. 374 (1967).
[71] See Levesque, 560 F.3d at 92.
[72] Id. at 90, internal citations omitted.
[73] Id. at 91, internal citations omitted.
[74] See Redmond v. Gawker Media, LLC, No. CGC–11–508414, 2012 WL 3243507 at *1 (Cal. App. Dep’t Super. Ct. Aug. 10, 2012) (unpublished decision).
[75] See Gross v. New York Times Co., 623 N.E.2d at 1167-68 (N.Y. 1993).
[76] See Redmond, 2012 WL 3243507 at *2.
[77] See id. at *6.
[78] See Obsidian Fin. Grp., LLC v. Cox, 812 F. Supp. 2d 1220, 1232-33 (D. Or. 2011)
[79] Journalistically, making clear that a site has a prejudiced opinion may not even be as good as trying to avoid such extremely biased sites altogether if trying to publish a responsible piece.
[80] New York Times Co. v. Sullivan, 376 U.S. 254, 270 (1964).
[81] St. Amant v. Thompson, 390 U.S. 727, 732 (1968).
[82] Pew Research Ctr., Public Evaluations of the News Media: 1985-2009, Press Accuracy Rating Hits Two Decade Low (2009), http://people-press.org/reports/pdf/543.pdf (last visited Apr. 20, 2013).
[83] Foretich v. Am. Broad. Cos., Nos. Civ.A. 93–2620, Civ.A. 94–0037(HHG), 1997 WL 669644, at *8 (D.D.C. Oct. 17, 1997).
[84] St. Amant, 390 U.S. at 732.
[85] Foretich, 1997 WL 669644, at *8.
[86] Bentley v. Bunton, 94 S.W.3d 561, 596 (Tex. 2002).
[87] Martin Zwilling, Get a Domain Name without Bankrupting Your Start-Up, Forbes (Jan. 14, 2013), http://www.forbes.com/sites/martinzwilling/2013/01/14/get-a-domain-name-without-bankrupting-your-startup/.
[88] See, e.g., Tumblr, http://www.tumblr.com (last visited Oct. 16, 2013); WordPress, http://www.wordpress.org (last visited Oct. 16, 2013).
[89] See, e.g., Gawker, www.gawker.com (last visted Oct. 16, 2013).
[90] Too Much Media, LLC v. Hale, 20 A.3d 364, 383 (N.J. 2011) (explaining why courts should give extra scrutiny to non-traditional writers who claim shield law protection).
[91] John J. Dougherty, Comment, Obsidian Financial Group, LLC v. Cox and Reformulating Shield Laws to Protect Digital Journalism in an Evolving Media World, 13 N.C.J.L. & Tech. On. 287, 320 (2012), available at http://ncjolt.org/obsidian-financial-group-llc-v-cox-and-reformulating-shield-laws-to-protects-digital-journalism-in-an-evolving-media-world/.
[92] See id.
[93] Jon M. Garon, Wiki Authorship, Social Media, and the Curatorial Audience, 1 Harv. J. Sports & Ent. L. 95, 137 (2010). As new media experiment with tools for accuracy, such as crowd-sourcing, Garon cautions that traditional media must continue to uphold rigorous fact-checking methods. See id. at 138. As new media experiment with tools for accuracy, such as crowd-sourcing, Garon cautions that traditional media must continue to uphold rigorous fact-checking methods. See id. at 138.
[94] Gary Levin, News outlets retract claim of Boston bomber arrest, USA Today (Apr. 17, 2013), http://www.usatoday.com/story/life/tv/2013/04/17/boston-bomb-ap-cnn-fox-news/2091127/.
[95] Denise Lavoie & Rodrique Ngowi, Correction: Boston Marathon-Explosions Story, The Associated Press (Apr. 18, 2013), http://bigstory.ap.org/article/fbi-appeals-help-solving-marathon-bombings.
[96] See Levin, supra note 95.
[97] No Arrest Made in Bombing Investigation, The Fed. Bureau of Investigation (Apr. 17, 2013), http://www.fbi.gov/boston/press-releases/2013/no-arrest-made-in-bombing-investigation.
[98] See, e.g., Nicole Perlroth & Michael D. Shear, In Hacking, A.P Twitter Feed Sends False Report of Explosions, N.Y. Times (Apr. 23, 2013), http://thecaucus.blogs.nytimes.com/2013/04/23/hacked-a-p-twitter-feed-sends-erroneous-message-about-explosions-at-white-house/.
[99] The Duffel Blog, http://www.duffelblog.com (last visited Apr. 29, 2013).
[100] Dion Nissenbaum, Prank and File: These Military Reports are Out of Line, Wall St. J. (Apr. 21, 2013), http://online.wsj.com/news/articles/SB10001424127887324345804578426881030734960.
[101] Id.

On the Duality of Internet Domain Names: Propertization and Its Discontents

On the Duality of Internet Domain Names: Propertization and Its Discontents
By Frederick M. Abbott* A pdf version of this article may be downloaded here.  

Introduction

There is a great deal of activity taking place in the world of Internet domain names. First, the opening up of the top-level domain name space by the Internet Corporation for Assigned Names and Numbers (ICANN) promises to transform the Internet space by widening the number of available second-level domains, by creating a range of new registrars and registries regulating their own space, and by introducing new and different mechanisms for resolving disputes regarding top-level and second-level domains.[1] Second, security-related developments in the digital environment suggest that the Internet as we have known it may not be with us for much longer.[2] Unless urgent steps are taken to improve security in the digital environment, it seems likely that greater controls will be exercised in the future regarding individual access to the commercial Internet environment.[3] Third, there is no assurance that domain names will retain their importance as a means of identifying locations on the Internet. The pace at which technology in the digital arena has evolved, and the ways in which individuals access content, provide assurance only that the future is uncertain. The gales of creative destruction blow through the digital environment at a pace unknown to most other fields of technology. In this respect, an inquiry into the fundamental nature of the domain name may seem (and may in fact be) a quaint exercise.[4] Nonetheless, to the extent that courts and alternative dispute resolution bodies are called upon to resolve issues concerning ownership and use of domain names — and, for that matter, other types of identifiers of places on the Internet (such as locators in social network environments)—it will be important to understand what those identifiers are. Legal rules regulating sales and transfers of property are different than legal rules regulating contract rights and regulation of behavior under contract. While it is typically inexpensive to register and maintain a domain name, some of these names are created with or develop very substantial financial value.[5] That financial value may be a consequence of a corresponding trademark, but it may also be a consequence of the dictionary meaning and significance of a common term.[6] Putting aside financial value, domain names and related disputes may concern important social interests, implicating rights of speech, expression and fair use.[7] Disputes may involve issues of privacy. In these various spheres of interest, the characterization of the disputing parties’ claims from a legal standpoint may have significant consequences. Specifically, whether such disputes are characterized as disputes concerning ownership of property or disputes regarding contract relationships may influence the outcome. The matter of defining the “domain name” has a substantial history. The Report of the First WIPO Domain Name Process defined domain names as “the human-friendly form of Internet addresses.”[8] This definition is accurate from a functional standpoint. The domain name is an alphanumeric string that is associated with an Internet protocol (IP) address that identifies a particular computer server or other location of data.[9] The domain name is created or selected by a person (the “registrant”) that registers the name with a “registrar” that maintains data regarding the identity and contact information for the registrant. The registrant enters into a contract with the registrar defining the terms of service for maintaining the domain name registration.[10] The registrar transmits data concerning the association of the domain name (or alphanumeric string) to a “registry” that maintains a database of the domain name/IP address associations, and facilitates the technical process through which queries on the Internet are routed to the appropriate server or other location from and to which data may be retrieved and/or stored. When a domain name is initially registered, it is not uncommon for the registrar’s server to act as the location of the registrant on the Internet (e.g., as a “parking page”).[11]

I. The Legal Framework

A. ICANN and the UDRP

Domain names are a global phenomenon, as are domain name disputes.[12] While this paper is focused on the U.S. in that it addresses specific U.S. laws and jurisprudence addressing domain names, the discussion of basic principles may nonetheless be relevant to other jurisdictions. Domain names may be used in the commission of trademark infringement. A domain name may, for example, use the same (or a confusingly similar) alphanumeric string as a trademark. The domain name may be registered by a person other than the trademark owner (and otherwise without the owner’s consent) and direct Internet users (e.g., consumers) to a website where products competing with those covered by the trademark are offered for sale.[13] Such third-party use of a domain name may constitute an act of trademark infringement within the meaning of the Lanham Act (in the United States).[14] The trademark owner may proceed against the accused infringer in a federal district court seeking an injunction and damages.[15] This is not a type of action unique to domain names. Use of a trademark without the consent of the owner (whether in a domain name, on product packaging or on a product, on a television advertisement, etc.) may give rise to an infringement cause of action.[16] In the late 1990s it was apparent that domain names presented a unique set of issues with respect to abusive acts.[17] First, domain names were inexpensive to register, and typically were not subject to screening ex ante for potential conflict with existing trademarks. Only informal procedures with the registration authority (i.e., the combined registrar/registry, Network Solutions) existed by which trademark owners could challenge domain name registrations alleged to be improper. This informal procedure was not effective. A domain name registrant might at a very low cost engage in a financially significant abusive act toward a trademark owner. Yet the remedy for the trademark owner might well involve multiyear litigation in federal or state courts at considerable expense. Second, although registration of a domain name was geography specific,[18] the use (and abuse) of the domain name was theoretically global. A domain name through a registry located in the United States might be used to abuse the rights of a trademark owner in Spain, Japan, or Australia. Because an effective remedy against a registrant engaged in abuse-required action at the registry (i.e. by termination of the link), and because the trademark owner might be located far from the U.S., securing an effective remedy posed serious problems. Some means for addressing abusive domain name registration and use that did not involve the complexities of enforcing foreign judgments in the U.S. was considered necessary. The Internet Corporation for Assigned Names and Numbers (ICANN) addressed these challenges through the adoption of the Uniform Domain Name Dispute Resolution Policy (UDRP) on August 26, 1999. The implementing documents of the UDRP and associated Rules were approved by ICANN on October 24, 1999.[19] ICANN also accredited four dispute resolution service providers, including the WIPO Arbitration and Mediation Center (based in Switzerland) and the National Arbitration Forum (NAF) (based in the U.S.).[20] ICANN rules for registrars require that domain name registrants enter into a service agreement that incorporates the UDRP and subjects domain names to mandatory administrative proceedings conducted by an authorized service provider. Under the UDRP, a complaining party must establish three elements to succeed against a respondent registrant of the disputed domain name: (1) that the complainant has rights in a trademark, and that the disputed domain name is identical or confusingly similar to that trademark; (2) that the respondent does not have rights or legitimate interests in the disputed domain name, and; (3) that the respondent registered and is using the disputed domain name in bad faith.[21] The rules for establishing elements (2) and (3) include nonexhaustive lists of acts that represent ways to address those elements. Disputes under the UDRP are heard by single-member panels appointed by the service provider, or by three-member panels if elected by either the complaining or responding party.[22] A panel may reject a complaint, and even find that it was brought in bad faith (i.e., reverse domain name hijacking). If the panel finds in favor of the complainant, it has only two potential remedial orders. It can direct the registrar to “cancel” the disputed domain name (i.e., deleting the respondent’s registration and making available the domain name to the public). Or, the panel can direct the registrar to “transfer” the disputed domain name to the complaining party.[23] When a domain name is transferred, the transferee-registrant enters into a new service agreement with the registrar (or a different registrar). The UDRP provides a 10-day window following notification of a decision ordering cancellation or transfer of a domain name during which the responding party may initiate an action before a court objecting to the cancellation or transfer by the registrar.[24] Filing by the losing respondent triggers an automatic stay of the cancellation or transfer, pending review by the court.

B. The ACPA

The U.S. Congress also reacted to the problem of abusive domain name registration and use by adoption of the Anticybersquatting Consumer Protection Act (ACPA) in 1999.[25] The ACPA is part of the Lanham Act (the general trademark statute). It generally authorizes causes of action in federal district courts where jurisdiction is found based on ownership of trademark rights, including personal names protectable as trademarks.[26] In addition to in personam jurisdiction, the ACPA allows for establishing jurisdiction in rem against domain names when certain preconditions are met, though in such cases remedies are limited to cancellation or transfer.[27] There are differences in the legal rules between the ACPA and the UDRP. The ACPA perhaps “more expressly” provides that a cause of action may only arise if the defendant registered the disputed domain name after the complaining party had established rights in a trademark.[28] As discussed later, this has been a general rule also adopted by UDRP panelists, but it is not stated in such direct terms as in the ACPA text. The ACPA incorporates a somewhat longer list of actions that might constitute evidence of bad faith than the UDRP, though it is not clear that the ACPA list adds significantly to the potential grounds of bad faith under the UDRP, particularly as the UDRP list of potential evidence of bad faith is non-exhaustive. Like the UDRP, the ACPA incorporates exceptions from findings of liability based on fair use and other protective doctrines.[29] The most important difference between the ACPA and the UDRP concerns remedies. The ACPA authorizes a federal court to order the cancellation or transfer of the domain name in a manner similar to the UDRP.[30] However, under the ACPA a federal court also has the authority to issue an order directed against the person who registered a disputed domain name or names, enjoining them from committing future acts against the plaintiff trademark owner, including registering confusingly similar domain names.[31] The federal court may award damages in favor of the complainant, including statutory damages.[32] While it will almost certainly be more costly and time-consuming to proceed against a third-party domain name registrant in federal court than under the UDRP, the reward from successful prosecution may be more substantial. However, it is useful to bear in mind that winning a money judgment against an abusive domain name registrant and collecting that judgment are different things.[33]

C. ACPA as Recourse from the UDRP

For losing respondents seeking to block the cancellation or transfer of the domain name in the U.S. based on an adverse finding of a UDRP panel, the ACPA establishes the legal basis for doing so.[34] An action may be filed in an appropriate federal district court seeking to enjoin the carrying out of the order of cancellation or transfer. It is a curious feature of the UDRP that a request to block a transfer in the U.S. is governed by the provisions of the ACPA (and, possibly, by the provisions of the Lanham Act as a whole).[35] In practical effect, a decision by a UDRP panel is not reviewed on the basis of application of UDRP rules, but rather on the basis of de novo consideration of the case under the ACPA. Federal courts generally have decided against providing any deference to the decisions of UDRP panels.[36] Moreover, there is nothing that prevents either party (i.e. the domain name registrant challenging a transfer or cancellation order, and the party asserting trademark rights and abuse) from providing new and/or different evidence before the federal court. A complaining party that has been denied relief by a UDRP decision may pursue the same respondent and same domain name before the federal courts under the ACPA. U.S. federal courts have decided that there is no res judicata or collateral estoppel effect of UDRP panel decisions, and have declined to accord deference to those decisions.[37] They have primarily done so on the basis that the UDRP process is designed as an expedited and streamlined process that does not involve the same evidentiary standards as federal court proceedings.[38] As a UDRP panelist, this author has noted that UDRP panels do not enjoy the same control over parties as federal courts, nor do they have judicial enforcement powers similar to those of federal courts.[39] All of this may, in fact, give rise to circumstances in which the same parties in federal court are litigating a different case involving the same domain name than that presented to a UDRP panel.[40] However, it is shortsighted that federal district court judges do not give some degree of deference to UDRP panels. The more frequently selected UDRP panelists are likely to have substantially more experience in assessing trademark-domain name claims than federal and state court trial judges who may hear only a few such cases over a span of years.

II. Domain Names as Intellectual Property

A. The Technical Domain Name Function

A domain name shares characteristics with various forms of intellectual property as traditionally understood, but it does not fall neatly within “traditional” categories. To begin with, a domain name is similar in function to an old-fashioned telephone number. It tells a caller (in this case, the person through a device submitting an Internet query) where to route the call (in this case, to a particular server and/or sub location). A random character string associated with an IP address could perform that function, and simply entering the appropriate IP address in a browser can perform it. But, it would be very difficult for Internet users to remember and enter strings of numbers to find who or what they are looking for, and the domain name is the “human friendly” way of solving the memory and data entry problem.[41]

B. The Domain Name as Identifier

Broadly speaking, domain names fall into a number of different categories as identifiers. Some make use of generic or commonly descriptive terms, e.g., “health,” “drugs,” “travel,” as a means to attract Internet users to sources of information for goods and services that may or may not be associated with a particular supplier/provider. Despite lacking trademark status, these domain names may have a substantial financial value because of the likelihood that Internet users will use these terms, perhaps along with a generic top-level domain (gTLD) such as “.com,” when broadly searching for information and resources.[42] Many domain names incorporate the trademark or service mark of a business. Internet users seeking a business or its products (or services) commonly enter the trademark or service mark along with a gTLD to find the relevant resources, or enter the trademark or service mark in a browser and select the search result incorporating the trademark or service mark of the business.[43] The trademark or service mark of a business may appear in a domain name for reasons other than providing the location for goods and services. Commentators or critics of the business may use it in a legitimate way.[44] Typically with respect to legitimate noncommercial or fair use, the trademark or service mark will be combined with additional terms.[45] A subtype of the trademark-incorporating domain name is the “trade name” incorporating domain name.[46] From a technical IP standpoint, a trademark identifies a good or service that distinguishes one enterprise from another in commerce. A trade name is the name of a business that may or may not have trademark status. A third type of domain name is effectively a random or quasi-random alphanumeric string that does not signal the nature of the web location to which it will route the Internet user. There are a range of reasons why such random or quasi-random alphanumeric strings may be used. “Identifiers” have constituted intellectual property rights (IPRs) subject matter since the inception of commerce.[47] Artisans’ “marks” are as old as the crafting of pottery, whereby the artisan would identify his or her creation on the object. From the standpoint of the modern era, trademarks are subject matter of the Paris Convention on the Protection of Industrial Property of 1883 (and trade names are covered by that agreement).[48] There are other forms of IP that are identifiers, including geographical indications, appellations of origin, and other ways by which agricultural products have been designated. While some forms of intellectual property require a creative element (e.g., patent and copyright), the trademark does not.[49] A trademark must be distinct from other trademarks for identical or similar goods, but it does not need to meet a standard of novelty or originality (although it may not be generic or commonly descriptive).[50]

C. Domain Names as Intellectual Property

The domain name as an identifier may share characteristics with the trademark and trade name, but is it a distinct form of “intellectual property”?[51] To illustrate the question, suppose a person starting a new financial services consulting business registers as a domain name a previously unused alphanumeric string, “1q2r3s.com” and creates a commercial website. The name of the business on the website is “Financial Planning Associates”, and the unique alphanumeric string in the domain name is not identifying the services business on the website. As a unique alphanumeric identifier, is the domain name “1q2r3s.com” a form of intellectual property distinct from a service mark or trade name because its sole function is to direct users to a location on the Internet? Is it intellectual property as such? The U.S. Lanham Act defines “domain name”[52] and provides remedies against its misuse (see discussion of the ACPA supra), but the domain name as such is not accorded specific rights typical of IP. For example, the domain name is not associated with a specific statutory right to exclude third parties from infringing use. Moreover, U.S. statutory law does not include general provisions according protection to “intellectual property” as such, as distinct from the enumerated forms (e.g., patent, copyright, and trademark). A domain name may be a trademark, no doubt (e.g., Amazon.com).[53] To be clear concerning the illustration above, “1q2r3s.com” may well be registered as a trademark (or service mark) to the extent that it is used to identify the services of Financial Planning Associates. But the domain name is not accorded its own unique statutory protection, though it may be protected on application of general unfair competition law. It may (or may not) be that domain names (and other “non-traditional” forms of identifier) should be accorded their own unique forms of protection. But, as a matter of current law, they are not.

D. Trademarks as Property

1. Assignment and Transfer
Legislatures and courts have long treated trademarks as a form of property capable of ownership. But, the transferability of trademark ownership has a complex history, and even today includes ambiguous elements and a divergence between U.S. law and international trademark law. In the United States, it has long been thought that a trademark should not be assigned and transferred without the business with which it is associated.[54] Since the function of a trademark is presumed to be providing consumers with information concerning relevant goods, or protecting trademark owners against misappropriation of their valuable corporate reputation, it is thought a logical corollary that the trademark should not be disassociated from the product purchased by the consumer or the reputation of the business owner. This concept or principle has been embodied in the U.S. both at common law and in Section 10 of the Lanham Act as a rule against “assignments in gross.”[55] A trademark is assignable only with the goodwill of the business with which the mark is used.[56] That being said, the U.S. appears to be acting inconsistently with Article 21 of the WTO TRIPS Agreement by maintaining Section 10 of the Lanham Act. Article 21 provides in relevant part, “the owner of a registered trademark shall have the right to assign the trademark with or without the transfer of the business to which the trademark belongs.” This provision reflects the rule that apparently is most common outside the U.S.,[57] and it is difficult to stretch an interpretative argument that somehow the U.S. requirement to include the goodwill of a business in an assignment does not involve a requirement to transfer the business. There are arguments on each side of the “assignments in gross” discussion. The U.S. position reflects the “world as it should be.” If the trademark sends a signal to the consumer, why should the consumer bear the risk and consequences of new trademark ownership by an unrelated business? The TRIPS international position may better reflect the “world as it is.” Trademarks have largely become commoditized. “Brands” include sports teams emblems more or less randomly placed on consumer goods. Should the law reflect preferred expectations or reality? Fundamentally, trademarks are treated as a form of property that may be sold, assigned and transferred, both in the U.S. and elsewhere. In the U.S., there is a “rider” or condition attached to the property for purposes of assignment and transfer. It must be accompanied by the goodwill of the business.
2. Antidilution
A second element in the propertization or commodification of trademarks is the adoption of “antidilution” legislation and international rules. Article 6b of the Paris Convention provides special protection for “well-known” trademarks, which protection has been supplemented by TRIPS Agreement rules.[58] Domestic U.S. legislation extends rights to owners of famous trademarks to prevent third parties from using the mark on dissimilar goods or services (i.e., blurring) or from disparaging the trademark (i.e., tarnishment).[59] These rules in effect establish a property boundary around the trademark, protecting its owner against a third-party diminishing the value of its trademark asset. This goes beyond protecting the traditional trademark function of informing consumers as to the quality or characteristics of products, and towards protecting the trademark as property of its owner.
3. Intangible Asset Value
The typical business accounting treatment of the trademark is as an intangible asset.[60] That treatment varies depending on the jurisdiction. In the United States, the accounting and tax treatment may depend on whether the trademark was internally developed or purchased.[61] Regardless of the precise accounting treatment, the intangible asset value of trademarks is routinely calculated and reported by business information services, and the value of a brand may reach into the billions of U.S. dollars.[62]

III. Domain Names in the Courts

U.S. courts have expressed different viewpoints on the legal characteristics of domain names. There are principally three lines of reasoning: (1) domain names are a contract right (i.e., established by a service agreement between the registrant and the registrar); (2) domain names are a form of intangible property; and (3) domain names are a form of tangible personal property.

A. Domain Names as Contract Rights

The domain name registrant advises the registrar of the alphanumeric string that it wishes to register. If the domain name is available at the registry, the registrar provides a contract to which the registrant must adhere in order to register the domain name. That registration agreement includes representations and warranties from the registrant, establishes a term of registration, terms for payment, and incorporates the UDRP as a mandatory dispute settlement procedure to which the registrant agrees to be subjected.[63] Typically the domain name registration agreement provides the registrant with the right to renew the registration indefinitely, and includes a grace period provided by the registrar and/or registry in the event that the registrant allows the registration to lapse.[64] The registration agreement provides that the registrar may cancel the domain name registration in the event of a material breach of the agreement. The domain name registrant is permitted by the terms of the typical service agreement, and as mandated by ICANN rules, to transfer its domain name registration between registrars.[65] The registrant’s right in a domain name is established by contract with the registrar. But, the terms are broadly established by ICANN rules governing the registry and the registrar.[66] The registrar does not have a possessory interest in individual domain names registered by third parties.[67] The registrar has limited control over the registrant of the domain name in the sense that it may not cancel the domain name “without cause.”[68] Domain name registration is renewed absent the registrant’s failure to consent to renewal.[69] If a registrar ceases doing business, domain name registrations will survive on the database of the registry, and can be transferred by the registrant to a different registrar.[70] The registrar essentially serves as a database administrator, with a variety of secondary functions. Thus, while there is a reciprocal relationship between a domain name registrant and a registrar, ICANN exercises a superior authority over the relationship by prescribing mandatory rules and supervising the activities of the registrars and registries.[71] The service agreement between the domain name registrant and the registrar establishes a legal “construct” that is at least somewhat unique. The registrant has more than the typical rights of a party to a services agreement because the registrar (and registry) are not free to “breach and pay” through a voluntary election to refuse to provide services in the sense of canceling a domain name registration. Cancellation may only result if the registrant is in breach of the contract.[72] There is limited U.S. case law jurisprudence regarding the nature of domain names either as contractual rights or property. The leading decision supporting characterization of domain names as contract rights is that of the Supreme Court of Virginia in Network Solutions v. Umbro.[73] In this case, the holder of a money judgment sought to garnish a group of domain names registered by the judgment debtor with a view to sale by the sheriff’s office. Network Solutions, the registrar of the domain names, objected to the garnishment on grounds that domain names are the product of a conditional contract for registration services, and are not subject to garnishment and execution. It should be noted that the facts at issue in this case preceded ICANN’s adoption and implementation of rules regulating registration of domain names, and the establishment of the UDRP. The judgment creditor, Umbro, argued that the exclusive right granted to a domain name registrant is intangible property subject to garnishment. The Supreme Court of Virginia said:
Irrespective of how a domain name is classified, we agree with Umbro that a domain name registrant acquires the contractual right to use a unique domain name for a specified period of time. However, that contractual right is inextricably bound to the domain name services that NSI provides. In other words, whatever contractual rights the judgment debtor has in the domain names at issue in this appeal, those rights do not exist separate and apart from NSI’s services that make the domain names operational Internet addresses. Therefore, we conclude that “a domain name registration is the product of a contract for services between the registrar and registrant.” . . . A contract for services is not “a liability” as that term is used in [the enforcement of judgments statute] and hence is not subject to garnishment.[74]
In its decision, the Virginia Supreme Court expressed concern that allowing garnishment of a domain name services contract would open the door to garnishment of practically any services contract (e.g., prepaid services for satellite television) as well as garnishment of corporate names. The Court recognized that somet jurisdictions had allowed jurisdiction over property including telephone numbers that are products of services contracts, but disagreed with those holdings. The court distinguished contract rights for a sum of money due under a contract (which might be garnishable) from a contract for the performance of the service. The Court refused to allow the judgment creditor to “step into the shoes” of the judgment debtor.[75] Two dissenting Justices, including the Chief Justice, wrote, “[b]ecause NSI has received everything required to give the judgment debtor the exclusive right to use the domain names registered, the contractual right, a valuable asset, is the intangible personal property in which the judgment debtor has a possessory interest.” Such intangible personal property, they believed, was subject to garnishment under the relevant statute. It should be noted that because the Virginia Supreme Court rendered its decision prior to establishment by ICANN of rules that largely standardize obligations of domain name registrars and registrants, the Court was not addressing the same type of “regulated contract” to which domain name registrants are subject today. This might have influenced its reasoning about the contingent nature of the services Network Solutions would be performing. A California State appellate court decided in Palacio Del Mar Homeowners Ass’n v. McMahon that “[d] In Palacio Del Mar, the principal rationale of the California Court of Appeal was that domain names should not be considered the equivalent of tangible property, citing with supporting Ninth Circuit precedent, as discussed below, that domain names are “intangible property.” Domain name registration agreements are not by any means the only type of contract that is regulated, and that may not be cancelable absent certain conditions.[77] The situation of domain names is not dissimilar from some other forms of intellectual property, such as the patent. Once a patent is registered with the national patent office, that office may not cancel (for example, invalidate) the patent absent some defect or dereliction on the part of the patent holder. Indeed, the patent only exists because it is granted by the patent office. But, the granted patent is regulated by rules superior to those of the patent office that are established by the national legislature.[78] It is because of these superior rules that the patent is often referred to as a form of property, even though it is only a form of legislated “temporary property” because it is defined by a term of years. It expires. A domain name effectively has an indefinite duration and is durable. This is more characteristic of property than of typical contract rights.[79] In this respect, a domain name might alternatively be considered some form of “legislated property” in that its operational life depends on the train of legislation from the establishment of ICANN through establishment of registries and registrars, and the registrant’s act of requesting registration. But, it remains that the rights and obligations of the domain name registrant are expressly defined by contract with the registrar, and are not a direct product of legislation.

B. Domain Names as Intangible Property

1. Conceptually
A domain name is an alphanumeric string that is electronically encoded to function on and through a computing device connected to a network (and a network of networks). The electronically encoded alphanumeric string that constitutes the domain name ultimately has a physical reality in the sense of being stored as magnetic charges on a disk drive or other electronic storage device, but it is not a human-tangible physical reality. Similarly, the domain name typically appears as an alphanumeric string entered into a web browser address line, but that also is an electronic representation that is not human-tangible, although it is “perceptible.” The domain name might be represented in a tangible medium, such as in plastic signage, but that would be a transformative expression of the functional electronic coding, not the “thing itself.” Although some U.S. courts have differed (see discussion below regarding tangible property), it is reasonable to conclude that the domain name is “intangible” in its primary functional state. Property is traditionally defined as a determinate thing over which ownership and control may be exercised. Because the registrant of a domain name holds the exclusive right to control the use of that specific alphanumeric string (subject to various limitations and exceptions typical of trademark law) the domain name may be characterized as a form of property. Because the domain name is “intangible” and a form of “property,” it seems reasonable to conclude that the domain name is a form of “intangible property,” though not to be conflated with “intellectual property.”[80] As discussed earlier, a domain name may share characteristics with one or more forms of intellectual property (e.g., a trademark or trade name), but not in all cases. In that regard, some domain names may be intellectual property because they share attributes of recognized forms, e.g. the trademark, others not.[81] That, however, is a different question than whether domain names are considered “intellectual property” as a class.
2. Ninth Circuit Precedent
The leading casein which the Ninth Circuit Court of Appeals determined domain names to constitute intangible property, Kremen v. Cohen,[82] is important both because of its basic holding, and also because of the facts that distinguish it from those that today are generally operative with respect to domain names. The case involved a domain name, “sex.com,” registered and subject to fraud in 1994. This was prior to the establishment of ICANN rules regarding activities of registries, registrars and registrants, including ICANN’s rules regarding the contract rights of registrants. The registry, Network Solutions, was accused, inter alia, of breaching an implied contract with the initial registrant and true owner of the subject domain name when it allowed a fraudulent transfer. The Ninth Circuit found that there was no contract or contract right, express or implied, between the registrant and Network Solutions primarily on grounds of lack of consideration.[83] The court went on to consider whether domain names as a class “are a species of property”[84] by applying a three-part test: is a domain name (1) an interest capable of precise definition, (2) capable of exclusive possession or control, and (3) with a legitimate claim to exclusivity? It compared domain names to corporate stock and plots of land, finding they are precisely defined. It found that registrants control the location to which domain names direct Internet users. It determined that registrants have a legitimate claim to exclusivity because the act of registration excludes others from registering the same domain name. In a concise and straightforward manner, the Ninth Circuit found that domain names as a class are intangible property.[85] The Ninth Circuit thereupon rejected a distinction drawn by the lower district court between types of intangible property. In doing so, it conceptually declined to follow a proposal by the Restatement (Second) of Torts § 242 (1965) to differentiate between intangibles “merged” in a document and those that are not. It read the leading California Supreme Court decision and subsequent lower court and federal precedent to reject such a requirement. Nonetheless, the Ninth Circuit said that it did not need to “settle the issue once and for all” in this particular case because, “Assuming arguendo that California retains some vestigial merger requirement [with a document] The Ninth Circuit found that the distributed electronic database (i.e. the Domain Name System, or DNS) that associates domain names with particular computers is “a document (or perhaps more accurately a collection of documents)”, albeit an electronic one.[87] The Court rejected arguments from Network Solutions that because DNS records may be stored in more than one place, the DNS is not a document, and that the DNS is not a document because it is refreshed every twelve hours.[88] The Court held that Network Solutions should be open to liability for the tort of conversion of intangible property because it gave away the rightful owner’s domain name, whether or not it did so negligently (saying “the common law does not stand idle while people give away the property of others”[89]). In a subsequent case, Office Depot v. Zuccarini, the Ninth Circuit affirmed that domain names are intangible property under California law, subject to a writ of execution, for purposes of establishing quasi in rem jurisdiction over property as a predicate to having it used to satisfy a money judgment. The Court determined that for purposes of asserting quasi in rem jurisdiction domain names are located where the registry is located as well as (in self-acknowledged dictum) where the relevant registrar is located. In other words, domain names can be seized and executed against as intangible property for the purpose of satisfying a money judgment.[90]

C. Domain Names as Tangible Property

At least one US court has characterized domain names as “tangible property”. It did so on the theory that domain names can be perceived by the senses and access to them can be restricted by passwords and other security measures. The case in question, In re Paige, was in federal bankruptcy court, and involved a complex dispute over ownership of registration of a valuable domain name, <freecreditscore.com>, contested as to forming part of a Chapter 7 bankruptcy estate.[91] The allegation of the trustee in bankruptcy was that a party claiming adverse ownership had unlawfully converted the domain name from its true owner who was the subject of the bankruptcy. In a lengthy factual finding the court determined that the bankrupt party owned the domain name, and prepared to consider whether certain defendants had unlawfully converted the asset. Before doing so, it needed to determine whether a domain name is property capable of conversion. The court rejected the contract right approach of the Virginia Supreme Court in Umbro,[92] because that court applied Virginia state law, and the bankruptcy court was obligated to apply Utah law. For similar reasons, the bankruptcy court rejected reliance on Kremen because the Ninth Circuit had applied California law, and because it accepted that Utah would not follow Kremen, though in fact the state courts of Utah had not reached that question or made such a decision. Instead, the bankruptcy court followed the reasoning of a federal court case applying Utah law, Margae, Inc. v. Clear Link Techs., LLC, that considered conversion of webpages and other intellectual property (not domain names).[93] The Margae court relied on precedent from the Utah Supreme Court addressing the characteristics of computer software that it held to be “tangible personal property” for purposes of applying a state sales tax.[94] The bankruptcy court in In re Paige concluded:
Based on the reasoning in Margae, which the Court elects to follow, the Court determines that like web pages and software, domain names can be perceived by the senses and access to them can be physically restricted by the use of passwords and other security measures. In fact, the reason that the Plaintiffs cannot access the Domain Name at this point is because [the defendant] has “locked out” or physically restricted their access by changing the username and password. Moreover, unlike a mere idea that can only be stored in a person’s mind, domain names can and do have a physical presence on a computer drive. Accordingly, the Court concludes that like web pages and software, the Domain Name at issue is a type of tangible property that is capable of conversion.[95]
On the question of perception by the senses, if this court was correct, then “light” would presumably constitute “tangible” property because it is perceived by the senses. It is hard to accept the idea that because something can be perceived (e.g., a movie on a screen) it is therefore tangible. The fact that access to an electronically encoded alphanumeric string can be restricted by a password or other security device may be a factor in characterizing the domain name as “property,” but that does not make it “tangible.” Access to an online science database may be restricted by a password, but that does not make it physical or tangible property.[96] It may be that courts are somewhat more reluctant to treat “intangible property” as assets that can be blocked, transferred, restricted, etc. because of concerns about whether such intangible assets are capable of “possession” and “control.” Additionally, it may be that certain statutes address personal property in a way that might seem to exclude intangible property.[97] But, if these concerns are present, it may be preferable to revise the way the rules are framed than to attempt to characterize something that is electronic and cannot be touched by a human as “tangible.” “Perceivable” and “tangible” are different concepts.[98]

IV. A Dual Nature

Based on the foregoing analysis, it may be suggested that domain names have a dual or two-fold nature. They are contract rights created on the basis of a regulated contract between the registrant and registrar, and of indefinite duration pursuant to that contract (contingent on the payment of renewal fees). They are also intangible property insofar as the registrant may exercise a right to exclude others from using the same domain name, and may control use of the domain name. They are not, however, tangible, and are not tangible personal property.[99] In their two-fold nature, domain names seem to be relatively unique. Typical “intellectual property” is not a creation of contract. Trademarks are registered by a trademark office, but their use is governed legislatively, and not by a contract between the trademark office and the trademark owner. Unregistered trademarks may arise on the basis of use, and be recognized by judicial authorities, but they are not creations of contract. Trade names may arise on the basis of use, and also may be registered with local authorities. But, trade names are not created or regulated by a contract. Much the same is true for patents. Patents are granted by a patent office, and registered with that office. Patents are the subject of extensive legislation. But, they are also not created by contract (though they are subject to payment of renewal fees). As discussed earlier, domain names share characteristics with forms of intellectual property, and might constitute their own type or class.[100] But that is not something yet accorded by statute. And, since U.S. law does not provide a general catch-all form of intellectual property protection, it would be premature to suggest that the courts use the concept of “intellectual property” as something distinct from contract rights and intangible property. Because domain names overlap with trademarks and trade names, careful consideration would need to be accorded to defining this new form of IP. Bearing that in mind, the introduction by ICANN of open registration of top-level identifiers may accelerate interest in establishing a new form of protection. Given the level of investments being made in new domain name rollouts, the entities relying on those domain names may consider that the additional layer of protection would be useful.

V. Undervaluing the Dual Nature

A. Propertization Standing Alone

We have observed that domain names are reasonably characterized as both contract rights and intangible property. Yet, a recent line of decisions in the Ninth Circuit Court of Appeals cast doubt as to whether federal courts are prepared acknowledge this dual nature. There is a nascent trend to treat domain names as intangible property subject to the ordinary rules of personal property, but without taking into account the “contract model” (to use the terminology of the WIPO Second Report) under which domain names are registered and regulated. Under the emerging jurisprudence, the domain name “owner” of the property is entitled to sell or transfer the property to a third-party along with accrued rights. The purchaser takes the property along with the accrued rights that may insulate it from third-party claims. The fact that the purchaser enters into a new contractual arrangement with the registrar is not taken into account despite the fact that the purchaser makes representations and warranties as part of its contract with the registrar that might otherwise preclude it from asserting rights previously acquired by the seller.
1. GoPets v. Hise
The first decision by a federal appellate court to explicitly adopt the characterization of a domain name as intangible property in order to protect the transferee of a domain name is GoPets v. Hise, 657 F.3d 1024 (9th Cir. 2011).[101] Although the express characterization by the Ninth Circuit was novel, the result in in the case was consistent with customary administrative panel practice under the UDRP, and for this reason the decision may not have attracted significant attention. In GoPets, the initial domain name registration was undertaken prior to the acquisition of trademark rights by the complaining party that sought a finding of abusive domain name registration and use, first before a UDRP panel.[102] The UDRP panelist, consistent with long-standing precedent on this issue, decided that the initial registration could not have been undertaken in bad faith within the meaning of Paragraph 4(b) of the UDRP because the initial registrant/respondent could not have intended to abuse trademark rights that did not exist at the time of registration.[103] Subsequently, the initial registrant transferred the disputed domain name to a related party/family member.[104] By that time, the complaining party had established trademark rights. The complaining party sought relief in the federal courts under the ACPA, arguing that the related-party transfer constituted a “new registration” within the meaning of the ACPA so that the prior rights of the initial domain name registrant were extinguished.[105] Again consistent with the preponderance of UDRP panel practice, the Ninth Circuit decided that the related party transfer undertaken by the initial domain name registrant did not constitute a new registration within the meaning of the ACPA.[106] UDRP panelists have generally not regarded related party transfers as new registrations because there are a substantial number of good faith business reasons why holders of registrations may want to transfer registration to a related entity, and depriving the domain name owner of its pre-existing registration rights in such circumstances ordinarily would be unfair.[107] To illustrate, imagine that an individual in 2003 registered the domain name “facebook.com” and was using that to host a high school yearbook website. The Facebook social media website of 2013 did not exist in 2003, and there was no service mark associated with it. The social media company registered FACEBOOK at the USPTO in 2010. Under long-standing UDRP panel practice, the social media company could not successfully pursue a claim for abusive domain name registration and use against the individual 2003 registrant of “facebook.com” because the initial registrant could not have undertaken its registration in bad faith when no adverse trademark rights existed. It is now 2013. Imagine that the individual registrant from 2003 has formed a limited liability company (LLC) through which to operate his/her high school yearbook website. The domain name registration from 2003 is transferred into the name of the LLC, but nothing about the high school yearbook website changes. Should this now allow the Facebook social media company to successfully pursue a claim for abusive domain name registration and use? The answer from UDRP panelists generally has been “no.” From the standpoint of UDRP precedent, there was nothing about the result reached by the Ninth Circuit in GoPets out of line with the way the case would ordinarily have been decided under the UDRP. However, the express reasoning of the Court raised an issue. The Ninth Circuit said:
[T]he text of § 1125(d)(1) considered in isolation does not answer the question whether “registration” includes re-registration. Looking at ACPA in light of traditional property law, however, we conclude that Congress meant “registration” to refer only to the initial registration. It is undisputed that Edward Hise could have retained all of his rights to gopets.com indefinitely if he had maintained the registration of the domain name in his own name. We see no basis in ACPA to conclude that a right that belongs to an initial registrant of a currently registered domain name is lost when that name is transferred to another owner. The general rule is that a property owner may sell all of the rights he holds in property. GoPets Ltd.’s proposed rule would make rights to many domain names effectively inalienable, whether the alienation is by gift, inheritance, sale, or other form of transfer. Nothing in the text or structure of the statute indicates that Congress intended that rights in domain names should be inalienable. We therefore hold that Digital Overture’s re-registration of gopets.com was not a registration within the meaning of § 1125(d)(1). Because Edward Hise registered gopets.com in 1999, long before GoPets Ltd. registered its service mark, Digital Overture’s re-registration and continued ownership of gopets.com does not violate § 1125(d)(1).[108]
Recall that the facts of GoPets involved a related party transfer. The Ninth Circuit did not allude to this factor in the reasoning quoted above. It plainly stated that domain names constitute property, subject to traditional property law, and that the rights of domain name owners are “alienable” or transferable.[109] While the Court noted that it was engaged in statutory interpretation of the ACPA, it did not provide further guidance as to how the property characteristic of domain names might influence results in contexts different than the related party transaction undertaken in GoPets.
2. AIRFX.com v. AirFX LLC
While the decision of the Ninth Circuit in GoPets mirrored the result that would in all likelihood have been reached by a UDRP panel, a subsequent federal district court decision from Arizona applied the language of GoPets in a different, yet foreseeable, factual context where the results would likely (and did) differ. AIRFX.com v. AirFX LLC involved the purchase of a domain name by a party unrelated to the initial registrant.[110] The initial registration took place prior to the complaining party’s establishment of trademark rights, but the purchase and reregistration by an unrelated party took place after the establishment of trademark rights.[111] In holding that the purchaser/transferee could not have registered the domain name in bad faith under the ACPA, the Arizona District Court said:
Defendant argues that GoPets is distinguishable, because in GoPets Hise transferred the domain name to an entity he co-owned, and here Lurie purchased airfx.com from an unrelated third party. According to defendant, the purpose of the ACPA will be undermined if a cybersquatter who purchases a domain name in bad faith is immune from liability simply because the domain name he purchased existed before a mark was distinctive. Nothing in the language of GoPets indicates that it should be read as narrowly as defendant suggests. GoPets did not distinguish between transfers of a domain name to related parties and other kinds of domain name transfers. To the contrary, GoPets broadly reasoned that if an original owner’s rights associated with a domain name were lost upon transfer to “another owner,” the rights to many domain names would become “effectively inalienable,” a result the intention of which was not reflected in either the structure or the text of the ACPA. Id. at *4 [citation omitted].
The District Court went on to hold that the issue whether the domain name holder registered in bad faith was determined at the time of the initial registration by an unrelated third party when the complaining party had not yet established trademark rights.[112] In AirFX.com the District Court departed from general UDRP panel practice that has treated the acquisition of a domain name by a party unrelated to the previous registrant as a new registration within the meaning of the UDRP. The circumstances existing at the time of that new registration govern whether the new holder has undertaken the registration in bad faith.[113] UDRP panels have not generally treated domain names as freely alienable property carrying the pre-existing interests of prior registrants through to unrelated transferees. Following the reasoning of the Arizona District Court, derived from seemingly unambiguous language of the Ninth Circuit, might result in a significant change to panel practice under the UDRP, unless there is some difference between the ACPA and UDRP that would provide a basis for distinguishing the way the same terms should be interpreted.

B. WIPO Panelists React

WIPO panels have addressed the holding in GoPets regarding the meaning of “registration” and unrelated transferees. The first such decision preceded the AIRFX.com District Court decision: Twitter, Inc. v. Geigo, Inc, WIPO Case No. D2011-1210. The second post-dated AIRFX.com: Diet Center Worldwide, Inc. v. Jason Akatiff, WIPO Case No. D2012-1609.[114] Employing very similar reasoning, these panels rejected the GoPets approach, finding that transfers between unrelated parties constitute new registrations. Both panels relied on the contractual relationship between the domain name registrant-transferee and the registrar, and the representations made at the time of modification of registrant data or registrar change. In the decision post-dating AirFX.com, this author (sitting as sole panelist) said:
As other UDRP panels have also done in cases such as Twitter, Inc. v. Geigo, Inc, WIPO Case No. D2011-1210, this Panel will continue to follow the general approach of WIPO UDRP panelists and consider that the transfer of a domain name to an unrelated third party constitutes a new registration for purposes of assessing bad faith. Although the Panel recognizes that domain names have attributes of intangible property, the rights of the domain name registration holder are contractual in nature and subject to the terms and conditions of a registration agreement.[115] When an unrelated third party changes registrant data and/or re-registers with a new registrar, that party is accepting representations and warranties under the registration agreement as of the date of the change.[116] These effectively include that the new registration is being undertaken in good faith (see paragraph 2 of the Policy). With the greatest deference owed to the national courts,[117] this Panel observes that the Ninth Circuit Court of Appeals decision in GoPets v. Hise was interpreting the ACPA, not the Policy. The precise holding addressed the situation of related party transfers and in that regard was consistent with general WIPO UDRP panel practice under the Policy. The language used by the Ninth Circuit can also be read more broadly, as the Arizona District Court did in AIRFX.com v. AirFx LLC. But, again, that court was interpreting the ACPA. Given the significant differences in the legislative history and the language of the ACPA and the Policy, this Panel is not inclined to extrapolate from the apparent ACPA-related development in the Ninth Circuit, noting that there is at least some disagreement among the Circuits regarding interpretation of the term “registration” as it is used in the ACPA.[118] While administrative panels under the Policy tend to look to the law of the country of the parties when they are within the same country, the Policy is a set of rules that operates within its own unique context.[119] The UDRP incorporates generally accepted principles of trademark law, without representing a linear application, to the extent that this would even be possible in its international setting. For example, in order to provide safeguards for registrants, a UDRP transfer requires bad faith on behalf of the registrant, going in this respect beyond conventional trademark law. In this connection, the Panel further notes the mutual jurisdiction provisions which enable party recourse to national courts. The Panel observes that it will assess the bad faith element as of the time Respondent by its own account acquired the disputed domain name . . . . [Footnotes renumbered from original]

C. The ACPA and the UDRP

1. Bad Faith
Both under the ACPA, and under the UDRP as predominantly interpreted by panelists, a finding of bad faith registration is predicated on the existence of a conflicting or adverse trademark at the time of domain name registration.[120] The statutory language of the ACPA clearly establishes this predicate (and it has been confirmed by court decision).[121] UDRP panelists have applied the logic that a domain name registrant cannot act in bad faith by taking unfair advantage of trademark rights that do not exist.[122] There is a perhaps subtle distinction between ACPA jurisprudence and the prevalent UDRP panel approach regarding post-registration evidence of bad faith. Under the ACPA, if the predicate of a pre-existing conflicting trademark is met, the court may determine that the domain name was registered and used in bad faith based on conduct subsequent to registration.[123] From the perspective of most UDRP panelists, on the other hand, while the prior existence of trademark rights is a predicate to finding bad faith, it is not the end of the inquiry with respect to bad faith which must exist at the time of domain name registration. Additional factors concerning the intent of the registrant remain to be assessed under Paragraph 4(b) as of the time of registration. For example, if on registration a domain name registrant commences operation of a legitimate web-based business, but later on engages in conduct that might appear to take unfair advantage of a trademark owner, the subsequent conduct is generally not the basis for a finding of bad faith registration and use. Bad faith “registration” entails bad faith at the time of registration.[124] The distinction between ACPA jurisprudence and UDRP panelist jurisprudence on this timing issue is referred to as “perhaps-subtle” because there are contexts under the UDRP in which after-the-fact conduct can be used as evidence of intent at the time of registration. The language of paragraph 4(b) of the UDRP suggests that. But, there are limits to how far after-the-fact conduct can be stretched to determine intent at the time of registration. A link back to the initial registration is needed.[125] To be clear, however, under both the ACPA and UDRP there must be a conflicting trademark in existence at the time of registration for bad faith to be found.[126]
2. A Class of Insulated Domain Names
The combined holdings of GoPets and AirFX.com create a perpetually protected set of domain names under the ACPA. A domain name initially registered or created when no conflicting trademark rights were in existence can never be successfully claimed against because neither a related or unrelated party transfer triggers a reassessment of the conditions of registration, while a pre-existing trademark is an express condition to a finding of bad faith. On its face, direct transposition of the GoPets and AirFX.com decisions into UDRP jurisprudence—removing unrelated party transfers from treatment as new registrations—likewise would create a class of “insulated” domain names that were initially registered prior to the acquisition of trademark rights by third parties. Because bad faith under the UDRP requires that a trademark be in existence at the time of registration, and because the rights acquired by the initial registrant would be freely transferable, a domain name initially created prior to the establishment of the trademark could never be successfully attacked. They would, as under the ACPA, be “alienable without limit.”[127] The decision by the Ninth Circuit in GoPets did not flow from any express statutory requirement. The court was interpreting an otherwise undefined term in the ACPA, that is, “registration” (as used in the phrase “at the time of registration”). It decided that the term “registration” was addressed to the initial or creation registration of a domain name, and not to a subsequent registration by an unrelated transferee because of the transferor’s property interest in the domain name. That interpretative approach did not take into account the contract accepted upon acquisition of the domain name by the transferee, which contract incorporates a proviso that the transferee not registering the domain name in bad faith. Other than articulating an interest in an apparent supra-sanctity of property rights, the Ninth Circuit did not explain why the new registrant/transferee of a domain name that conflicts with an existing trademark and evidences other bad faith elements should be subject to different contractual treatment than the “creation” registrant. It appears that under the Ninth Circuit’s rationale, the owner of a domain name registration that has risen in value because a third party has developed trademark rights in the same or a substantially similar term is encouraged to take advantage of that newly established trademark-based value through sale of the domain name. It can be argued that no enterprise starting a business and developing a valuable trademark should do so without first securing the corresponding domain name, and that an enterprise that does so should be subject to paying whatever the market dictates to acquire the domain name after-the-fact. And, it may be that the Ninth Circuit was engaged in a conscious exercise in risk allocation, adjudging the enterprise developing a new trademark in a better position to assess its own domain name-related situation than the holder of the creation registration. The Ninth Circuit may have intended to send a message that no one should develop a business name or trademark without having first secured the relevant Internet address. The value to the creation-owner of the domain name in such circumstance may well be serendipitous. It may just have happened to register a term or string that someone later developed into a valuable brand. Just as likely, the registered term (i.e. domain name) may be held by a firm that registers domain names speculatively in the expectation that some percentage of those names will eventually acquire a value as a consequence of the development of third-party trademark rights. The Ninth Circuit approach in GoPets (as applied by the District Court in AirFX.com) encourages the speculative registration business model by immunizing transfers of previously created domain names from scrutiny.[128] If transposed to the UDRP, because domain names created prior to the existence of trademark rights may never be attacked as abusive, transferees would never be subject to comparatively fast and efficient dispute settlement proceedings. Only traditional trademark infringement proceedings would remain in the trademark owner’s arsenal, but typically at substantial expense. Because the registration of a domain name is typically very inexpensive (in the range of US$10 or less), the Ninth Circuit’s reason for elevating the interests of the creation registrant over that of the subsequent trademark owner is not clear. If the creation-owner and the transferee are engaged in a good-faith enterprise, and this has value, it should be protected under the UDRP (as well as under the ACPA) at the time of the new registration (as discussed below). The creation-owner may lose the serendipitous benefit of a sale and transfer to a transferee without legitimate interests in the domain name, or that is acting in bad faith, but it is not apparent why such benefit should be superior to the interests of the owner of a newly developed trademark.

VI. Treating Unrelated Transfers as New Registrations

A. Related Party Transfers

As discussed earlier, UDRP panels have so far distinguished transfers between related parties (as in GoPets) and unrelated parties (as in AirFX.com). UDRP panelist practice can be analogized to the U.S. rule requiring that assignments and transfers of trademarks be accompanied by the goodwill of the business. In the U.S., if a trademark is assigned and transferred for corporate organization purposes (e.g., for beneficial tax treatment or change in corporate form), the nature of the underlying business is not changed. Goods or services, for example, continue to be provided with the same quality. A company that has owned and developed rights in a trademark or brand over the course of 50 years does not give up the strength of the brand (such as is gained, for example, by filing of a certificate of incontestability) merely because of the intra-firm transfer. It seemed logical to extend this general principle to domain names. UDRP panels have presumed that transfers between related parties involve a continuity of ownership that entitles the registrant to maintain its rights and financial position, and have been unwilling to penalize domain name registrants because of a mere change in form. Some exceptions from this general rule have been recognized when a related party transfer had been viewed as a bad faith transaction. However, related party transfers are not the only circumstances where the rights of the domain name registration owner/seller and purchaser/transferee should be protected.

B. New Registration and Contract

1. A New Assessment
The courts in GoPets and AirFX.com assessed the rights of domain name registrants and transferees as if their relationship was governed solely on the basis of property rights. However, the better approach both under the ACPA and UDRP may be to accept that domain names have a two-fold or dual character. They have attributes of intangible property, yet the rights of the domain name registration holder also are contractual in nature and subject to the terms and conditions of a registration agreement. When an unrelated third party changes registrant data and/or re-registers with a new registrar, that party is accepting representations and warranties under the registration agreement as of the date of the change. These effectively include that the new registration is being undertaken in good faith.[129] Assume that the transferor initially registered the disputed domain name when there was no adverse trademark, and thus had been insulated from a finding of abusive domain name registration and use. If the unrelated transferee acquires the domain name when there is an existing adverse trademark, under the ACPA and UDRP it would have met the predicate or but for condition for a finding of bad faith. However, the fact that there is an existing adverse trademark does not mean that the unrelated purchaser/transferee is engaging an abusive domain name registration and use. Although the assessment criteria under the ACPA and UDRP may be somewhat different, the complaining party/trademark owner must still demonstrate—in terminology of the UDRP—that the new registrant lacks rights or legitimate interests in the disputed domain name, and has otherwise registered the domain name in bad faith. The brief discussion of the assessment criteria that follows is based on the terms of the UDRP and administrative panel precedent, but the statutory assessment criteria used to determine bad faith under the ACPA are substantially similar.
2. Rights or Legitimate Interests
The fact of a trademark owner’s rights in a mark, and that the disputed domain name is identical or confusingly similar to the trademark, is the beginning of the analysis—not the end. Most of the more important decisions under the UDRP from a jurisprudential standpoint address whether the complained-against domain name registrant has rights or legitimate interests (or has registered and used in bad faith, which may involve similar factors). In focusing on the alienability of domain names, the Ninth Circuit appears to be expressing concern over the risk that legitimate owners of domain names will be deprived of rights in property without adequate justification. But, paragraph 4(c) of the UDRP is intended to give domain name registration owners, and transferees of domain names, opportunity to defend their right to ownership. It places the burden of establishing lack of rights or legitimate interests on the complaining party.[130] Similarly, four of the nine factors used to assess bad faith intent under the ACPA are directed toward establishing the legitimate interests of the domain name registrant, and there is a general defense for registering based upon reasonable belief regarding lawfulness.[131] Up until now, there has not been significant issue within UDRP jurisprudence arising from an inability of third-party transferees of domain names initially registered prior to existence of trademark rights to establish rights in the transferred domain names. This is probably because transferees with legitimate interests in those domain names have been able to establish that before the panels. But, it may be that administrative panelists need to be particularly watchful in cases of such transfers, especially when the transferee is acquiring some type of ongoing enterprise that has a substantial commercial value.

C. The Sale and Purchase of a Business

While there is a market for domain names “standing alone”, a valuable domain name may well be so because it is associated with a successful ongoing business. The domain name registration owner may have established that business when there was no “adverse trademark,” and the business may be insulated against a claim of abusive registration and use under either the ACPA or the UDRP because of the initial domain name registration date. This paper has suggested that the good or bad faith of an unrelated domain name purchaser/transferee should be tested at the time of purchase and reregistration. But, might not such a general rule have an unduly harsh effect on the initial registrant owner of the website business identified by that domain name? Would an unrelated third party purchaser be able to purchase the business, including the domain name, without being subject to a finding of abusive domain name registration and use? If there was an ongoing business associated with the complained-against domain name that predated the acquisition by the trademark owner of its trademark rights, the purchaser of that ongoing business may be determined to have a legitimate interest in the domain name because of the continuity of the business. This would seem to depend on the characteristics or facts of individual cases, but some possible general cases might be anticipated. For example, it may be that the initial registrant/transferor of the disputed domain name commenced its business (but did not register its domain name) before the “newer” trademark owner secured rights in the trademark (such as by registering with the USPTO).[132] In such case, the registrant/transferor of an ongoing business (and domain name) would likely have a priority right under traditional trademark law principles to continue using its domain name because it was using the relevant term earlier than the trademark owner. The disputed domain name registrant should be able to establish its rights or legitimate interests under paragraph 4(c)(i) and/or (ii) of the UDRP. Under the ACPA, there is a similar assessment factor as in UDRP paragraph 4(c)(i), which should yield a comparable result. In such circumstances, the subsequent transfer of the domain name to a new business owner should not affect the rights or legitimate interests in the domain name since, inter alia, the business has been commonly known by the domain name and/or there has been a prior good-faith offering of goods or services. If the initial domain name registrant-transferor establishes an online business subsequent to the acquisition by the trademark owner of rights (such as evidenced by registration), the issues with respect to a third-party transferee of the domain name may be more contestable. Traditional trademark infringement analysis may again factor in. An analysis of rights or legitimate interests may turn on whether the initial domain name registrant/transferor is operating in the same class or line of business as the trademark owner, and might assess evidence regarding whether the initial registrant/transferor was aware of the trademark owner when it began to operate its online business. If the initial registrant-transferor and the transferee are in different national jurisdictions than the trademark owner, this might well influence an assessment of the extent of knowledge (and intent). It is important to note that the individual factors listed in paragraph 4(c) of the UDRP as potentially establishing rights or legitimate interests are expressly non-exhaustive. A panel may consider whatever evidence or factors it considers appropriate to jurisprudential analysis of the rights or legitimate interests of a third-party transferee of a disputed domain name. A panel may determine that the issues are sufficiently close that the complaining party has not carried its burden of persuasion, and that a federal court may be a more appropriate forum for a full domain name/trademark infringement proceeding, with more extensive submissions of evidence, testimony, etc.[133]

D. Other Rights or Legitimate Interests

Rights or legitimate interests are not limited to ongoing commercial enterprises. A domain name may be used for fair use or legitimate noncommercial purposes and not be subjected to a finding of abusive domain name registration and use under the UDRP or ACPA. Should interest in such use be transferable to unrelated parties? The answer to this question is likely to be quite fact specific. An unrelated purchaser/transferee may present evidence of intention to continue a legitimate use. As a practical matter, the same elements that would establish a defense prior to a transfer are likely to be relevant after the transfer. Under the UDRP, since the complaining party bears the burden of proof to demonstrate that the domain name registrant lacks rights or legitimate interests, this should not place an undue burden on unrelated purchaser-transferees. Under the ACPA, there is a general defense of reasonable good faith belief in fair or other lawful use. Conversely, an unrelated purchaser/transferee that is unable to demonstrate rights or legitimate interests should not have grounds for retaining a domain name that is subject to an adverse trademark right.

E. The ACPA Revisited

The suggestion of this author is fairly modest: that when the Ninth Circuit has the opportunity to revisit the definition of “registration” within the meaning of the ACPA that it limit the holding of GoPets to the factual context in which it was adopted. That is, the Ninth Circuit might maintain the interpretation of “registration” that excludes related party transfers (as per the facts of GoPets), but clarify that unrelated party transfers of domain names (and the accompanying transferee provision of new registrant information and acceptance of the registration agreement) are within the definition of “registration”. Indeed, the author is encouraging the Ninth Circuit to bring its jurisprudence into line with that so far developed by UDRP panels, and naturally does so with deference to the place of the Ninth Circuit in the U.S. jurisprudential hierarchy. Yet it is only the “philosophical language” in GoPets that has given rise to the apparent conflict in jurisprudence (as per AirFX.com). A different formulation limited to related party transferees would have achieved the same result. At least one commentator has suggested to amend the ACPA so as to expressly define “registration” and to broaden the category of domain name transfers that are treated as new registrations.[134] Opening up a broad statutory scheme for a minor change not infrequently serves as a prelude to a larger scale exercise in legislative revision. The law of unintended consequences is always at work. This article is not encouraging amendment of the ACPA for purposes of addressing what is a comparatively modest issue. Perhaps more important, the ACPA is invoked much less frequently than the UDRP. UDRP panelists are not obligated to follow jurisprudential developments under the ACPA, or to take into account the language of the ACPA. As a practical matter, UDRP panelists can maintain their current practice more or less irrespective of how jurisprudence in the Ninth Circuit develops. The UDRP is not explicitly tied to any national jurisdiction, and less to any particular Court of Appeals of the United States. Nonetheless, UDRP panelists pay attention to such jurisprudence, and there are good reasons to seek an approximation of the rules, if for no other reason than to provide more legal certainty to domain name registrants.

VII. The Continuing Role of Trademark Law

It must be emphasized that trademark law, e.g., the Lanham Act in the U.S., continues to apply to potential abuse of domain names.[135] A domain name may infringe a trademark, and a website incorporating a domain name may infringe a trademark, whether or not the domain name was acquired in good faith or bad, and whether the domain name owner or its predecessor at some time in the past had rights or legitimate interests in that domain name. A domain name owner may escape an order of transfer or cancellation under the UDRP, or a finding of abusive conduct under the ACPA, yet still face a claim for trademark infringement on grounds outside those found in these two legal mechanisms. In that regard, one should not over-emphasize the role of the UDRP and ACPA. Trademark owners can protect their valuable identifiers—assuming they have legitimate causes of action—against infringers more or less irrespective of the “container” in which the infringing item is placed.

VIII. The Wider Picture

At the outset of this article, the author observed that an inquiry into the “fundamental nature” of the domain name may be a quaint exercise. Yet there are “real world” circumstances in which it is important to determine whether a domain name is “property” that can be freely assigned and transferred or is a contract right subject to the conditions established by a chain leading from ICANN. There is a third option suggested by this article, that domain names are both. They are a form of intangible property that is created by and subject to contract. As intangible property, they may be subject to security interests, considered assets in bankruptcy, and generally assigned and transferred. But being also contract rights, they are subject to certain conditions when acquired by new (unrelated) owners. They should not be acquired in bad faith. They may legitimately be acquired as part of an ongoing business in order to protect the interests of the seller built up in that business, even in the presence of an adverse trademark if the initial registrant/seller had been operating legitimately and in good faith. It is difficult to foresee all of the circumstances in which the legal characterization of domain names will be important. Given the different contexts in which the UDRP and ACPA were adopted, and in which they are implemented, it should be expected that jurisprudential conflicts will from time to time arise and require attention. This article calls attention to one such conflict and proposes to resolve it through recognition that the legal character of the domain name need not be limited to a single class of subject matter. This characterization might become more important as ICANN’s rollout of new top-level domains begins to transform the domain name space.
* Edward Ball Eminent Scholar Professor of International Law, Florida State University College of Law. The author regularly serves as an administrative panelist in proceedings under the Uniform Domain Name Dispute Resolution Policy for the WIPO Arbitration and Mediation Center. The author notes with appreciation the research assistance of Ms. Sabina Kania, a JD candidate at FSU College of Law. A presentation regarding the subject matter of this article was made and discussed at the Annual Meeting of WIPO Domain Name Panelists in October 2012 (Geneva), and the author has benefited from discussion with members of the WIPO Arbitration and Mediation Center Secretariat, including Erik Wilbers (Director) and David Roache-Turner (formerly Head, Internet Dispute Resolution Center). This article, however, expresses solely the personal views of its author.
[1] See Benefits and Risks of Operating a New GTLD, ICANN: New Generic Top-Level Domains, http://newgtlds.icann.org/en/about/benefits-risks (last visited Jan. 28, 2013). The author of this article as sole panel expert recently rendered one of the first decisions under ICANN’s New gTLD Dispute Resolution Procedure for Existing Legal Rights Objections. See Express, LLC v. Sea Sunset, LLC, WIPO Case No. LRO2013-0022 (<.express>).
[2] See, e.g., Bernard R. Horovitz,Blunting the Cyber Threat to Business; Hackers target firms world-wide, yet insurance policies rarely cover the damage, Wall St. J. (Jan. 9, 2013), http://online.wsj.com/article/SB10001424127887323374504578220052106443158.html; Nicole Perlroth, Attacks on 6 Banks Frustrate Customers, N.Y. Times, Sept. 30, 2012, at B1, available at http://www.nytimes.com/2012/10/01/business/cyberattacks-on-6-american-banks-frustrate-customers.html.
[3] See, e.g., Ryan Abbott, Big Data and Pharmacovigilance: Using Health Information Exchanges to Revolutionize Drug Safety, 99 Iowa L. Rev. (forthcoming 2013) (manuscript at 8-9, 37), available at http://ssrn.com/abstract=2246217(discussing security and privacy issues that might arise in connection with an initiative that uses health information exchanges to inform a pharmacovigilance system).
[4] Previous consideration of the legal character of domain names and related rights can be found in Daniel Hancock, Note, You Can Have It, But Can You Hold It?: Treating Domain Names As Tangible Property, 99 Ky. L.J. 185 (2010-11); Sean Price, Case Note, A Reasonable Rendition of Registration: GoPets v. Hise, Schmidheiny v. Weber, and Congressional Intent, 22 DePaul J. Art Tech. & Intell. Prop. L. 449 (2012); Ned Snow, The Constitutional Failing of the Anticybersquatting Act, 41 Willamette L. Rev. 1 (2005).
[5] See, e.g., List of most expensive domain names, Wikipedia, http://en.wikipedia.org/wiki/List_of_most_expensive_domain_names (last visited Sept. 21, 2013). The Wikipedia list includes a number of domain names sold for over U.S. $10 million. Id. However, Wikipedia’s list, unlike Business Insiders’ list, may include the sale of websites with other business assets or goodwill that extend beyond the sole value of the domain name. Alyson Shontell, The 25 Most Expensive Domain Names of All Time, Business Insider (Dec. 23, 2012, 8:03 AM), http://www.businessinsider.com/the-20-most-expensive-domain-names-2012-12?op=1.
[6] Both the Wikipedia list and Business Insider list are dominated by common terms, including “sex.com,” “toys.com,” clothes.com,” “investing.com,” and “insure.com.” Wikipedia, supra note 5; Shontell, supra note 5.
[7] See discussion and references in Frederick Abbott, Thomas Cottier & Francis Gurry, International Intellectual Property in an Integrated World Economy, 457-76 (2d ed. 2011).
[8] World Intellectual Property Organization [WIPO], [hereinafter WIPO First Report]; accord id. ¶ 4 (“A domain name is the human‑friendly address of a computer that is usually in a form that is easy to remember or to identify, such as www.wipo.int.”).
[9] Id.; see also Office Depot Inc. v. Zuccarini, 596 F.3d 696, 698-99 (9th Cir. 2010); Hancock, supra note 4, at 187-90; Price, supra note 4, at 451.
[10] The WIPO Second Report refers to the integrated registration system flowing from ICANN to the registrant as the “ICANN Contractual Model”. See World Intellectual Property Organization [WIPO][hereinafter WIPO Second Report].
[11] For additional details regarding registrant-registrar-registry relations, see, e.g., Office Depot, 596 F.3d at 699; Price, supra note 4, at 451.
[12] The transnational character of the domain name system played a significant role in motivating development of ICANN management and related dispute settlement rules. See WIPO First Report, supra note 8, ¶¶ 14-21.
[13] Trademark rights may be based on registration or they may be unregistered/common-law rights.
[14] 15 U.S.C. § 1125(c) (2006).
[15] 15 U.S.C. § 1114(2)(D)(iv-v) (2006).
[16] Id. § 1114(1) (2006). Of course, there are many potential defenses to infringement, including fair use defenses.
[17] For a discussion of the historical background of domain names and the issues that arise, see WIPO First Report, supra note 8, ¶¶ 1-25.
[18] In the late 1990s, exclusively within the U.S.
[19] See Internet Corp. for Assigned Names & Nos. (ICANN), Uniform Domain Name Dispute Resolution Policy (Oct. 24, 2009), http://www.icann.org/en/help/dndr/udrp/policy (last visited Feb. 1, 2013) [hereinafter UDRP], ¶¶ 8-12 (discussing adoption of UDRP and Rules by ICANN).
[20] Id. ¶ 10. The initial group of approved dispute settlement service providers included e-Resolution and CPR Institute for Dispute Resolution. e-Resolution no longer exists, and the CPR Institute no longer provides UDRP dispute resolution services.
[21] UDRP, supra note 19 ¶ 4(a).
[22] Internet Corp. for Assigned Names & Nos. (ICANN), Rules for Uniform Domain Name Dispute Resolution Policy, ¶ 3(b)(iv) (Oct. 24, 2009), http://www.icann.org/en/help/dndr/udrp/rules (last visited Feb. 1, 2013) [hereinafter Rules for UDRP]. For three-member panels, each party selects a panelist (from an approved roster), and the parties attempt to agree upon the third panelist (in default of which, the service provider selects that panelist). A prospective panelist submits a declaration regarding potential conflict of interest prior to appointment. Once appointed, the panel receives a file that includes the complaint, response, incorporated evidence, and the chain of correspondence by all parties with the service provider. The appointed panelist has fairly broad discretion to seek additional information from the parties. Absent some special circumstance, the panel is expected to transmit its decision to the service provider within 14 calendar days. Id. ¶ 15(b).
[23] UDRP, supra note 19, ¶ 4(i).
[24] UDRP, supra note 19, ¶ 4(k).
[25] Anticybersquatting Consumer Protection Act, Pub. L. No. 106-113, 113 Stat. 1501A-445-552(1999) (codified at 15 U.S.C. § 1125(d) and 15 U.S.C. § 8131) [hereinafter ACPA], at 189-90; Price, supra note 4, at 455.
[26] 15 U.S.C. § 1125(d)(1)(A)(ii) (“A person shall be liable in a civil action by the owner of a mark, including a personal name which is protected as a mark under this section . . . . ”).
[27] Id. § 1125(d)(2).
[28] The ACPA, insofar as it protects trademarks, limits actions to those where the claimant had trademark rights at the time the disputed domain name was registered. 15 U.S.C. § 1125(d)(1)(A)(ii) limits actions against domain name registrants to those: “(I) in the case of a mark that is distinctive at the time of registration of the domain name, is identical or confusingly similar to that mark; (II) in the case of a famous mark that is famous at the time of registration of the domain name, is identical or confusingly similar to or dilutive of that mark . . . . ” (emphasis added). The UDRP requires that a disputed domain name has been “registered and used in bad faith”. UDRP, supra note 21, ¶ 4(a). The preponderance of panelists (supported by the legislative history of the UDRP) have concluded that registration in bad faith can only be found where trademark rights exist for the complaining party. See WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Second Edition (“WIPO Overview 2.0”), “Consensus view: Generally speaking, although a trademark can form a basis for a UDRP action under the first element irrespective of its date [see further paragraph 1.4 above], when a domain name is registered by the respondent before the complainant’s relied-upon trademark right is shown to have been first established (whether on a registered or unregistered basis), the registration of the domain name would not have been in bad faith because the registrant could not have contemplated the complainant’s then non-existent right.” WIPO Overview 2.0, para. 3.1. See further discussion of the timing/sequencing issue under the ACPA and UDRP infra.
[29] 15 U.S.C. § 1125(d)(1)(B) provides that “(ii) Bad faith intent described under subparagraph (A) shall not be found in any case in which the court determines that the person believed and had reasonable grounds to believe that the use of the domain name was a fair use or otherwise lawful.” Also, four of the nine factors that the ACPA prescribes for assessing bad faith intent of the domain name registrant are similar to factors that the UDRP uses to assess rights or legitimate interests in a disputed domain name. Compare 15 U.S.C. §1125(d)(1)(B)(i)(III-IV), with UDRP, supra note 21, ¶ 4(c).
[30] 15 U.S.C. § 1125(d)(1)(C).
[31] Id. §§ 1125(d)(3), 1116(a).
[32] Id. § 1117(a), (d).
[33] See, e.g., Office Depot Inc. v. Zuccarini, 596 F.3d 696 (9th Cir. 2010).
[34] A petition to the U.S. courts seeking an injunction to prevent an order of transfer by a UDRP panelist is governed by the ACPA. 15 U.S.C. §1114(2)(D)(v); see Barcelona.com, Inc. v. Excelentisimo Ayuntamiento de Barcelona, 330 F.3d 617 (4th Cir. 2003). The ACPA (and perhaps the Lanham Act as whole) is applied to determine whether the transfer should be allowed or blocked. Compare id., with Storey v. Cello Holdings, L.L.C., 347 F.3d 370(2d Cir. 2003). Thus, in effect, the enforceability of UDRP decisions depends on interpretation of the ACPA.
[35] The Federal Circuits have divided on that latter extension.
[36] See, e.g., Barcelona.com, 330 F.3d at 626 (“[a]ny decision made by a panel under the UDRP is no more than an agreed-upon administration that is not given any deference under the ACPA.”).
[37] E.g., Barcelona.com, 330 F.3d at 626 (UDRP panel decision was relevant only insofar as it enabled plaintiff to file an action under the ACPA); Storey, 347 F.3d at 378, 380-82 (2d Cir. 2003) (stating that “an administrative proceeding does not preclude the registrant from vindicating his rights under the ACPA or trademark law in court.”).
[38] See, e.g., Storey, 347 F.3d at 382-83. Cf. Sallen v. Corinthians Licenciamentos LTDA, 273 F.3d 14, 28 (1st Cir. 2001) (recognizing the overlap of the UDRP and ACPA).
[39] See Diet Center Worldwide, Inc. v. Jason Akatiff, WIPO Case No. D2012-1609, n.13. Other references have taken place in the context of termination orders based on contemporaneous federal court proceedings.
[40] A complainant may lose a case under the UDRP because it has failed to adequately substantiate its claim, and may initiate a federal court proceeding in order to rectify its prior failure. Compare Super-Krete Int’l, Inc. v. Concrete Solutions, Inc., WIPO Case No. D2008-1333, with Super-Krete Int’l, Inc. v. Sadleir, 712 F. Supp. 2d 1023 (C.D. Cal. 2010). In the UDRP proceeding, the complaining party argued (and lost) on the basis of common-law trademark rights, presenting no evidence to support such rights. The plaintiff thereafter provided evidence of pre-existing trademark registrations to the federal court, and succeeded. The district court did not take note of the difference between the case pleaded by the complaining party in the UDRP proceeding and the case presented to the federal court.
[41] It is a wonder, perhaps, that in the “old days” individuals were expected to remember 20 or so seven-digit telephone numbers to contact their family, friends, and business relations.
[42] See supra note 5.
[43] See 1 J. Thomas McCarthy, McCarthy on Trademarks and Unfair Competition § 7:17.50 (4th ed. 2013) (“In the same way that businesses sometimes desire to have a prestige business address, businesses want a prestige address in cyberspace that corresponds to the trade name of the company or to a company trademark.”).
[44] See, e.g., Pfizer Inc v. Van Robichaux, WIPO Case No. D2003-0399, <lipitor-info.com>; Sutherland Inst. v. Continuative L.L.C., WIPO Case No. D2009-0693, <sutherlandinstitute.com>.
[45] See discussion of relationship between domain names incorporating trademark alone, and domain names using trademark in combination with other terms, inToyota Motor Sales, U.S.A. v. Tabari,610 F.3d 1171 (9th Cir. 2010).
[46] See Abbott, Cottier & Gurry, supra note 7, at 342.For discussion of trade names under the TRIPS Agreement, see Appellate Body Report, United States — Section 211 Omnibus Appropriations Act of 1998, ¶¶ 333–41, WT/DS176/AB/R (Jan. 2, 2002).
[47] McCarthy, supra note 43, § 5:1 (describing the early origins of trade symbols).
[48] Paris Convention for the Protection of Industrial Property, Mar. 20, 1883, 21 U.S.T. 1583, 828 U.N.T.S. 305.
[49] See Abbott, Cottier & Gurry, supra note 7, at 318.
[50] As discussed below, there are forms of intangible property that protect compilations of commercial information — database protection (e.g., in the European Union) and protection of undisclosed information in the form of regulatory data on pharmaceutical and agricultural chemical products (per Article 39.3 of the TRIPS Agreement) —that fall outside traditional notions of intellectual property.
[51] See McCarthy, supra note 43, § 7.17.50 (“Out of the millions of domain names, probably only a small percentage also play the role of a trademark or service mark.”).
[52] 15 U.S.C. §1127 states: “[t]he term “domain name” means any alphanumeric designation which is registered with or assigned by any domain name registrar, domain name registry, or other domain name registration authority as part of an electronic address on the Internet.”
[53] See, e.g., AMAZON.COM, Registration No. 2078496.
[54] See generally, McCarthy, supra note 43, §§ 18:1–:11. A related discussion concerning licensing of trademarks is discussed in K Mart Corp. v. Cartier, Inc., 486 U.S. 281, 313–15 (1988).
[55] 15 U.S.C. § 1060(a)(1)–(5) (2006) provides, inter alia, “[a] registered mark or a mark for which an application to register has been filed shall be assignable with the good will of the business in which the mark is used, or with that part of the good will of the business connected with the use of and symbolized by the mark.” See McCarthy, supra note 43, at § 18:2.
[56] Although there may be some hints at a move away from strict application of this rule in the U.S., it appears still to represent good law. McCarthy, supra note 43, § 18:10. McCarthy does not condone this as a mechanism for circumventing the anti-assignments-in-gross rule, but notes that goodwill“denotes only an intangible and ineffable concept: A concept which lies in the eye of the beholder.” Because “goodwill” is a fairly flexible concept, the rule may not have great practical effect on transactions that realistically are assignments in gross. A recital of “associated goodwill” as part of transferring a trademark asset may be sufficient to satisfy most purposes.
[57] Id.
[58] See generally Abbott, Cottier & Gurry, supra note 7, at 363-70, 375-78.
[59] See 15 U.S.C. § 1125(c) (2006); see also Nabisco, Inc. v. PF Brands, Inc., 191 F.3d 208 (2d Cir. 1999).
[60] See McCarthy, supra note 43, at § 2:19 (“In this sense, good will can be defined as the intangible value of a business beyond the value of its physical assets.”).
[61] See, e.g., Donald E. Kieso, Jerry J. Weygandt & Terry D. Warfield, Intermediate Accounting, 664-719 (14th ed. 2012).
[62] Manish Modi, Coca-Cola Retains Title as World’s Most Valuable Brand, Bloomberg (Oct. 2, 2012, 11:57 PM), http://www.bloomberg.com/news/2012-10-03/coca-cola-retains-title-as-world-s-most-valuable-brand-table-.html (based on Interbrand’s Best Global Brands 2012 report).
[63] See, e.g., Go Daddy Domain Registration Agreement, GoDaddy, http://www.godaddy.com/Agreements/ShowDoc.aspx?pageid=reg_sa (last revised Aug. 27, 2013).
[64] Id.
[65] See Policy on Transfer of Registrations between Registrars, ICANN, http://www.icann.org/en/resources/registrars/transfers/policy (effective June 1, 2012).
[66] See WIPO Second Report, supra note 10, regarding the ICANN Contractual Model; see also Register.com, Inc. v. Verio, Inc., 356 F.3d 393, 395–96 (2d Cir. 2004) (discussing relationship between registrar and ICANN).
[67] Registrar Accreditation Agreement, ICANN ¶ 3.5, http://www.icann.org/en/resources/registrars/raa/ra-agreement-21may09-en.htm#3 (last updated Aug. 2, 2012) (registrar expressly disclaiming all rights to exclusive ownership or use of registered names and associated IP addresses).
[68] Id. ¶¶ 3.7.5.1–.7 (placing detailed renewal limitations and notification requirements on the registrar).
[69] Id. In any case, the domain name registration is effectively of indefinite and continuing duration because domain name registrants may transfer domain names between registrars in the event that registrars do not wish to continue renewal of a particular registration.
[70] The registrar is not the owner of registration of a domain name, but rather an intermediary service provider. See id. ¶ 3.5. The Registrar Accreditation Agreement requires that registrars have in place procedures for transferring domain names to other registrars in the event of a suspension or termination of operations. Id. ¶ 4.2.8–.9.
[71] Id. ¶¶ 2–3.
[72] See Registrant Rights and Responsibilities Under the 2009 Registrar Accreditation Agreement, ICANN, http://www.icann.org/en/resources/registrars/registrant-rights-responsibilities (last visited Feb. 1, 2013) (the “right for the Registrar to cancel the registration . . . is not absolute.”). By way of illustration, the provision for termination in the GoDaddy.com domain name registration agreement provides as follows:
7. SUSPENSION OF SERVICES; BREACH OF AGREEMENT You agree that, in addition to other events set forth in this Agreement: i. Your ability to use any of the services provided by Go Daddy is subject to cancellation or suspension in the event there is an unresolved breach of this Agreement and/or suspension or cancellation is required by any policy now in effect or adopted later by ICANN; ii. Your registration of any domain names shall be subject to suspension, cancellation or transfer pursuant to any ICANN adopted specification or policy, or pursuant to any Go Daddy procedure not inconsistent with an ICANN adopted specification or policy (a) to correct mistakes by Go Daddy or the registry operator in registering any domain name; or (b) for the resolution of disputes concerning any domain name. “You agree that your failure to comply completely with the terms and conditions of this Agreement and any Go Daddy rule or policy may be considered by Go Daddy to be a material breach of this Agreement and Go Daddy may provide you with notice of such breach either in writing or electronically (i.e. email). In the event you do not provide Go Daddy with material evidence that you have not breached your obligations to Go Daddy within ten (10) business days, Go Daddy may terminate its relationship with you and take any remedial action available to Go Daddy under the applicable laws. Such remedial action may be implemented without notice to you and may include, but is not limited to, cancelling the registration of any of your domain names and discontinuing any services provided by Go Daddy to you. No fees will be refunded to you should your Services be cancelled or terminated because of a breach. Go Daddy’s failure to act upon or notify you of any event, which may constitute a breach, shall not relieve you from or excuse you of the fact that you have committed a breach.”
Go Daddy Domain Registration Agreement, GoDaddy, http://www.godaddy.com/agreements/showdoc.aspx?pageid=REG_SA (last revised Aug. 27, 2013).
[73] Network Solutions, Inc. v. Umbro Int’l, Inc., 529 S.E.2d 80 (Va. 2000). See also Hancock, supra note 4, at 191–94.
[74] Network Solutions, 529 S.E.2d at 86 (quoting Dorer v. Arel, 60 F. Supp. 2d 558, 561 (E.D. Va. 1999)).
[75] See Hancock, supra note 4, at 191-94 (arguing that the majority opinion inNetwork Solutions v. Umbro is often misread for the proposition that a domain name cannot be a property right). It is correct that the court did not expressly reject the proposition that a domain name may constitute property (intangible or otherwise). But, the court refused to treat the domain name as a liability within the meaning of the garnishment and execution statute because the domain name was “inextricably bound” to a contingent services contract with the registrar.
[76] Palacio Del Mar Homeowners Ass’n v. McMahon, 95 Cal. Rptr. 3d 445, 449 (Ct. App. 2009) (footnote omitted) (quoting Network Solutions, 529 S.E.2d at 86). See also In re Forchion, 130 Cal. Rptr. 3d 690, 709-10 (Cal. Ct. App. 2011) (“Regardless of whether a domain name is a registrant’s property or merely the product of a services contract . . . . ”).
[77] For example, many utility contracts between suppliers of goods and services, on one side, and consumers on the other, may not be canceled by the provider absent some specified type of default by the consumer. See, e.g., Consumer Protection, Maryland Office of People’s Counsel, http://www.opc.state.md.us/ConsumerCorner/ConsumerProtection.aspx (“Maryland law permits non-regulated competitive companies to offer electricity and gas supply services to residential customers in Maryland. These companies must receive a license from the [Maryland Public Service Commission], and must follow the Commission’s rules on marketing and solicitation, non-discrimination, contracts and termination of service.”) (emphasis added). This is because utilities (e.g., electricity suppliers) often provide essential services for which there are no alternatives available in a particular area.
[78] Within parameters defined by international intellectual property rules.
[79] Black’s Law Dictionary 1335–36 (9th ed. 2009) (defining property as “1. The right to possess, use, and enjoy a determinate thing (either a tract of land or a chattel); the right of ownership <the institution of private property is protected from undue governmental interference>. — Also termed bundle of rights. 2. Any external thing over which the rights of possession, use, and enjoyment are exercised <the airport is city property>.”).
[80] There are many things that are “intangible property,” but not “intellectual property.” For example, the electronic records of a hospital are “intangible” and a determinate thing over which the hospital may exercise control (i.e., property), but generally lack the characteristic of the established forms of intellectual property (e.g., as recognized in the WTO TRIPS Agreement). World Trade Organization Agreement on Trade-Related Aspects of Intellectual Property Rights, arts. 15-39. While the European Union has created a system of rights in favor of database owners, these rights are not generally considered “intellectual property.” Similarly, an electronic wire transfer instruction of a bank is intangible, and is a determinate thing over which the bank exercises control, but it is not “intellectual property.”
[81] See Int’l Bancorp, L.L.C. v. Societe des Baines de Mer et du Cercle des Etrangers a Monaco, 192 F. Supp. 2d 467, 488-89 (E.D. Va. 2002) (discussing whether trademark infringement by a domain name is an injury to property), aff’d on other grounds, 329 F.3d 359 (4th Cir. 2003).
[82] Kremen v. Cohen, 337 F. 3d 1024 (9th Cir. 2003).See also Hancock, supra note 4, at 194-96.
[83] Registration was free at the relevant time.
[84] Kremen, 337 F.3d at 1030 n.5.
[85] Id. at 1030.
[86] Id. at 1033.
[87] Id. at 1033-34.
[88] Id. at 1034-35. Hancock argues against characterization of domain names as intangible property largely because of some apparent inconsistency among U.S. states regarding whether the Restatement’s merger requirement allows such treatment.Hancock, supra note 4, at 197. The decision cited by Hancock to substantiate this concern is a 2007 District Court decision from the Northern District of Texas indicating that Texas conversion law concerns only physical property, and would apparently not extend to intangible domain names. Emke v. Compana, L.L.C., No. 3:06-CV-1416-L, 2007 WL 2781661 (N.D. Tex. Sept. 25, 2007). More recently, see Entm’t Merch. Tech., L.L.C. v. Houchin, 720 F. Supp. 2d 792, 799 (N.D. Tex. 2010) (holding that no cause of action arises under Texas law for conversion of intellectual property rights). A similar conversion statute problem leads the court in In re Paige, 413 B.R. 882 (Bankr. D. Utah 2009), discussed infra 91, to characterize domain names as tangible property. In In re Paige the bankruptcy court based its refusal to characterize domain names as intangible property on grounds that a prior federal district court decision considered that the Utah Supreme Court would follow the Restatement approach and reject the flexible document merger approach of the Ninth Circuit in Kremen v. Cohen (not that the Utah Supreme Court had actually done that). See Margae, Inc. v. Clear Link Techs., LLC, 620 F. Supp. 2d 1284, 1286-88 (D. Utah 2009). But even if some states have yet to recognize the importance of various forms of intangible property to modern commerce, this does not argue in favor of re-characterizing modern commerce to fit the mold of the steamboat era. The law of the State of New York appears to be evolving toward recognition of intangibles as the subjects of conversion. See generally Mark A. Berman & Aaron Zerykler, Can ‘Intangible’ Electronic ‘Property’ Be ‘Converted’ in NY?, N.Y. L.J. (Apr. 26, 2006), http://www.newyorklawjournal.com/PubArticleNY.jsp?id=900005452214.
[89] Kremen, 337 F.3d at 1036.
[90] In Office Depot v. Zuccarini, 596 F.3d 696, 701-02 (9th Cir. 2010), the Ninth Circuit acknowledged that the California Court of Appeal in Palacio Del Mar Homeowners Ass’n v. McMahon, 95 Cal. Rptr. 3d 445 (Ct. App. 2009), had decided that domain names were not property subject to a turnover order because they cannot be taken into custody, but observed that the California Court had cited Kremen with approval, and had made its decision on the basis of a specific interpretation of language in the California Civil Procedure Code. The California Court of Appeals in Palacio Del Mar reasoned that the relevant California Code provision:
[L]imitsitself to tangible property that can be “levied upon by taking it into custody” (or tangible, “documentary evidence of title” to property or a debt). . . . Domain name registration supplies the intangible “contractual right to use a unique domain name for a specified period of time.” . . . Even if this right constitutes property, it cannot be “taken into custody.”
Palacio, 95 Cal. Rptr. 3d at 448-49 (citations omitted). In this regard, the California Court of Appeals appeared to set a limit on the extent to which the database referred to by the Kremen court constituted a document for purposes of serving as a proxy for property. Presumably, the electronic database is not sufficiently tangible to be taken into custody.
[91] In re Paige, 413 B.R. 882 (Bankr. D. Utah 2009).
[92] Network Solutions, Inc. v. Umbro Int’l, Inc., 529 S.E.2d 80 (Va. 2000), discussed in supra text accompanying note 73.
[93] Margae, Inc. v. Clear Link Techs., LLC, 620 F. Supp. 2d 1284 (D. Utah 2009).
[94] Id. at 1288 (citation omitted).
[95] Paige, 413 B.R. at 918.
[96] Hancock, supra note 4, at 200-02, highlights the distinctions between domain names and websites to argue that the district court in In re Paige should have concluded that websites would meet the Restatement merger requirement as a collection of electronic documents, but that domain names do not meet the merger requirement because they are only data points on the DNS database.
[97] See supra note 90.
[98] The author is aware of science-fiction works, in particular those of Philip K. Dick (see, e.g., Valis (1981)), suggesting that there is no definable separation between intangible data, electronic or otherwise, and human biological material, but is reluctant to transpose this philosophical construct to the legal sphere.
[99] Hancock, supra note 4, at 202-09, acknowledges that treating domain names as tangible property is problematic from a conceptual standpoint, but argues that it makes better sense to treat them as such because it would facilitate legal actions based on ownership of property, such as conversion actions. In other words, because legislatures and courts in some jurisdictions refuse to acknowledge that intangible property is subject to conversion rules, they should be characterized as tangible property, something they clearly are not.
[100] See, e.g.,Ryan Abbott, Treating the Health Care Crisis: Complementary and Alternative Medicine for PPACA, 14 DePaul J. Health Care L. 35, 73 (2012) (discussing sui generis regimes for protecting unique IP subject matter).
[101] For a more detailed discussion of the case history, see Price, supra note 4, at 461-67.
[102] GoPets v. Hise, 657 F.3d 1024, 1027 (9th Cir. 2011).
[103] The Ninth Circuit decision in GoPets followed a WIPO panel decision, GoPets Ltd. v. Edward Hise, WIPO Case No. D2006-0636, that rejected the complaint based on respondent registration prior to complainant acquisition of trademark rights, although prior to related party transfer. The panelist in that decision quoted the first WIPO Overview of WIPO Panel Views on Selected UDRP Questions that stated “The UDRP makes no specific reference to the date of which the owner of the trade or service mark acquired rights. However, it can be difficult to prove that the domain name was registered in bad faith as it is difficult to show that the domain name was registered with a future trade mark in mind.”As the Ninth Circuit noted: “. . . the arbitrator held that WIPO rules only compel the transfer of a disputed domain name if the name was initially registered in bad faith. Since Edward Hise had registered gopets.com five years before GoPets Ltd. was founded, gopets.com was not registered in bad faith.” GoPets v. Hise, 657 F.3d 1024, 1028. See also Digital Overture Inc. v. Chris Bradfield, WIPO Case No. D2008-0091.
[104] GoPets, 657 F.3d at 1028.
[105] Id. at 1030.
[106] Id. at 1032.
[107] Transfers between related entities are generally not considered “new registration,” see, e.g., Schweizerische Bundesbahnen SBB v. Gerrie Villon, WIPO Case No. D2009-1426, absent some exceptional circumstance demonstrating that the related-party transfer was itself undertaken for bad faith purposes. See, e.g., Intelligen LLC v. Converg Media LLC, WIPO Case No. D2010-0246. The WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Second Edition (“WIPO Overview 2.0”), http://www.wipo.int/amc/en/domains/search/overview2.0/, states:
Panels have tended to the view that formal changes in registration data are not necessarily deemed to constitute a new registration where evidence clearly establishes an unbroken chain of underlying ownership by a single entity or within a genuine conglomerate, and it is clear that any change in WhoIs registrant data is not being made to conceal an underlying owner’s identity for the purpose of frustrating assessment of liability in relation to registration or use of the domain name.
WIPO Overview 2.0, para. 3.7.
[108] GoPets v. Hise, 657 F.3d 1024, 1031-32 (9th Cir. 2011).
[109] Neither GoPets v. Hise on the definition of “registration,” nor Kremen v. Cohen on domain names as “intangible property,” are the uniform law of the United States. For example, in Schmidheiny v. Weber, 319 F.3d 581 (3d Cir. 2003), the Court of Appeals for the Third Circuit held that registration under a new contract at a different registrar to a different registrant constituted a new registration under the ACPA:
[W]e conclude that the language of the statute does not limit the word “registration” to the narrow concept of “creation registration.” . . . We hold that the word “registration” includes a new contract at a different registrar and to a different registrant. . . . To conclude otherwise would permit the domain names of living persons to be sold and purchased without the living persons’ consent, ad infinitum, so long as the name was first registered before the effective date of the Act. We do not believe that this is the correct construction of the Anti-cybersquatting Act.
Schmideiny, 319 F.3d at 583 (citations omitted). Note, however, that (as discussed and distinguished by the Ninth Circuit in GoPets) the decision in Schmidheiny v. Weber (1) addressed a claim under the living persons names provisions of the ACPA, (2) the domain name at issue had been registered before the effective date of the ACPA, and (3) this otherwise insulated it under those provisions. Unlike the trademark protective provisions of the ACPA, living person‘s name protection is not predicated on a pre-existing trademark. Had the disputed domain name in Schmidheiny v. Weber been registered after the effective date of the ACPA, it would have been subject to liability as abusive irrespective of whether a subsequent transfer was considered a new registration. The Ninth Circuit suggested this would eliminate the Third Circuit‘s cause for concern, though it did not explain how that might eliminate concerns raised by its own GoPets decision. GoPets, 657 F.3d at 1031.
[110] AIRFX.COM v. AirFX LLC, No. CV 11-01064-PHX-FJM, 2012 WL 3638721 (D. Ariz. Aug. 24, 2012). In a subsequent order, AIRFX.COM v. AIRFX, LLC, No., CV 11–01064–PHX–FJM, 2013 WL 857976 (D. Ariz. March 7, 2013), the Arizona District Court went on to consider a motion to award attorney’s fees to the plaintiff on grounds that defendant’s action (in the form of a counterclaim) was groundless and unreasonable. The District Court agreed and awarded attorney’s fees. The Court affirmed its reliance on GoPets in strong terms, saying:
As we noted in our order, GoPets is squarely on point in this matter, and there is nothing it its language indicating that it should be read as narrowly as defendant suggested in its briefs. . . . Defendant should have withdrawn its ACPA counterclaim once it discovered that the original registration date of airfx.com preceded the registration of the AirFX mark.
Id. at *2. Clearly, the District Court has not had “second thoughts.”
[111] AIRFX.COM v. AirFX LLC, No. CV 11-01064-PHX-FJM, 2012 WL 3638721, at *2.
[112] See id. In so holding the District Court was rejecting a contrary determination under the Policy made by a National Arbitration Forum panel in AirFX, LLC v. ATTN AIRFX.COM, NAF Claim No. FA1104001384655. In the NAF case, the panelist was aware of a potential sequencing problem, but did not address it to any meaningful extent in ordering the transfer.
[113] See, e.g., Ticketmaster Corporation v. Global Access, WIPO Case No. D2007-1921, and references therein.
[114] See also, by this author as panelist, more recently, Urban Home v. Technology Online LLC / Whois Privacy Service Pty Ltd., WIPO Case No. D2012-2437.
[115] The question of the contract and/or property characteristics of domain names is addressed differently by courts in the United States. Compare Kremen v. Cohen, 337 F.3d 1024 (9th Cir. 2003), with Network Solutions v. Umbro, 529 S.E.2d 80 (Va. 2000).
[116] See, applicable to the parties in this proceeding, Network Solutions Service Agreement Version 9.22, Schedule A, para. 3, and Incorporated Schedule F, Registrant Name Change Agreement, para. 3 (“By applying for this Registrant Name Change, you agree to be bound by and to perform in accordance with the terms and conditions of the Agreement, which includes Network Solutions’ current Domain Name Dispute Policy.”).
[117] See Twitter, Inc. v. Geigo, Inc., WIPO Case No. D2011-1210.
[118] Compare Kremen v.Cohen, 337 F. 3d 1024 (9th Cir. 2003), with Schmidheiny v. Weber, 319 F.3d 581 (3d Cir. 2003). In the Schmidheiny case, the Third Circuit stated:
The words “initial” and “creation” appear nowhere in § 1129, and Congress did not add an exception for “non-creation registrations” in § 1129(1)(B) . . . . The District Court’s rationale that “if Congress chose to treat re-registrations as registrations, it could have used words appropriate to impart that definition,” is not a sufficient reason for courts to infer the word “initial.” Instead, we conclude that the language of the statute does not limit the word “registration” to the narrow concept of “creation registration.” See Sweger v. Chesney, 294 F.3d 506, 516 (3d Cir.2002 [sic]) (holding that if the language of a statute is plain, we need look no further to ascertain the intent of Congress). . . . We hold that the word “registration” includes a new contract at a different registrar and to a different registrant. In this case, with respect to Famology.com—that occurs after the effective date of the Anti-cybersquatting Act. To conclude otherwise would permit the domain names of living persons to be sold and purchased without the living persons’ consent, ad infinitum, so long as the name was first registered before the effective date of the Act. We do not believe that this is the correct construction of the Anti-cybersquatting Act. We are therefore satisfied that Famology.com, Inc. engaged in a “registration” that is covered by the Anti-cybersquatting Act . . . .
319 F.3d at 582-83. The Panel in the present proceeding further notes that although Respondent in this proceeding is situated within the Ninth Circuit, Complainant is situated within the Sixth Circuit.
[119] The Panel notes, however, that subject to meeting jurisdictional requirements, a domain name registrant may seek an injunction from a US court to prevent a registrar from transferring that name pursuant to a panel decision, and that the US court will thereupon apply the ACPA, and potentially the Lanham Act more broadly. Compare, e.g., Barcelona.com, Inc. v. Excelentisimo Ayuntamiento de Barcelona, 330 F.3d 617 (4th Cir. 2003), with Storey v. Cello, 347 F.3d 370 (2d Cir. 2003). Thus, while a panelist may choose to apply the Policy consistently with norms that have evolved within the WIPO UDRP administrative system, the panelist is also cognizant that enforceability of his or her decision may depend on interpretation of the ACPA. See id.
[120] As noted earlier, e.g., supra notes 25 and 107, the living persons name protection provisions of the ACPA do not establish the predicate of pre-existing trademark rights.
[121] In order to successfully pursue a claim under the ACPA, the express language requires that the complaining party possess trademark rights at the time the disputed domain name was registered. See 15 U.S.C. § 1125(d)(1)(A); Storey v. Cello, 347 F.3d 370, 386 (2d Cir. 2003) (cited by Lahoti v. Vericheck, 586 F.3d 1190 (9th Cir. 2009)) (followed in DSPT International v. Nahum, 624 F.3d 1213 (9th Cir. 2010)).
[122] See WIPO Overview 2.0, supra note 107, para. 3.1:
Consensus view: Generally speaking, although a trademark can form a basis for a UDRP action under the first element irrespective of its date [see further paragraph 1.4 above], when a domain name is registered by the respondent before the complainant’s relied-upon trademark right is shown to have been first established (whether on a registered or unregistered basis), the registration of the domain name would not have been in bad faith because the registrant could not have contemplated the complainant’s then non-existent right.
There has been a minority view expressed by certain WIPO panels. As stated by the WIPO Overview 2.0, id.,
Irrespective of whether the domain name was registered before the relevant trademark was registered or acquired, a small number of panels have begun to consider the effect of the requirement of paragraph 2 of the UDRP, which states: “By applying to register a domain name, or by asking us to maintain or renew a domain name registration, you hereby represent and warrant to us that . . . (d) you will not knowingly use the domain name in violation of any applicable laws or regulations. It is your responsibility to determine whether your domain name registration infringes or violates someone else’s rights.” Some panels have regarded this as a warranty at the time of registration that the domain name will not be used in bad faith, finding that, by breaching such warranty, use in bad faith may render the registration in bad faith. Other panels have looked at the totality of the circumstances in assessing “registration and use in bad faith,” as a unitary concept, given that some of the circumstances listed as evidence of bad faith registration and use in paragraph 4(b) of the UDRP appear to discuss only use and not registration. Still other panels that have considered these approaches have instead reaffirmed the “literal” interpretation of bad faith registration and bad faith use regardless of paragraphs 2 or 4(b) of the UDRP. This is a developing area of UDRP jurisprudence.
Proponents of a minority approach taken, for example, inCity Views Limited v. Moniker Privacy ServiceslXander, Jeduyu, ALGEBRALlVE, WIPO Case No. D2009-0643, <mummygold.com>, read the conjunctive “and” out of “has been registered and is being used in bad faith”. Decisions by such panelists might not be directly influenced by GoPets/AIRFX.COM because there apparently is no need to find bad faith registration. Whether the complainant holds a trademark at the time of registration is presumably not determinative; an unrelated transferee is subject to the same “use” rules as the initial registrant. Application of this approach, of course, would not resolve a conflict with the ACPA, since the ACPA imposes the condition that a trademark exist at the time of initial domain name registration.
[123] See Lahoti v. Vericheck, 586 F.3d 1190, 1202 (9th Cir. 2009) (“Evidence of bad faith may arise well after registration of the domain name. See Storey v. Cello Holdings, LLC, 347 F.3d 370, 385 (2d Cir. 2003) (‘Congress intended the cybersquatting statute to make rights to a domain-name registration contingent on ongoing conduct rather than to make them fixed at the time of registration.’).” See also DSPT International v. Nahum, 624 F.3d 1213, 1220 (9th Cir. 2010). Some language in GoPets v. Hise, 657 F. 3d 1024, 1030 (9th Cir. 2011), might seem to suggest otherwise:
To prevail on its ACPA claim, GoPets Ltd. must show (1) registration of a domain name, (2) that was “identical or confusingly similar to” a mark that was distinctive at the time of registration, and (3) “bad faith intent” at the time of registration. See 15 U.S.C. § 1125(d)(1). [emphasis added]
[124] UDRP, supra note 19, ¶ 4(a)(iii) & (b). The difference in jurisprudence between courts interpreting the ACPA and UDRP panelists regarding post-registration conduct has a basis in differences in terminology between the statute and the UDRP. Pursuant to the ACPA, liability attaches to a person who “registers, traffics in, or uses a domain name” [italics added] in bad faith. Registration and use are in the disjunctive “or.” Pursuant to the UDRP, a determination of abusive conduct requires “registration and use” in bad faith. Bad faith “use” in the absence of bad faith “registration” does not meet the UDRP abuse standard.
[125] See The Proprietors of Strata Plan No. 36, A Turks and Caicos Corporation v. Gift2Gift Corp., WIPO Case No. D2010-2180 (noting that ”allowing subsequent conduct to override actual intentions at the time of registration, as opposed to providing an inference about what those intentions were, would appear impermissible.”).
[126] Although in a few exceptional circumstances under the UDRP abuse has been found when trademark rights have not yet ripened. See WIPO Overview 2.0, para. 3.1.
[127] The author is not aware of an estimate of the number of such potentially “immunized domain names,” though it would not be surprising if a distinct market developed for them.
[128] Accord Price, supra note 4, at 482.
[129] Paragraph 2 of the UDRP reads as follows:
2. Your Representations. By applying to register a domain name, or by asking us to maintain or renew a domain name registration, you hereby represent and warrant to us that (a) the statements that you made in your Registration Agreement are complete and accurate; (b) to your knowledge, the registration of the domain name will not infringe upon or otherwise violate the rights of any third party; (c) you are not registering the domain name for an unlawful purpose; and (d) you will not knowingly use the domain name in violation of any applicable laws or regulations. It is your responsibility to determine whether your domain name registration infringes or violates someone else’s rights.
[130] Paragraph 4(a) of the UDRP provides:
a. Applicable Disputes. You are required to submit to a mandatory administrative proceeding in the event that a third party (a “complainant”) asserts to the applicable Provider, in compliance with the Rules of Procedure, that (i) your domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and (ii) you have no rights or legitimate interests in respect of the domain name; and (iii) your domain name has been registered and is being used in bad faith.
In the administrative proceeding, the complainant must prove that each of these three elements are present. Paragraph 4(c) of the UDRP provides:
Any of the following circumstances, in particular but without limitation, if found by the Panel to be proved based on its evaluation of all evidence presented, shall demonstrate your rights or legitimate interests to the domain name for purposes of Paragraph 4(a)(ii): (i) before any notice to you of the dispute, your use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services; or (ii) you (as an individual, business, or other organization) have been commonly known by the domain name, even if you have acquired no trademark or service mark rights; or (iii) you are making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.
[131] 15 USC §1125 (d)(1)(B)(i) provides, inter alia,
In determining whether a person has a bad faith intent . . . a court may consider factors such as, but not limited to— (I) the trademark or other intellectual property rights of the person, if any, in the domain name; (II) the extent to which the domain name consists of the legal name of the person or a name that is otherwise commonly used to identify that person; (III) the person’s prior use, if any, of the domain name in connection with the bona fide offering of any goods or services; (IV) the person’s bona fide noncommercial or fair use of the mark in a site accessible under the domain name;
Also, 15 USC §1125 (d)(1)(B)(ii), provides:
Bad faith intent . . . shall not be found in any case in which the court determines that the person believed and had reasonable grounds to believe that the use of the domain name was a fair use or otherwise lawful.
The ACPA does not expressly allocate the burden of proof regarding rights and legitimate interests as does paragraph 4(a) of the UDRP.
[132] Coincidently, this author as sole panelist recently rendered a decision involving a related set of facts. Saltworks, Inc. v. Gary Pedersen, Salt Works, WIPO Case No. D2013-0984. In this case, an Arizona provider of salt for utility purposes (e.g., to soften water for hotels) had engaged in business under the name “Salt Works” for a number of years prior to a Washington State business commencing the sale of gourmet and bath salts under the name SaltWorks, primarily on the Internet. The Arizona commercial supplier registered its disputed domain name after the Washington gourmet and bath salt retailer secured registration for the trademark Salt Works. The panel found that the domain name registrant established rights or legitimate interests in the disputed domain name because it had been commonly known by that name, and because it had made good-faith use of the term corresponding to the domain name in connection with the sale of products and services prior to notice of the dispute. There was, however, no transfer to an unrelated third party domain name purchaser involved in this case.
[133] It would also be possible to assess the purchase and sale transaction between unrelated parties under paragraph 4(b) of the UDRP dealing with the element of bad faith. Generally speaking, the good-faith purchaser of a domain name and associated business should not have difficulty demonstrating that it did not make the purchase with the intent to sell the domain name to the trademark owner or a third-party, to prevent the trademark owner from registering its trademark as a domain name (as part of a pattern), or to disrupt the competitor’s business, although specific evidence provided by the complaining party might prove otherwise. Analysis under paragraph 4(b)(iv) regarding confusingly similar use in connection with a website for commercial gain would be context specific. A third-party purchaser/transferee of a domain name that finds itself subject to an adverse ruling by a UDRP panel, and an order of transfer (or cancellation), may file a petition in federal court to block the transfer by the registrar. A UDRP panel ruling does not deprive the purchaser/transferee of its day in court.
[134] See Price, supra note 4, at 482. Note that Price does not suggest a specific definition, but rather one that would cast a wide net.
[135] 15 USC § 1125(d)(3) provides: “[t]he civil action established under paragraph (1) and the in rem action established under paragraph (2), and any remedy available under either such action, shall be in addition to any other civil action or remedy otherwise applicable.”

Not Your Father’s Domain Name: How gTLD Expansion Is Poised to Change the Way We Navigate the Internet

By Andy McNeil* A pdf version of this article may be downloaded here. Introduction – A Primer On Current gTLDs For many of us, “.com” is the necessary element for most of the Internet addresses we use on a daily basis for shopping, banking, news or entertainment (think amazon.com, wellsfargo.com, cnn.com and espn.com, for example).  The seemingly ubiquitous .com suffix is formally known as a generic top-level domain name (or “gTLD”) in internet parlance.  Although there are 20 other gTLDs such as .net, .info, etc., .com is by far the most popular gTLD.[FN1] Suffice it to say that most Internet users, including this author, when faced with a domain name featuring anything other than a .com suffix, are immediately confronted with suspicions of inferiority and concerns regarding legitimacy.[FN2] Although the number of Internet users continues to grow exponentially, the number of available gTLDs to meet the ever-growing need for unique domain addresses has remained static.  It appears, however, that the “.com-centric” way of Internet-addressing is prepped for change, and in a big way. The Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit entity chosen by the U.S. Department of Commerce  in 1998 to oversee the Internet’s  naming system,[FN3] is formulating plans for expanding the naming rights for gTLDs.  While proponents of this gTLD expansion—including ICANN—argue that this expansion will provide for greater innovation and choice among Internet users and businesses, opponents contend that this expansion is akin to opening a Pandora’s Box of problems for those with a significant intellectual property presence on the Internet.  Considering that there are more than 270 country specific gTLDs, the scope of this unprecedented expansion is significant for those businesses with an international Internet presence. The mechanism for the application and management of new gTLDs, known formally as the Applicant Guidebook, has been in the works since at least October 2007[FN4] and is closer than ever to being finalized (the latest draft of the Applicant Guidebook was issued in December 2010).  According to this latest (and some say final) draft of the Applicant Guidebook, during the initial rollout of the program, the sale of new gTLDs is to be limited to “[e]stablished corporations, organizations, or institutions in good standing,” and not “individuals or sole proprietorships.”[FN5] Owners of a new gTLD will be able to sell “subdomain” names and will be able to exercise significant control over rules for who can register a subdomain. On the highest level, the possibility for an infinite number of new gTLDs will allow similar companies and organizations a specialized web “suffix,” such as .apparel, for example.  But this singular example also highlights the problems with the expansion of gTLDs—who would own and manage the commercially desirable gTLDs (such as .apparel)?  Taking the previous example further, what about synonymous gTLDs: .attire or .clothing or .wardrobe, for instance?  Could (or should) these closely related gTLDs co-exist? The initial round of applications for new gTLDs is expected to begin as early as the second quarter of 2011.[FN6] On one hand ICANN has stated that the increase in the number of gTLDs is not expected to affect the way the Internet operates, but on the other, ICANN admits that the new gTLDs have the potential to change how individuals and businesses use the Internet.[FN7] This article sets forth a high level review of the gTLD process and addresses some of the business and legal implications of this virtual re-working of the domain nomenclature as we know it.  In particular, this article addresses some of the issues and opportunities that smaller companies with trademark rights may face upon this imminent expansion of available gTLDs. Two Options Under The New gTLD Process While the new gTLD process presents two immediate options for all trademark owners, only one option is worthy of practical analysis for the vast majority of those with trademark rights.  For those corporations with ample coffers and the ambition to be the rulers over their own gTLD kingdom, so to speak, the first option is owning and managing a gTLD that either reflects a company’s trademark (such as .levistrauss) or some other term related to their business (such as .dungarees).  Under this expansion, new gTLD owners will be permitted to sell “subdomain” names to third-parties.  Given this, .levistrauss will likely not be as broad and appealing to designers, manufacturers, distributors and retailers of blue jeans as the more generic .dungarees, for example.  While the former might represent a strong brand presence, the latter is likely a more viable candidate for exploitation among the various layers of the blue jean commercial chain.  Either option warrants significant analysis on the business, legal and financial fronts. The keys to the gTLD kingdom will not be cheap, nor will these metaphorical keys be easy to use.  Although applying for, managing and owning a new gTLD will be time- and resource-intensive, the complete picture in terms of costs to a prospective gTLD owner remains unclear at this point.  Although certain initial costs associated with acquiring a gTLD are known (just the gTLD evaluation fee will be $185,000), other costs are unknown.[FN8] The costs involved with third-party objections to a gTLD application (think of the hypothetical Guess Jeans vs. Levi Strauss challenge over the right to buy and manage the gTLD for .dungarees, for example), or auctions that may occur in the event that multiple applicants are vying for the same gTLD, notwithstanding the resources to maintain and manage the new gTLD once obtained (whether run internally or outsourced), are uncertain.  Most experts estimate that the total costs for obtaining and operating a gTLD could top $2 million during the first one to two year period alone.[FN9] Although the specifics of the application process are beyond the scope of this article, suffice it to say that this process will be rigorous and, as with any significant and far-reaching business decision, must be approached with the requisite level of diligence to ensure success.  Any entity applying for a gTLD must be prepared to submit detailed financial, legal and technical documents as part of the vetting process to establish its qualifications to operate and manage a gTLD registry.[FN10] gTLDS For The Rest Of Us – Practice Pointers For Trademark Owners Most trademark owners will not be able to justify the tremendous resources, responsibilities and uncertainties associated with owning and managing their own gTLDs.  Thus, in light of the imminent expansion of gTLDs, the prudent trademark owner should consider how to both protect her brand once the gTLD flood gates are opened, as well as how to capitalize on this opportunity to improve her business. If owning and operating a gTLD is not in the cards, then trademark owners have other options to protect their trademark rights.  Previously brand owners could obtain—for a nominal cost with little or no technical upkeep—a defensive domain name registration to protect their trademark, such as levisfeellikeburlap.com, for example.  This “obtain and park” mentality is not feasible under the proposed gTLD expansion due to the requirement that a gTLD applicant must operate a functioning registry once obtained.  If a brand owner chooses to forgo the application and operation of a gTLD (as many will surely do for the reasons highlighted above), these owners will find themselves in a position to “wait and see” which gTLDs are granted, who owns which gTLD, how the relevant new gTLDs are being marketed, the public response to the new gTLDs, etc. Currently there are two stages of trademark rights assessment in the proposed gTLD application process.  Upon receipt of an initial gTLD application, ICANN will perform its own examination of the application, during which it will consider the likelihood of confusion with existing or applied-for gTLDs.  If an application passes this initial examination, it will enter an “objection phase,” where those with trademark rights will have the opportunity to file a formal objection to an applied-for gTLD on various grounds, with disputes to be resolved by a third-party independent dispute resolution service provider.  This public objection phase will be similar to the Uniform Dispute Resolution Process (“UDRP”) currently available to trademark owners against potentially infringing domain names.  As in UDRP proceedings, the “complaint” in the objection phase of the expanded gTLD review process must contain all of the objector’s arguments and evidence (i.e., no discovery or subsequent briefing).  Likewise, these objections will be heard by a third-party panel, and if the objector prevails before the panel, the gTLD application will be rejected. As of the latest draft of the Applicant Guidebook, there are four separate grounds on which a trademark owner may object to a gTLD application:[FN11] 1.  String Confusion Objection: the gTLD is confusingly similar to an existing gTLD or to another applied-for gTLD string in the same round of applications; 2.  Legal Rights Objection: the gTLD string infringes the existing legal rights of the rights holder; 3.  Limited Public Interest Objection: anyone (not just a rights holder) has standing to object that a gTLD is contrary to generally accepted legal norms of morality and public order; and 4.  Community Objection: “established institutions” have standing to object that there is substantial opposition within the targeted community to the applied-for gTLD. Throughout the development of the Applicant Guidebook, ICANN has attempted to balance the opportunities of expanding the gTLD universe with the intellectual property rights of trademark owners.  Third-party organizations (such as the International Trademark Association) have and continue to advise ICANN on the implications of the proposed gTLD rules, and ICANN has consistently encouraged forums for public comment and review of these policies, including those contained within the Applicant Guidebook.  While ICANN has repeatedly offered its assurances surrounding the transparency of this process, trademark owners looking to protect and/or grow their marks once the gTLD application is underway are strongly encouraged to undertake the necessary steps to monitor this process, as all gTLD applications (likely in a truncated/redacted form) will be available on ICANN’s website.[FN12] Once brand owners weather the gTLD process and the available gTLD landscape is clearer, they will have the opportunity to apply for second-level registrations, defensive registrations and/or dispute resolution actions for thesecond level of the newly  approved gTLDs that are owned by a third-party (think .dungarees.designsbysarah or .bluejeans.availableatsamsboutique, where .dungarees and .bluejeans are owned by Levi Strauss and Guess).  These examples highlight one of the major concerns to smaller trademark owners in the new gTLD campaign—namely what to do if numerous closely-related gTLDs are approved and become operational (e.g., .dungarees vs. .bluejeans vs. .denim).  While this example assumes that ICANN would approve all three of these hypothetical gTLDs, which is unlikely given that ICANN will review each application for a likelihood of confusion analysis, at this stage we simply do not know how, or on what basis, this likelihood of confusion analysis will be made. Conclusion Only time will tell which of the new gTLDs (if any) will obtain the popularity of .com in their respective industries/applications, and it is simply too early to tell which of .dungarees, .jeans or .bluejeans, for example, will be the “it” gTLD for the latest and greatest brand or trend in denim.  Of course, this assumes that the new gTLDs will supplant the existing gTLDs, and .com in particular, as the preferred suffix for Internet users.  It also remains to be seen whether any of the new gTLDs will be commercially viable (given the high costs of acquisition and maintenance), or whether this process will result in a “land rush” as was experienced during the rapid .com boom in the 1990s.  The vast majority of trademark owners will have to let the dust settle between the mega-corporations vying for a particular gTLD before initiating a realistic analysis of the viability of any given gTLD.  Once this dust does settle, any analysis of a prospective gTLD must consider the marketing, business and legal implications for choosing a particular gTLD over another.  This analysis, just like the expanding gTLD landscape, should be approached with a fresh re-evaluation of a company’s domain name and trademark marketing strategy, including the manner in which a company monitors and enforces its intellectual property rights on the Internet.  
* Andy McNeil is an associate in the Intellectual Property Litigation Practice at Morris, Manning & Martin LLP. He is a graduate of Georgia Institute of Technology (B.S. 2001) and Syracuse University College of Law (J.D. 2005). [FN1] Dennis Fetterly, Mike Manasse, Marc Najorc, & Janet L. Wiener, A Large Scale Study of the Evolution of Web Pages, Software—Practice and Experience, 2004, at 213-237. [FN2] Although no empirical data can support this claim, this is merely the opinion (albeit well-formed) of the author. [FN3] See ICANN About, http://www.icann.org/en/about/ (Last Visited Feb. 11, 2011). Although ICANN still operates under the oversight of the U.S. government, steps have been taken in recent years to decrease the United States’ control over the nonprofit corporation. [FN4] A set of policy recommendations was approved in October 2007 by ICANN. [FN5] ICANN, New gTLD Agreement: Proposed Final Version, gTLD Applicant Guidebook, at 1-16 (Nov. 2010), http://www.icann.org/en/topics/new-gtlds/draft-rfp-clean-12nov10-en.pdf. [FN6] See infra note 10. [FN7] See New gTLDs – Frequently Asked Questions – gTLD History & Policy Development, ICANN (Feb. 4, 2011), http://www.icann.org/en/topics/new-gtlds/strategy-faq.htm#history. [FN8] Once acquired, the owner of a new gTLD must pay ICANN $6,250 per calendar quarter in addition to a $0.25 registry level transaction fee per domain name registered per year after a threshold of 50,000 domain names have been registered.  [ICANN, New gTLD Agreement: Proposed Final Version, gTLD Applicant Guidebook, at 12 (Nov. 2010), http://www.icann.org/en/topics/new-gtlds/draft-rfp-clean-12nov10-en.pdf].  An owner of a new gTLD must abide by these obligations for a period of ten years. [FN9] Jaime Angeles et al., To TLD or Not to TLD, That Is the Question, INTA Bulletin,  Nov. 1, 2010, at 5. [FN10] “All applicants for new gTLDs will need to meet very specific operational and technical criteria in order to preserve the security and stability of the Internet.” New gTLDs – Frequently Asked Questions – Application & Evaluation Process, ICANN (Feb. 4, 2011), http://www.icann.org/en/topics/new-gtlds/strategy-faq.htm#application. [FN11] Infra note 5, at 1-12. [FN12] www.icann.org (last visited Mar. 7, 2011).

Is Facebook Killing Privacy Softly? The Impact of Facebook’s Default Privacy Settings on Online Privacy

By Michael J. Kasdan* A pdf version of this article may be downloaded here. “IMPORTANT!!  Tomorrow, Facebook will change its privacy settings to allow Mark Zuckerberg to come into your house while you sleep and eat your brains with a sharpened spoon.  To stop this from happening go to Account > Home Invasion Settings > Cannibalism > Brains, and uncheck the “Tasty” box.  Please copy and repost.” – Satirical Status Post from Friend’s Facebook Status on February 15, 2011. Introduction Since launching its now ubiquitous social networking website out of the Harvard dorm room of Mark Zuckerberg in early 2004, Facebook has rapidly become one of the most dominant websites on the planet.  And “rapid” doesn’t quite do it justice.  It has been estimated that over 40% of the U.S. population has a Facebook account.[FN1] Facebook now boasts over 600 million active user accounts [FN2] and was recently estimated to be adding user accounts at the unbelievable clip of well over half a million new users per day.[FN3] The very nature of a social networking site like Facebook is to provide its users with a platform through which they can share massive amounts of personal information.  Facebook has created a platform where users can post personal data such as their contact information, birthdays, favorite movies, books, music and news articles, share scads of written comments and notes, post pictures and videos of themselves and others, associate themselves with various products, services, and groups, and post information about where they are and what they are doing. Over its six-year existence, Facebook’s privacy policy – the set of rules that dictate which information is shared and with whom – has undergone significant systemic revisions that have had the effect of collectively encouraging, and in some cases requiring, users to share more personal information with bigger groups of people and companies.  Facebook’s original privacy policy provided that no personal information would be shared with any other user who did not belong to a group specified in the user’s privacy settings.  The principle behind this policy was one of user control over personal information.  By contrast, under today’s Facebook privacy policy, owners of numerous websites and applications may access broad categories of user information, and the default settings are such that many categories of user information will be widely accessible, unless users carefully review and modify them. This article explores the background, impact, and legal and policy challenges posed by Facebook’s evolving privacy policy. Background Facebook (www.facebook.com) is a social-networking website that is privately owned and operated by Facebook, Inc.  Facebook is free to use.  Once registered, users of the Facebook.com website may create a personal profile and can then create their “social network” by inviting other users to be their “friends.”  Users can upload photos and albums and update their “status” to inform their friends of their whereabouts, actions, and thoughts.  Users and their friends may communicate with each other through private and/or public messages (i.e., privately, through email, or publicly, by writing or posting a comment on another user’s “wall”), view and comment on each other’s status updates and postings, and share and comment on each other’s pictures, videos, and other Internet content. [FN4] Facebook users can also associate with and recommend (i.e., “like”) brands, products, services, web pages, and articles posted all over the Internet by clicking a “like” button on Facebook or on those web pages.  When a user’s friend views that same web page, they can see which of their friends have “liked” the page.  A user’s “likes” are also posted in that user’s “newsfeed,” which is a running list of comments, pictures, status updates, etc. of that user and his friends that is visible to friends.  These “likes” are, of course, also recorded by Facebook’s business partners that are associated with brands, products, and services.  Most recently, Facebook has added a “check-in” or “places” feature.  Using this feature, Facebook users can indicate that they are currently at a restaurant, store, bar, or other real-world location.  This information is posted onto their profile and is also recorded by Facebook for use by its business partners, which may include, for example, the restaurant or bar at which the user has checked in. In addition, Facebook has partnered with certain third-party websites, such as Yelp, to provide Facebook “personalization features” for its users.  Specifically, if a user has a Facebook account and goes to the Yelp website, a site that collects user reviews about businesses such as restaurants and bars, that user will be able to see which of his Facebook friends have reviewed a particular business, which friends have “liked” a particular business, and review his Facebook friends’ Yelp reviews and “likes.”[FN5] Facebook users can also access third-party applications (“apps”) on the Facebook site.  These apps include trivia quizzes, games, and other interactive content.  Many of these applications gather personal information about the user and his Facebook friends. There clearly are tremendous benefits to the social networking experience on Facebook.  The broad disclosure by users and their friends of all sorts of personal details about themselves is central to Facebook’s functionality.  It is in large part what makes Facebook interesting, interactive, and fun to its users.  It is also equally (if not more) important to Facebook as a business, and the key to its ability to monetize Facebook.com.  Indeed, much of the perceived value of Facebook as a business[FN6] is Facebook’s ability to gather personalized information about its massive user base and to leverage that user base.  The costs to these same activities, in terms of the sacrifices to one’s own personal privacy, may be harder to spot at first, but they are also significant.[FN7] Facebook’s Privacy Policy – A Brief History Facebook’s privacy policy has undergone a significant shift over its relatively short existence.  Its original policy limited the distribution of user information to a group of that user’s choice (thus creating a private space for user communication).  By contrast, its current policy makes much user information public by default and requires other information to be public.  This public information is accessible by Facebook and its business partners and advertisers.  The shift in Facebook’s default privacy settings over time is perhaps most strikingly illustrated by an info-graphic created by Matt McKeon, a developer at the Visual Communication Lab at IBM Research.[FN8] The blue shading indicates the extent that the viewing of various categories of information is limited to a user’s friends, friends of friends, all Facebook users, or the entire Internet.  Heavier shading towards the outer part of the circle indicates that the information is more widely accessible.
The History of Facebook's Default Privacy Settings
  Facebook has been criticized by privacy advocates and industry watch groups for its revision of its privacy policies.  For example, after Facebook rolled out its revised privacy settings in late 2009, the Electronic Frontier Foundation (“EFF correctly concluded that these changes reduce the amount of control the users have over their personal data while at the same time push Facebook’s users to publicly share more of their personal information than before.[FN9] As the Electronic Frontier Foundation (“EFF”) put it, viewing Facebook’s successive privacy policies from 2005-2010 “tell[s] a clear story.  Facebook originally earned its core base of users by offering simple and powerful controls over their personal information.  As Facebook grew larger and became more important . . . [it] slowly but surely helped itself – and its advertising and business partners – to more and more of its users’ information, while limiting the user’s options to control their own information.”[FN10] Under Facebook’s current privacy policy, certain personal information, such as a user’s name, profile pictures, current city, gender, networks, and pages that user is a “fan” of (now, pages that user “likes”) is deemed “publicly available information.”  And this user information is now accessible by Facebook applications that are added by any of that user’s Facebook friends, even if that user does not use these applications.  In March, 2011, Facebook announced that it would be moving forward with a plan to give third-party developers and external websites the ability to access Facebook users’ home addresses and cell phone numbers.[FN11] Facebook users may not restrict access to this information to a more controlled group or prevent application developers from accessing it.[FN12] In addition, when a Facebook user “likes” a product or service or “checks-in” to a place, such as Starbucks, the coffee company displays that information, both in the user’s news feed and also as part of a paid advertisement for Starbucks.  This functionality is called “Sponsored Stories,” and Facebook users cannot opt out of the use of their information in Sponsored Stories if they “like” or “check-in” to a business or service.[FN13] Based on these changes, Facebook users are now sharing a lot of personal information with the third party companies that partner with Facebook to develop applications and advertisements.[FN14] Finally, Facebook’s “privacy transition tool,” which guides users through the configuration of privacy settings will “recommend” (i.e., preselect by default) each user’s privacy settings for sharing information posted to Facebook, including status messages and wall posts, to be set to share with “everyone” on the Internet.  The prior default setting for such information had been limited to each users’ “Networks and Friends” on Facebook.  As discussed in the following section of this Article, default settings are often outcome determinative.  It is human nature to accept and not change the suggested default settings.  In this way, Facebook’s “privacy transition tool” results in more users shifting their privacy level to share their information with more people than before.[FN15] This erosion of privacy should come as no great surprise.  Social networks like Facebook benefit from loose privacy rules:  “the more incentives [Facebook] create[s] for people to share data, the more valuable the network . . . because [Facebook] ha[s] data you can resell or study for marketing trends.”[FN16] Controlling, storing, using, and providing access to or analytics concerning vast stockpiles of user data is tremendously lucrative.  Because Facebook makes money through targeted advertising and the like, reducing the privacy settings of its service is to its financial benefit.[FN17] To this end, Mark Zuckerberg and Facebook have taken the position that “‘Facebook has always been about friends and community and that therefore the default has been skewed towards sharing information rather than restricting it.”[FN18] This position also aligns with Facebook’s profit motive, monetization end-game, and growing valuation. [FN19] Default Settings Matter a Great Deal What is important to keep in mind in the ongoing debate about Facebook’s privacy settings is the significant power of default settings in affecting user behavior and outcomes.  When defending its increasingly “public” default privacy settings, Facebook often focuses on the fact that it gives its users the ability to change these privacy settings to control information (though not all information) more tightly, if they so choose.  But the reality is that defaults are often determinative.  Most users surely clicked through the new default settings without realizing it.  And while users could, theoretically, change these more public “recommended” settings by navigating through the detailed privacy settings, doing so takes more effort.[FN20] Defaults have a particularly strong influence in software.  System or device defaults are rarely altered by users.  And commentators have observed that “psychological studies have shown that the tiny bit of extra effort needed to alter a default is enough to dissuade most people from bothering, so they stick to the default despite their untapped freedom.”[FN21] With the rise of ubiquitous network software systems like Facebook, the outcome-determinative nature of defaults has the ability to fundamentally influence social concerns, such as privacy.[FN22] Indeed, the evolution of Facebook’s privacy settings demonstrate the company’s understanding of the importance of default settings.  On the one hand, Facebook does provide a good deal of granular control to its users in terms of privacy settings.  But on the other hand, as studies in human computer interaction and behavioral economics show, users tend to favor the status quo or default settings.[FN23] In the case of Facebook, these are the privacy recommendations and default settings that are provided.  Furthermore, Facebook’s programs that pass information to its third-party business partner sites, such as Yelp, require users to “opt out,” which means that Facebook will freely disseminate user information unless the user affirmatively objects.  Therefore, even though Facebook offers detailed privacy options, by pre-selecting the default settings for those user privacy settings and requiring users to affirmatively opt-out, Facebook is effectively “dictating what kind of privacy [users] will or will not have.”[FN24] The Risks So what?  Aside from throwing around important-sounding words like “privacy issues,” what is the big deal? Recently, industry watch groups, like the EFF and Consumer Reports, as well as the U.S. government, have articulated a host of real-world concerns.  For example, posting personal information (including birthdates, street addresses, whether you are home or away), can expose a user to crime of either the cyber- or real-world variety.[FN25] In addition, the privacy settings of users and users’ Facebook friends can expose users to harassment, malware, spyware, identity theft, viruses and scams.  For example, a recent article estimated that out of the 18 million Facebook users who used “apps” of Facebook’s business partners and advertisers, roughly 1.8 million (or 10%) of their computers were infected by these applications.  Many of these applications access a large swath of personal information, often without the user realizing it.[FN26] Aside from the above crime risks, there are serious “social” and “commercial” risks as well.  Sharing the likes and dislikes of users and their friends, as well as the places to which they go and the products they recommend could lead to a world where companies, advertising agencies, and others who seek to influence your behavior are able to track each individual user to such an extent that they can compile a set of incredibly granular and personal details about each person, including what time he gets up, where he goes, what he buys, what he reads, what his political views are, etc.[FN27] For many, that may be an uncomfortable place to be. Addressing the Issue of Online Privacy – Personal Choice, Regulation and Enforcement, or Both? Broadly speaking, there are two general approaches to addressing the implications of online privacy settings, such as Facebook’s.  It is unlikely that either one of these approaches alone will adequately address the privacy concerns raised above. The first approach is to rely on the market and users to drive changes to privacy settings, when required.  This approach relies on users to recognize that their privacy settings are important and to take the time and responsibility to set them.[FN28] This laissez faire approach relies on individuals to take more care about what default settings they are agreeing to and to demand change in areas of paramount importance. Users who care should certainly take more care in setting their privacy options.  However, there are limitations to relying on users alone.  When settings and choices are not apparent to users, or defaults are repeatedly set in such a way that the vast majority of users are unlikely to understand the consequences of their selections or be able to demand change, it seems that more may be required.[FN29] The second approach is to rely on government regulation and enforcement to ensure that there are clearly laid-out privacy options.[FN30] In this regard, the U.S. government recently has began to raise questions about Facebook’s privacy policy.  For example, when Facebook announced plans to enable its partners to access users’ addresses and phone numbers, Congressman Edward Markey (D-Mass) and Joe Barten (R-Texas), the Co-Chairmen of the House Bipartisan Privacy Caucus, sent a letter to Facebook CEO Mark Zuckerberg seeking answers about the company’s plans.[FN31] Similarly, in May of 2010, the Article 29 Data Protection Working Party, a coalition of European data protection officials, sent a letter to Facebook criticizing the changes it made to its privacy policy and default privacy settings.[FN32] The Working Party argued that significant changes to a privacy policy and settings relating to sharing of user information should require the active consent of users rather than mere notice of the changes to users. The Federal Trade Commission (FTC) has likewise become more active in investigating online privacy violations. Section 5 of the FTC Act grants the FTC the power to pursue claims against entities which engage in unfair or deceptive acts or practices in interstate commerce with respect to consumers.[FN33] In the past, the FTC has taken action against websites for violating their own privacy policies as a deceptive trade practice.  The FTC has also used its Section 5 powers to pursue claims against online companies related to spyware and adware, etc.[FN34] Most significantly, last month, the FTC settled its Section 5 investigation into the privacy practices of Google in relation to Google Buzz, a social networking tool in Gmail that Google introduced last year.  As part of the settlement, Google agreed to start a privacy program, to undergo privacy audits for a period of 20 years, and to obtain user consent before changing the way that any Google product shares personal information.[FN35] As relevant to Facebook, privacy interest groups led by the Electronic Privacy Information Center (“EPIC”) have filed multiple Complaints with the FTC, accusing Facebook of violations to the privacy interests of Internet users.[FN36] EPIC’s first FTC Complaint against Facebook focuses on Facebook’s practices relating to the sharing of user information with third-party app developers.  In particular, it alleges that the mandatory public disclosure of certain user information to the public, including third-party app developers, is an unfair practice.  The Complaint also alleges that Facebook’s policies regarding third-party app developers are misleading and deceptive, and provide for more information sharing and less user control of that information without a clear way for users to opt out.[FN37] EPIC’s second Complaint against Facebook focuses on newer changes to Facebook, including the “like” feature and “instant personalization” feature, both of which, it is alleged, cause the sharing of user information in ways that are deceptive to the user.[FN38] EPIC’s Facebook Complaints may provide the FTC with the vehicle to take on Facebook, should it perceive the need to do so. At the very least, the FTC’s recent landmark settlement with Google signals that the FTC is ready and willing to use its Section 5 powers to remedy privacy violations in connection with social networking, where it deems appropriate. The FTC has also provided guidance by issuing a Privacy Report entitled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,” which seeks to provide a framework for consumers, businesses, and policymakers to address online privacy issues.[FN39] The FTC Report concludes that industry efforts to address privacy through self-regulation have been too slow and have failed to provide adequate and meaningful protection to consumers.  Among the recommendations in the FTC’s proposed framework is that consumers be presented with a clear and easy to understand choice about the collection and sharing of their data at the time and in the context in which they are making decisions.  The FTC framework also addresses the tracking, collection, and sharing of user data with advertisers, recommending the adoption of a universal mechanism for implementing a user’s choice to opt out of such practices.[FN40] In response, Facebook has argued against excessive regulation, indicating that Internet companies should be self-regulated so as not to stifle innovation.[FN41] It is unclear what ultimate impact the FTC Report and the proposals of other commentators will have on the industry or on policymakers, if any.  These developments at least have the effect of bringing about public debate over many core privacy issues implicated by social networks and other online companies. In this regard, some of the policies championed by the FTC and others are making their way before Congress in newly proposed privacy bills. Specifically, Representative Jackie Speier (D-California) introduced Bill HR 654 that would direct the FTC to put forth standards that provide an online mechanism for consumers to opt out of the collection and use of their personal information online and would require online advertisers and third-party website operators to disclose their practices with respect to data collection and use.[FN42] These regulatory and legislative efforts may provide some baseline requirements for privacy policies and provide users with a privacy bill of rights. As with the FTC Report, it is not yet clear what shape such privacy legislation will take, and the extent to which legislators will seek to address such privacy issues through legislation.[FN43] Conclusion In the age of instantaneous sharing of information on Facebook, it is fair to ask whether privacy is dead or dying, and whether online social networks like Facebook are killing it. Despite what may be seen as an unstoppable cultural imperative to socialize, connect, share, communicate, and post information about oneself at a dizzying pace, it is important not to lose sight of the risks to handing over control over our personal information. As we status-update our way through the information age, both users and regulators alike must continue to closely monitor companies that receive access to the information we share. At the same time, we must also carefully weigh the benefits of increased interconnectivity against the costs of reduced privacy.  
* Michael J. Kasdan is a Partner at Amster, Rothstein & Ebenstein LLP and is a 2001 graduate of NYU School of Law.  He is a Facebook user.  The views and opinions expressed in this article are his own.  Mr. Kasdan also authored Student Speech in Online Social Networking Sites: Where to Draw the Line, https://jipel.law.nyu.edu/2010/11/22/student-speech-in-online-social-networking-sites-where-to-draw-the-line/ (November 22, 2010). [FN1] See Roy Wells, 41.6% of the U.S. Population Has a Facebook Account, socialmediatoday (Aug. 8, 2010), http://socialmediatoday.com/index.php?q=roywells1/158020/416-us-population-has-facebook-account. [FN2] See Nicholas Carlson, Goldman to clients: Facebook has 600 million users, Business Insider (Jan. 5, 2011), http://www.msnbc.msn.com/id/40929239/ns/technology_and_science-tech_and_gadgets/. [FN3] See Justin Smith, Facebook Now Growing by Over 700,000 Users a Day, and New Engagement Stats, Inside Facebook (July 2, 2009), http://www.insidefacebook.com/2009/07/02/facebook-now-growing-by-over-700000-users-a-day-updated-engagement-stats/. [FN4] For the BBC’s truly hilarious take on the Facebook paradigm, see Facebook in Real Life, http://www.youtube.com/watch?v=BYNYLq_KvW4 (last visited March 22, 2011). [FN5] See Yelp Partners With Facebook For A Personal Experience, Yelp Web Log (Apr. 21, 2010), http://officialblog.yelp.com/2010/04. [FN6] Facebook is presently a privately held company.  Recently, a consortium including Goldman Sachs invested $500 million “in a transaction that values [Facebook] at $50 billion.” Susan Craig & Andrew Ross Sorkin, Goldman Offering Clients a Chance to Invest in Facebook, DealBook (Mar. 29, 2011), http://dealbook.nytimes.com/2011/01/02/goldman-invests-in-facebook-at-50-billion-valuation/. [FN7] It is significant to note that there are clear generational differences at work as to how a particular person will assess these types of trade-offs.  For example, I use Google’s Gmail service because it is slick and functional.  My father, however, will not, because he is greatly bothered by the fact that Google pushes context-based advertising at its Gmail users based upon the content of a user’s emails.  Likewise, on Facebook, the younger generation is more apt to publicly share private details through status updates or to publicly share embarrassing pictures of their Saturday night escapades.  In online social networks like Facebook, there is a quid pro quo in which privacy is gladly exchanged in favor of social interaction.  To these users, the social and community benefits of sharing such information far outweigh the more subtle-to-perceive-downside of diminished privacy. See Schneier, Google and Facebook’s Privacy Illusion, http://www.forbes.com/2010/04/05/google-facebook-twitter-technology-security-10-privacy (April 6, 2010). [FN8] See http://www.allfacebook.com/infographic-the-history-of-facebooks-default-privacy-settings-2010-05 (May 9, 2010) & http://www.goso.blog/2010/06/facebook-default-privacy-settings-over-time. [FN9] Kevin Bankston, Facebook’s New Privacy Changes: The Good, The Bad, and The Ugly, Electronic Frontier Foundation (Dec. 9, 2010), http://www.eff.org/deeplinks/2009/12/facebooks-new-privacy-changes-good-bad-and-ugly. [FN10] For a complete timeline of the changes to Facebook’s privacy policy from 2005 to present, see Facebook’s Eroding Privacy Policy: A Timeline, Electronic Frontier Foundation, http://www.eff.org/deeplinks/2010/04/facebook-timeline/ (April 28, 2010). [FN11] See Bianca Bosker, Facebook To Share Users Home Addresses, Phone Numbers with External Sites, HuffPost Technology (Feb. 28, 2011) http://www.huffingtonpost.com/2011/02/28/facebook-home-addresses-phone-numbers_n_829459.html. [FN12] “When you connect with an application or website it will have access to General Information about you.  The term General Information includes you and your friends’ names, profile pictures, gender, user IDs, connections, and any content  shared using the Everyone privacy settings . . . . The default privacy setting for certain types of information you post on Facebook is set to ‘everyone.’”  See Facebook’s Eroding Privacy Policy: A Timeline, Electronic Frontier Foundation, http://www.eff.org/deeplinks/2010/04/facebook-timeline/ (April 28, 2010)(quoting Facebook’s Privacy Policy). [FN13] Clint Boulton, Facebook Invites Privacy Concerns with Sponsored Story Ads, eWeek (Jan. 26, 2011), http://www.eweek.com/ [FN14] Bankston, supra note 10. [FN15] Id. [FN16] Privacy: The Slow Tipping Point, Carnegie Mellon University (2007 Interview Transcript, Podcast Interview of Alessandro Acquisti). [FN17] Bruce Schneier, Google and Facebook’s Privacy Illusion, Forbes (Apr. 6, 2010)(quoting Mark Zuckerburg), http://www.forbes.com/2010/04/05/google-facebook-twitter-technology-security-10-privacy. [FN18] Memmott, Zuckerberg:  Sharing Is What Facebook Is About, http://www.npr.org/alltechconsidered/2010/05/27/127210855/facebook-zuckerberg- (May 27, 2010). [FN19] See Craig, supra note 6. [FN20] Forbes Magazine notes that companies like Facebook are driven by market forces “to kill privacy” by controlling defaults, limiting privacy options, and making it difficult to change such settings.  This results in making it “hard …to opt out.”  Schneier, supra note 18. [FN21] See Pat Coyle, Triumph of the default in sports social networks, Technium Blog (Aug. 18, 2010) http://www.coylemedia.com/2010/08/18/power-of-the-default-in-sports-social-networks. [FN22] Jay Kesan and Rajiv C. Shah, Establishing Software Defaults: Perspectives from Law, Computer Science, and Behavioral Economics, Notre Dame Law Review, Vol. 82, pp. 583-634, 2006 (available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=906816). [FN23] Examples that illustrate the power of defaults are found not only in the technology field but across many other fields.  One oft-cited study of defaults is the work of Madrian and Shea, who studied the impact of defaults on money saving tendencies by changing the defaults of 401(k) retirement plans. Specifically, they changed the default enrollment rule so that new employees had to choose to opt out of contributing to the 401(k) plan rather than to opt into it.  The results were striking.  Changing this one simple default rule brought participation in the 401(k) plan from less than 40% to over 85%.  Furthermore, those who participated made few subsequent changes to their default plan.  This study indicates that defaults can strongly influence real-life decision-making, and that people generally defer to defaults in their decision-making.  Whether the cause of this behavior is momentum, laziness, procrastination, passivity, a tendency to follow the guidance or advice of experts, or some other phenomena, the effect of defaults is very powerful and very real.  See Simon Kemp, Psychology & Economics in Regulation, Institute of Policy Studies (Feb. 19, 2010); Sendhil Mullainathan, Psychology and Development Economics (June 2004) (unpublished manuscript) (on file with Harvard University Department of Economics) see also James M. Poterba,Behavioral Economics and Public Policy: Reflections on the Past and Lessons for the Futurein Policymaking Insights from Behavioral Economics (Christopher L. Foot et al eds., 2007); Kesan, supra note 24. [FN24] Acquisti, supra note 17. For humorous satirical commentary on this phenomena, see Entire Facebook Staff Laughs As Man Tightens Privacy Settings, The Onion (May 26, 2010), http://www.theonion.com/articles/entire-facebook-staff-laughs-as-man-tightens-priva,17508/. [FN25] See Jeff Fox, Why Facebook Users Need Protection, HuffPost Technology (May 4, 2010), http://www.huffingtonpost.com/jeff-fox/why-facebook-users-need-p_b_562945.htmlsee also Protecting Your Computer from Online Threats, Consumer Reports (June 2010), http://www.consumerreports.org/cro/magazine-archive/2010/june/electronics-computers/. [FN26] Id. [FN27] See e.g., JC Raphael, Facebook Privacy: Secrets Unveiled, PC World (May 16, 2010), http://www.pcworld.com/article/196410/facebook_privacy_secrets_unveiled.html. [FN28] “It’s very simple: Facebook is a business and their goal is to make money.  They make money through advertising and selling virtual goods.  The more of your personal information they can mine, the more likely their advertising will result in revenue for Facebook and to their clients. . . . What about privacy settings?  You need to set them, it’s your responsibility and no one else’s.  Facebook wants you to share as much as possible since it helps them monetize your account.  Consequently the default settings tend to be “opt out” rather than “opt in,” knowing that most people review their privacy settings. . . .  You are responsible for what information you post about yourself, the Facebook friends you link to, the privacy settings and the applications you use.” Howard Steven Friedman, You Are Responsible for Your Own (Facebook) Privacy, HuffPost Technology (Mar. 3, 2011) (emphasis added), http://www.huffingtonpost.com/howard-steven-friedman/you-are-responsible-for-y_b_830652.html. [FN29] Another aspect of a laissez faire approach to dealing with online privacy would be to rely on the market to provide competing social networking systems that address privacy differently than Facebook. In other words, if clearer and tighter privacy controls are something that consumers want and value, a market competitor to Facebook should offer a competing alternative. Cf. Hiroki Tabuchi, Facebook Wins Relatively Few Friends in Japan, New York Times (January 9, 2011), http://www.nytimes.com/2011/01/10/technology/10facebook.html (noting Facebook’s relative lack of success in Japan, whose Internet users are “fiercely private.” In Japan, Facebook’s competitors, which “let members mask their identities, in distinct contrast to the real-name, oversharing hypothetical user on which Facebook’s business model is based,” have been far more successful). However, because the value of a social network is largely based on the fact that all of one’s friends are members, the sheer size and momentum of Facebook in the U.S. market may well prevent viable competitors from easily emerging. [FN30] Schneier, supra note 18 (stating that “[i]f we believe privacy is a social good, something necessary for democracy, liberty, and human dignity, then we can’t rely on market forces to maintain it” and calling for broad legislation that would protect personal privacy by giving people control over their personal data). [FN31] See Thomas Clayburn, Facebook Faces Congressional Privacy Interrogation, Information Week (Feb. 5, 2011), http://www.informationweek.com/news/internet/social_network/showArticle.jhtml?articleID=229201226. Facebook responded to this inquiry in a letter on February 23, 2011 (available at http://markey.house.gov/docs/facebook_response_markey_barton_letter_2.2011.pdf) in which it highlighted that Facebook users have various different levels at which they can set their privacy options and that users must give applications seeking to access their personal information permission to do so. Information concerning the Congressmens’ response to Facebook can be found at Markey, Barton Respond to Facebook (Feb. 28, 2011), http://markey.house.gov/index.php?option=content&task=view&id=4238&Itemid=125. [FN32] Article 29 Data Protection Working Party, Press Release, May 12, 2010, available at http://ec.europa.eu/justice/policies/privacy/news/docs/pr_12_05_10_en.pdf. [FN33] Act of March 21, 1938, ch. 49, § 3, 52 Stat. 111 (codified at 15 U.S.C. § 45(a)(1)(1994)). [FN34] See e.g., Federal Trade Commission, Privacy Initiatives, http://business.ftc.gov/legal-resources/29/36 (Last visited February 18, 2011). [FN35] See C. Miller and T. Vega, Google Unveils New Social Tool as It Settles Privacy Case, New York Times (March 20, 2011); Google Agrees to Implement Comprehensive Privacy Program to Protect Consumer Data, http://www.ftc.gov/opa/2011/03/google.shtm (March 30, 2011).  A copy of the consent order is available at http://www.ftc.gov/os/caselist/1023136/110330googlebuzzagreeorder.pdf (Last Visited, April 6, 2011). [FN36] The EPIC Complaints are available at http://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf (“EPIC I”)  and http://epic.org/privacy/facebook/EPIC_FTC_FB_Complaint.pdf (“EPIC II”).  For additional general background regarding the EPIC Complaints, see http://epic.org/privacy/inrefacebook and http://epic.org/privacy/facebook/in_re_facebook_ii.html. [FN37] EPIC I, supra note 37. [FN38] EPIC II, supra note 37 at ¶¶ 65-94. [FN39] See generally FTC Staff Releases Privacy Report, Offers Framework for Consumers, Businesses and Policymakers, Federal Trade Commission (Dec. 1, 2010), http://www.ftc.gov/opa/2010/12/privacyreport.shtm; FTC Staff, FTC Staff Report: Protecting Consumer Privacy in an Era of Rapid Change (2010), http://www.ftc.gov/os/2010/12/101201privacyreport.pdf. [FN40] Similarly, the EFF recently proposed a “Bill of Privacy Rights for Social Network Users.” The Proposed Bill of Privacy Rights includes (i) “the right to informed decision-making” about who sees their personal data, (ii) “the right to control” the use and disclosure of their data, including requiring a default opt-in permission by users, so that user data is not shared unless a user makes an informed decision to share it, and (iii) “the right to leave” a social network, at which point the user data is permanently deleted from the social network’s databases and those of its partners. See Kurt Opsahl,  A Bill of Privacy Rights for Social Network Users, Electronic Frontier Foundation (May 19, 2010), http://www.eff.org/deeplinks/2010/05/bill-privacy-rights-social-network-users; see also Dani Manor, Proposed New Bill of Rights for Facebook Users, Electronic Frontier Foundation (May 21, 2010), http://www.allfacebook.com/eff-proposes-new-bill-of-rights-for-facebook-users-2010-05. [FN41] See e.g., Katie Kindelan, What You Should Know About Facebook’s Response to the FTC, Social Times (Feb. 25, 2011), http://www.socialtimes.com/2011/02/what-you-should-know-about-facebooks-response-to-the-ftc/see also Bianca Boscer, Facebook Response to FTC’s Privacy Plans, Huffpost Technology (Feb. 23, 2011), http://www.huffingtonpost.com/2011/02/23/facebook-responds-to-ftcs_n_827260.html; Leigh Goessl, Facebook Response to FTC Privacy Investigation, Helium (Feb. 27, 2011), http://www.helium.com/items/2103119-facebook-response-to-ftc-privacy-investigation. [FN42] See H.R. 654, 112th Cong. (2011).; See also Bert Knabe, Two Privacy Bills Introduced by Representative Jackie Speier, Lubbock Avalanche-Journal (Feb. 14, 2011), http://lubbockonline.com/interact/blog-post/bert-knabe/2011-02-14/two-privacy-bills-introduced-representative-jackie-speier-d. [FN43] Cf. Farhad Manjoo, No More Privacy Paranoia, Slate (April 7, 2011), http://www.slate.com/id/2290719/pagenum/all/#p2 (noting that regulators must carefully balance the costs of privacy protection with its benefits).

You May Not “Like” This Title: Everything Stored on Facebook Is Discoverable

By Darren A. Heitner* A pdf version of this article may be downloaded here. On its own Fan Page, Facebook describes itself as a service that gives “people the power to share and make the world more open and connected.”[FN1] People over the age of twelve, but not too old to understand how to use a computer keyboard, are able to sign up for a Facebook account and immediately share content and information with the world.  Facebook users may upload photos and videos, update their statuses, share links, create events and groups, make comments, write notes, write messages on their own or others’ “Walls,” and send private messages to other users (all of which will hereinafter be referred to as “Published Facebook Content”).  Facebook delivers on its promise to permit sharing in an online environment where people can easily get caught up on their friends’ actions and activities.  The openness is what makes Facebook extremely desirable; it also makes the platform a potential legal nightmare for those who do not understand how its content may be used as evidence in a lawsuit. In an effort to provide its users with a sense of security, Facebook regularly updates its privacy options, including one which allows users to change the visibility of their profiles from the default “everyone” setting to something more limited or completely private.  If the “everyone” setting is enabled, any person, Facebook user or not, has access to Published Facebook Content (other than private messages) and its association with the user who posted the information.[FN2] Facebook users have the ability to block others from seeing their contact information, personal information, gender and birth date, and Published Facebook Content.[FN3] However, nestled into Facebook’s Privacy Policy in the section titled, “How We Share Information” is a paragraph that begins with, “To respond to legal requests and prevent harm.”[FN4] The paragraph states the following:
We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters) if we have a good faith belief that the response is required by law. This may include respecting requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law under the local laws in that jurisdiction, apply to users from that jurisdiction, and are consistent with generally accepted international standards. We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities.[FN5]
Any privacy granted to a Facebook user is only temporary, as Facebook, at any point in time and at its complete discretion, may invoke the aforementioned paragraph and disclose Published Facebook Content to, not only a court of law, but also a private company, attorney, or other governmental entity.  Even if Facebook attempts to protect a user’s privacy rights, a court may deem that the Published Facebook Content is discoverable.  While there is a deep concern regarding Facebook’s apparent willingness to share Published Facebook Content with companies, lawyers, courts and other government entities, this discussion will focus exclusively on a court’s effort to require Facebook to produce information. I. Discovery Background Under the Federal Rules of Civil Procedure (FRCP) for the United States District Courts, a party may obtain discovery regarding any non-privileged matter that is relevant to any party’s claim or defense, and the court may order discovery of any matter relevant to the subject matter involved in the action.[FN6] The responding party may claim that the information being requested is privileged, and thus refuse to submit the information.[FN7] Alternatively, a party may move for a protective order to guard against annoyance, embarrassment, oppression, or undue burden or expense.[FN8] In lieu of modern civil procedure contemplating liberal disclosure rules for discovery requests, “discovery is not unbridled and not unlimited,” and individuals deserve to have their privacy protected.[FN9] While not all states have adopted rules of civil procedure that match or even closely resemble the FRCP, many states have discovery procedures that are based on the federal system. II.  McCann v. Harleysville Insurance The Supreme Court, Appellate Division, Fourth Department of New York addressed the protection of a Facebook user’s Published Facebook Content in a case involving a driver injured in an automobile accident.[FN10] The Defendant, Harleysville Insurance Company of New York, was not convinced that the Plaintiff, Kara McCann, had sustained serious injuries, and requested production of photographs from McCann’s Facebook account as a means of verification.[FN11] The trial court denied Harleysville Insurance’s motion to compel discovery based on the motion’s being overly broad and the apparent lack of proof regarding the relevancy of the Facebook photos.[FN12] The Appellate Court affirmed the trial court’s holding.[FN13] The decision reveals that parties do not have carte blanche in discovery requests concerning Published Facebook Content.  If a party wishes to require a Facebook user to produce Published Facebook Content, the party must be specific in its demand and clearly identify the relevancy of producing such information.  The Court stated that Harleysville Insurance “essentially sought permission to conduct a ‘fishing expedition’ into plaintiff’s Facebook account based on the mere hope of finding relevant evidence.”[FN14] With a clear showing of relevance by Harleysville Insurance, however, McCann might not have escaped the production of her Facebook photographs, whether she made them available to all through the “everyone” setting or restricted their exposure to a limited group of people. III. Romano v. Steelcase Inc. In another New York case, the Court showed what might happen when a discovery request involving Published Facebook Content is relevant and specific.  A party may have to produce requested Published Facebook Content, even though it was originally marked as private on the social network. In Romano v. Steelcase Inc., Judge Spinner held that, 1) private information sought from Plaintiff Kathleen Romano’s Facebook account was material and necessary for Defendant Steelcase’s defense; 2) Romano did not have a reasonable expectation of privacy in information published on Facebook; and 3) Steelcase’s need for access to Romano’s private information on Facebook outweighed any privacy concerns voiced by Romano.[FN15] Whereas the court in McCann refused to allow the defendant to access a single photograph that the plaintiff posted on her Facebook page, in the instant case, Steelcase was able to reach Romano’s current and historical Facebook pages and accounts, including deleted pages.[FN16] The key difference is that this Court found that the information request was material and necessary, which is a standard that is to be interpreted liberally, requiring disclosure of “any facts bearing on the controversy which will assist preparation for trial by sharpening the issues and reducing delay and prolixity.”[FN17] Romano claimed that she suffered serious injuries which affected her enjoyment of life based, at least partially, on her lack of capacity to participate in certain activities.[FN18] If true, those facts could influence the Court to sympathize with Romano, likely affecting the outcome of the case.  Viewing only the public sections of Romano’s Facebook and MySpace pages, Steelcase discerned that Romano’s active lifestyle had not been affected by any injury.[FN19] Romano claimed that she was confined to her house; public Facebook pictures displayed Romano outside of her home, smiling happily as if she enjoyed her life as much as she had in her pre-injury state.[FN20] With this type of information readily available for the general public to view, what could Steelcase find in the private sections of Romano’s Facebook profile? The Court did not limit Steelcase’s discovery to Romano’s public Published Facebook Content.[FN21] Instead, the Court stated that preventing access to Romano’s private postings would be “in direct contravention to the liberal disclosure policy in New York State.”[FN22] As stated supra, liberal disclosure rules for discovery requests exist on the federal level and within many other states’ disclosure policies. The severity of the claimed injury and the amount of damages requested might play a role in whether a court compels the discovery of private Published Facebook Content as well.  Additionally, private Published Facebook Content may be easier for a defendant to compel in a personal injury case than one involving a different cause of action.  The Court in Romano quoted a Canadian court, which also permitted the discovery of private Published Facebook Content in a personal injury scenario.  The quoted portion is as follows, To permit a party claiming very substantial damages for loss of enjoyment of life to hide   behind self-set privacy controls on a website, the primary purpose of which is to enable people to share information about how they lead their social lives, risks depriving the opposite party of access to material that may be relevant to ensuring a fair trial.[FN23] In response to the Canadian case, the Court held, “To deny Defendant an opportunity to access these sites not only would go against the liberal discovery policies of New York favoring pre-trial disclosure, but would condone Plaintiff’s attempt to hide relevant information behind self-regulated privacy settings.”[FN24] Not only would a party aiming to compel discovery of private Published Facebook Content have a better chance of success in a loss of enjoyment of life case, but they will likely also have a better chance of proving that the opposing party is hiding relevant information in bad faith. Another noteworthy part of the decision is the Court’s rejection of Romano’s Fourth Amendment’s right to privacy argument.  The Court’s reasoning was that Facebook does not guarantee complete privacy and, thus, Romano had no legitimate reasonable expectation of privacy.[FN25] In the Court’s dicta, the following quote was referenced, “[i]n this environment, privacy is no longer grounded in reasonable expectations, but rather in some theoretical protocol better known as wishful thinking.”[FN26] IV.  Conclusion Facebook users may have a false sense of security regarding their Published Facebook Content.  No matter what types of privacy settings a user puts in place, a court may determine that the Published Facebook Content is discoverable by a party to a lawsuit.  For a party attempting to learn more about an adverse party, this could be a pleasant surprise; for a party attempting to hide something that was once posted on his Facebook Page without any thought, it could be the piece of evidence that tears apart his case.  
* Darren Heitner is an associate in the Fort Lauderdale, Florida law firm of Koch Parafinczuk & Wolf, P.A., where he practices all kinds of litigation, including an emphasis on intellectual property law.  He is the Founder and Chief Executive Officer of Dynasty Athlete Representation, a full service sports agency, and is the Founder and Chief Editor of SportsAgentBlog.com and ChangeLegal.com.  Darren graduated from the University of Florida and the University of Florida Levin College of Law. [FN1] Facebook, http://www.facebook.com/facebook (last visited Dec. 31, 2010). [FN2] Statement of Rights and Responsibilities, Facebook, http://www.facebook.com/terms.php (last visited Dec. 31, 2010). [FN3] Facebook’s Privacy Policy, Facebook, http://www.facebook.com/policy.php (last visited Dec. 31, 2010). [FN4] Facebook, supra note 4. [FN5] Facebook, supra note 4 (emphasis added). [FN6] Fed. R. Civ. P. 26(b)(1). [FN7] Fed. R. Civ. P. 26(b)(5)(A). [FN8] Fed. R. Civ. P. 26(c)(1). [FN9] Hecht v. Pro-Football, Inc., 46 F.R.D. 605, 607 (D.D.C. 1969). [FN10] See McCann v. Harleysville Ins. Co. of N.Y., 912 N.Y.S.2d 614, 615 (N.Y. App. Div. 2010) [FN11] Id. [FN12] Id. [FN13] Id. [FN14] Id. [FN15] Romano v. Steelcase Inc., 907 N.Y.S.2d 650, 654-657 (N.Y. Sup. Ct. 2010). [FN16] Id. at 657. [FN17] Id. at 652. [FN18] Id. at 653. [FN19] See id. at 653. [FN20] Id. at 654. [FN21] See id. at 655. [FN22] Id. at 655. [FN23] Leduc v. Roman (2009), 308 D.L.R. 4th 353 (Can. Ont. Sup. Ct. J.). [FN24] Steelcase, 907 N.Y.S.2d at 655. [FN25] Id. at 656. [FN26] Dana L. Flemming & Joseph M. Herlihy, What Happens When the College Rumor Mill Goes Online?, 53 B.B.J. 16, 16 (2009).

Student Speech in Online Social Networking Sites: Where to Draw the Line

By Michael J. Kasdan* A pdf version of this article may be downloaded here. Introduction The move toward online communication has the potential to throw off the historically careful balance that has been struck regarding First Amendment issues in the realm of “student speech.”  In a seminal trilogy of cases, the Supreme Court balanced the free speech rights of students with school districts’ ability – and even responsibility – to regulate student speech that disrupts the learning environment.  Before the proliferation of instant messaging, SMS texts, and social networking sites, the Court allowed schools to regulate on-campus speech in limited circumstances (i.e., when the speech disrupts the learning environment) but did not extend the school’s authority to regulate speech that occurs off-campus (i.e., speech subject to traditional First Amendment protection).  Electronic communication blurs the boundary between on- and off-campus speech.  While a student may post a Facebook message from the seeming privacy of his or her own home, that message is widely accessible and could have a potentially disruptive effect on campus. Because the Supreme Court has not yet addressed this particular issue, courts are struggling to define the proper place of so-called “student internet speech.”  Indeed, two different Third Circuit panels recently came to exactly opposite conclusions on the very same day about the ability of schools to regulate student internet speech: in one, the Third Circuit upheld a school’s ability to discipline a student for creating a fake MySpace profile mocking the school’s principal; in the other, the Third Circuit held the school could not regulate conduct (again, creation of a fake MySpace profile about the school’s principal) that occurred within the student’s home.  Both opinions have since been vacated pending a consolidated rehearing en banc, but the message is clear: courts throughout the country require guidance on the appropriate legal principles applicable to student internet speech. The remainder of this Article introduces the relevant Supreme Court precedent, explores in greater depth the two contradictory Third Circuit opinions, and offers some preliminary analysis as to how the Third Circuit (and perhaps ultimately the Supreme Court) may clarify the law in the pending en banc decision. Background – Supreme Court Precedent The Supreme Court’s seminal pronouncement that set the limits of a school’s ability to regulate student speech came down in 1969.  In Tinker v. Des Moines Independent Community School District, the Supreme Court addressed the issue of “First Amendment rights, applied in light of the special characteristics of the school environment.” [FN1] The Court reasoned that while students do not “shed their constitutional rights to freedom of speech or expression at the schoolhouse gate,” the right to free speech must be balanced against the interest in allowing “[s]tates and of school officials, consistent with fundamental constitutional safeguards, to prescribe and control conduct in the schools.”[FN2] The so-called Tinker rule holds that in order for a school district to suppress student speech (by issuing a punishment or discipline relating to that speech), the speech must materially disrupt the school, involve substantial disorder, or invade the rights of others: “conduct by the student, in class or out of it, which for any reason — whether it stems from time, place, or type of behavior — materially disrupts class work or involves substantial disorder or invasion of the rights of others is, of course, not immunized by the constitutional guarantee of freedom of speech.”[FN3] Since Tinker, the Supreme Court has addressed free speech issues in the context of schools in several cases.  In each case, the Court addressed the tension between the students’ right to free expression and the schools’ need to regulate school conduct in favor of the schools.  In Bethel School District v. Fraser[FN4] the Court distinguished Tinker and found that a school’s discipline of a student for his sexual-innuendo-charged assembly speech was not a violation of the student’s First Amendment rights. [FN5] More recently, in Morse v. Frederick, the Court held that the First Amendment does not prevent school officials from suppressing student speech that was reasonably viewed as promoting illegal drug use at a school-supervised event.[FN6] Today’s Online Student Speech Cases The degree to which student online speech may be regulated is an increasingly significant issue.  As stated in a recent New York Times article, “the Internet is where children are growing up.  The average young person spends seven and a half hours a day with a computer, television, or smart phone . . . suggesting that almost every extra curricular hour is devoted to online life.” [FN7] And today’s online speech has some distinguishing characteristics from “ordinary speech.”  It is extremely public.  It may be rapidly distributed to a wide group of people extremely quickly.  And it may potentially be saved forever. A recent series of cases demonstrate that courts are grappling with how to apply the Supreme Court free-speech precedent to student speech that has moved to online mediums such as the now-ubiquitous Facebook or Twitter.  None of the triumvirate of Supreme Court student speech cases maps easily to the arena of online student speech.  As one state supreme court noted,
“[u]nfortunately, the United States Supreme Court has not revisited this area [of the First Amendment rights of public school students] for fifteen years.  Thus, the breadth and contour of these cases and their application to differing circumstances continues to evolve.  Moreover, the advent of the Internet has complicated analysis of restrictions on speech.  Indeed, Tinker’s simple armband, worn silently and brought into a Des Moines, Iowa classroom, has been replaced by [today’s student’s] complex multi-media website, accessible to fellow students, teachers, and the world.” [FN8]
A recent series of cases from the Third Circuit demonstrates the complexities raised by these cases.  In one case, a Third Circuit panel found a school’s discipline of a student for his online speech to be a violation of the First Amendment and that the school’s authority could not extend to such off-campus behavior.  That very same day, a different Third Circuit panel addressing an almost identical fact pattern came to the opposite conclusion, finding no First Amendment violation when a school district punished a student for online speech. Recent Online Student speech Cases J.S. ex rel. Snyder v. Blue Mountain School District In J.S., the Third Circuit affirmed a district court ruling that a school district had acted within its authority in disciplining a student for creating an online profile on her MySpace page that alluded to “sexually inappropriate behavior and illegal conduct” by her principal. [FN9] The student was a 14-year-old eighth-grader who, along with a friend, had been disciplined by the principal for a dress code violation.  A month later, the students created a fictitious profile for the principal from a home computer on MySpace.  The MySpace profile, which included a picture of the principal taken from the school’s website, described him as a pedophile and a sex addict whose interests included “being a tight ass,” “[having sex] in my office,” and “hitting on students and their parents.”  Word of the MySpace profile soon spread around school.  Eventually, the principal found out about it.  In response, the principal issued the students a ten-day suspension for violating the school’s rule against making false accusations against members of the school staff. [FN10] The students’ parents sued the school district, claiming that the suspension was a violation of their children’s First Amendment rights.  The district court disagreed and found for the school board, concluding that the school had acted properly in suspending the students and that their First Amendment rights had not been violated.[FN11] On appeal, the Third Circuit affirmed.  The Panel majority noted that although the Supreme Court “has not yet spoken on the relatively new area of student internet speech,” courts can derive the relevant legal principles from traditional student speech cases, such as Tinker, Bethel, and Morse[FN12] Drawing from the Tinker standard that a school may discipline students for speech that “create[s] a significant threat of substantial disruption” within the school, [FN13]the Third Circuit found that discipline was appropriate and permissible based primarily on the fact that the profile targeted the principal in a manner that could have undermined his authority by referencing “activities clearly inappropriate for a Middle School principal and illegal for any adult.” [FN14]The court also found that the online context of the speech, which allowed for quick and widespread distribution, exacerbated the situation and increased the likelihood of “substantial disruption.” [FN15] In a strongly written dissent, one of the panel Judges concluded that the Tinker standard had not been met: Tinker requires a showing of “specific and significant fear of disruption, not just some remote apprehension of disturbance.” [FN16] While acknowledging the general power of school officials to regulate conduct at schools, the dissent concluded that the majority decision vests school officials with dangerously over-broad censorship authority in that it “adopt[s] a rule that allows school officials to punish any speech by a student that takes place anywhere, at any time, as long as it is about the school or a school official . . . and is deemed ‘offensive’ by the prevailing authority.” [FN17] The dissent further noted that “[n]either the Supreme Court nor this Court has ever allowed schools to punish students for off-campus speech that is not school-sponsored and that caused no substantial disruption at school.” [FN18] Layshock v. Hermitage School District Curiously, a different panel of Judges of the Third Circuit reached the opposite conclusion on the very same day in a similar case, Layshock v. Hermitage School District.[FN19] In Layshock, the Third Circuit panel affirmed a district court ruling that Hermitage School District’s suspension of high school student Justin Layshock for his “parody profile” of the high school principal on his MySpace page was improper.  The Layshock panel concluded that the high school’s discipline of the student for his online behavior violated his First Amendment free speech rights and that the school’s authority did not reach such off-campus behavior.[FN20] The student, a 17-year-old high school senior, created a fake MySpace profile in the name of his principal, using a picture of the principal from the school’s website.  The profile mocked the principal, indicating that he was a “big steroid freak,” a “big hard ass” and a “big whore” who smoked a “big blunt.”  When the principal learned of the profile, he issued a ten-day suspension and barred Justin from extracurricular activities for disruption of school activities, harassment of a school administrator over the Internet, and computer policy violations.[FN21] Layshock’s parents sued the school district and the principal, asserting violations of the First and Fourteenth Amendments.  The district court ruled in their favor on the First Amendment claim, concluding that the school was unable to establish “a sufficient nexus between Justin’s speech and a substantial disruption of the school environment, which is necessary to suppress students’ speech per Tinker.” [FN22] On appeal, the Third Circuit agreed that “it would be an unseemly and dangerous precedent to allow the state in the guise of school authorities to reach into a child’s home and control his/her actions there to the same extent that they can control that child when he/she participates in school sponsored activities.” [FN23] The court refused to allow the School District to exercise authority over a student “while he is sitting in his grandmother’s home after school.” [FN24] On April 9, 2010, shortly after issuing the seemingly contradictory rulings in J.S. and Layshock, the Third Circuit agreed to rehear the two cases en banc.  Given the factually similar circumstances of the two cases and their opposite results, it is not surprising that the Third Circuit found it necessary to provide clear guidance delineating what type of speech may be punished and how far school districts may go in punishing online speech.  Argument was heard by the full court on June 3, 2010, and a ruling is expected sometime this year.  The Third Circuit en banc review of the J.S. and Layshock cases may also be a precursor to a Supreme Court pronouncement on the topic of School regulation of online student speech. Clarifying The Law? One key issue raised in these en banc appeals – and in other cases around the country addressing similar issues [FN25] – is whether online speech by a student that is generated off school property and not during school hours, but is nonetheless directed at the school, can be regulated by a school district at all.  That is, is such speech “student speech” that may be regulated under appropriate circumstances or is it “off-campus speech” that is out of the reach of school regulation under Tinker, Bethel, and Morse? In the en banc appeals, the school districts argued in their briefing papers and at oral argument that the Supreme Court’s reasoning in Bethel regarding the ability of schools to regulate disruptive student speech should likewise apply to online speech that is directed at school faculty.  They argued that although such “speech” may be created outside of school, it is student speech, because it is specifically aimed at the school or a school administrator.  Further, they argued that such speech may be restricted because it has a sufficient impact on the proper functioning of the school. [FN26] The districts reason that because students today create, send, and access communication using multiple methods including online social media sites, email, and text messaging, the proper focus is not where the speech was made, but whether its impact is felt in school.[FN27] On the other hand, the students argued that a school district’s ability to regulate disruptive student speech should not extend to speech outside of school and that the curtailment of students’ off-campus speech is doctrinally indefensible.[FN28] In my view, extending school districts’ intentionally limited authority to off-campus speech — whether online or otherwise — would set a dangerous precedent.  Indeed, during oral argument of the en banc appeals in June, Chief Judge McKee of the Third Circuit asked if a group of students could be punished if they were overheard in a baseball stadium calling their principal a “douchebag.”  The clear answer is no.  Judge Rendell similarly noted that “the First Amendment allows people to say things that aren’t nice.” [FN29] These seem to be the right points to be making.  In other words, how are the online profiles in the J.S. and Layshock cases any different than distasteful jokes or mocking speech about school officials made outside of school?  TheTinkerBethelMorse trilogy of cases allows for limited regulation of speech in school; they simply do not contemplate otherwise limiting speech outside of school.  While online speech undoubtedly has some characteristics that distinguish it from Judge McKee’s example — i.e., a mocking online profile can be rapidly accessed by a wide group of students and lasts longer than the spoken word — these differences do not justify redrawing the line in order to allow a school to regulate a student’s out-of-school online speech. A second key issue is, if schools were allowed to regulate such speech, how substantial must a disruption be to be considered a “substantial disruption” for which discipline is permitted?  Is a school district’s judgment that there is potential to cause disruption enough, or should more be required? The school districts argue that they should have the authority to regulate speech when it is reasonably foreseeable that it would cause a substantial disruption in school.[FN30] But the students argue that if a school district is authorized to punish students’ off-campus online speech based on a presumed “reasonable possibility” of future disruption, this would eviscerate the careful balance drawn in Tinker. In my view, if schools are allowed to regulate online off-campus speech merely because it is directed towards school officials (a dubious proposition under Supreme Court First Amendment precedents), it is critical that this authority remain as limited as possible.  One way to do that is to tie the school’s authority to the presence of an in-school disruption.  Giving schools the authority to determine that, in their view, there is a “reasonable potential” for a future disruption, even if there is no evidence of any disruption, seems to give them too much power.  For instance, in the Third Circuit cases discussed above, it seems likely that anyone who viewed the fake MySpace profile would know it was intended as a joke.  And there was no evidence of any disruption at all.  Still, the school district punished the speech.  This gives the school district too much power to discipline speech that occurs off-campus. The principles set forth in the seminal Supreme Court student speech cases should favor the students in online speech cases – unless the courts adopt the view that online speech as inherently different from traditional speech.  If so, then the rules regarding school regulation of student speech will change in turn.  The Third Circuit en banc cases ­ and perhaps one day the Supreme Court – must now grapple with that issue.[FN31]  
* Michael Kasdan is an associate at Amster, Rothstein & Ebenstein LLP and is a 2001 graduate of NYU School of Law.  The views and opinions expressed in this article are his own. [FN1] 393 U.S. 503, 506 (1969).  Tinker involved an in-school passive display of political “speech,” students wearing black armbands in school to protest the Vietnam War.  The Court found that while there is a need to provide for authority to regulate disruptive speech in schools, in this case the speech was silent and passive, and there was no “evidence that the authorities had reason to anticipate that the wearing of the armbands would substantially interfere with the work of the school or impinge upon the rights of other students.”  Id. at 509.  Accordingly, the discipline was found to be a violation of the First Amendment.  Id. at 510-11. [FN2] Id. at 506-07. [FN3] Id. at 513. [FN4] 478 U.S. 675 (1986). [FN5] Bethel, unlike Tinker, did not involve political speech, nor was it of the silent variety.  In Bethel, a student delivered a speech at a school event that was based wholly on “explicit sexual metaphor.”  Id. at 676.  The speech, supporting the candidacy of the speaker’s friend for student counsel, used repeated sexual innuendo to comic effect.  In finding that the First Amendment did not prevent the school from disciplining the student for the speech, the Court remarked that it was “perfectly appropriate for the school to . . . make the point to pupils that vulgar speech and lewd conduct is wholly inconsistent with the ‘fundamental values’ of public school education.”  Id. at 685-86.  The in-school nature of the speech was central to this case.  Indeed, Justice Brennan was careful to note in his concurrence that the holding should be narrowly limited to in-school circumstances.  Brennan argued that under applicable Supreme Court precedent, if the same speech had been given “outside of the school environment, he could not be penalized simply because government officials considered his language to be inappropriate” because the speech was far removed from the category of “obscene” speech that is unprotected by the First Amendment.  Id. at 688.  Moreover, the discipline was not based on the fact that the school district disagreed with the political viewpoint of the speech; rather, the basis for the discipline was the school’s interest in ensuring that a school event proceeded in an orderly manner.  Accordingly, Justice Brennan cast the Court’s holding narrowly: “the Court’s holding concerns only the authority that school officials have to restrict a high school student’s use of disruptive language in a speech given at a high school assembly.”  Id. at 689. [FN6] Morse v. Frederick, 551 U.S. 393 (2007).  In Morse, the Court found that a school district may discipline a student for speech at a school event that was regarded as encouraging illegal drug use without running afoul of the First Amendment.  Id. at 408.  There, a student was suspended from school after refusing to take down a banner stating “BONG HiTS 4 JESUS” that he unfurled at a school event.  Id. at 393.  Under these circumstances, the Court found that even though there was no “substantial disruption” caused, id., the discipline by the school was nevertheless appropriate in view of “the special characteristics of the school environment,” id. (quoting Tinker), because schools are entitled to take steps to safeguard the students entrusted into their care from speech that could be reasonably regarded as encouraging illegal drug use. [FN7] Stephanie Clifford, Teaching About Web Includes Troublesome Parts, N.Y. Times, Apr. 8, 2010, at A15. [FN8] J.S. ex rel. H.S. v. Bethlehem Area School Dist., 807 A.2d 847, 863-64 (Pa. 2002). [FN9] J.S. ex rel. Snyder v. Blue Mountain Sch. Dist., 593 F.3d 286, 308 (3rd Cir. 2010). [FN10] Id. at 291-93. [FN11] Id. at 290-95. [FN12] Id. at 295-97. [FN13] Id. at 298. [FN14] Id. at 300. [FN15] Id. [FN16] Id. at 312 (Chagares, J. concurring in part and dissenting in part). [FN17] Id. at 318. [FN18] Id. at 308. [FN19] 593 F.3d 249 (3rd Cir. 2010). [FN20] Id. at 252-54. [FN21] Id. [FN22] Id. at 259-60. [FN23] Id. at 260. [FN24] Id. [FN25] The Third Circuit cases discussed in depth in this article are merely illustrative of the differing results courts addressing this issue have reached.  Similar cases have arisen across the country.  See, e.g., Evans v. Bayer, 684 F.Supp.2d 1365 (S.D. Fl. 2010) (holding, where student created fake and harassing Facebook profile of teacher, school districts may discipline off-campus speech only where such speech “raises on-campus concerns”). [FN26] See J.S., 593 F.3d at 298 n.6 (“Electronic communication allows students to cause a substantial disruption to a school’s learning environment even without being physically present.  We decline to say that simply because the disruption to the learning environment originates from a computer off-campus, the school should be left powerless to discipline the student.”). [FN27] The District also noted that several other appellate courts have held that online speech created by a student at their home computer constitutes “student speech” for First Amendment purposes.  See, e.g., J.S. v. Bethlehem Area Sch. Dist., 807 A.2d 847 (Pa. 2002); Wisniewski v. Bd. of Educ. of Weedsport Cent. Sch. Dist., 494 F.3d 34 (2d Cir. 2007); Doninger v. Niehoff, 527 F.3d 41 (2d Cir. 2008).  In each of those cases, the speech at issue was created at the students’ home outside the physical presence of the schools they attended. [FN28] See J.S., 593 F.3d at 318 n.23 (explaining that Pennsylvania state law clearly intended Bethel to apply only to in-school speech). [FN29] Shannon P. Duffy, 3rd Circuit Mulls Student Suspensions for MySpace Postings, Law.Com, June 4, 2010, available at http://www.law.com/jsp/article.jsp?id=1202459201824. [FN30] “[B]oth the United States Supreme Court and this Court have held that a school district can act to restrict student speech based on a reasonable belief the speech would, in the foreseeable future, substantially disrupt or materially interfere with school activities.  See Tinker, 393 U.S. at 514 (“the record does not demonstrate any facts which might reasonably have led school authorities to forecast substantial disruption of or material interference with school activities”) (emphasis added); Morse, 551 U.S. at 403 (“Tinker held that student expression may not be suppressed unless school officials reasonablyconclude that it will materially and substantially disrupt the work and discipline of the school”) (emphasis added) (internal quotations omitted).

Using Clean Hands to Justify Unclean Hands: How the Emergency Exception Provision of the SCA Misapplies an Already Controversial Doctrine

By Brendan J. Coffman* A pdf version of this article may be downloaded here. INTRODUCTION A man sits in his apartment in a major United States city checking his email. He may or may not be a U.S. citizen, and may or may not be associated with a significant international organization. The government’s intelligence agencies are not aware of the man, and local police officials have no overt reason to suspect anything abnormal or threatening. His email is transmitted and stored by a major electronic communications service provider, and his private messages on the server contain information vital to his plot—to attack a major U.S. city. In the adjacent apartment, a man sends an email to a friend discussing his desire—mostly imaginary, but frighteningly realistic—of assaulting his female neighbor. The friend’s wife intercepts the email. The wife does not believe the man would follow through on his desires, and goads him on in response. Much like the case above, the police have no reason to suspect any dangerous intention from this man. In a third apartment lives a naturalized man originally of Arab citizenry. He is a stand-up citizen, but a local police officer distrusts the man, and suspects the man of plotting an attack. The police officer has no information to justify this premonition, and cannot effectuate a warrant. But he believes that if he had access to the man’s email and other electronic communications, he could prove his suspicions. Each man’s email is stored with an internet service provider (“ISP”). In which of these circumstances could the ISP choose to voluntarily violate the privacy of one of the men and provide the government with the information contained within his email communications? In which of these circumstances should the ISP choose to disclose the information? Furthermore, when must the ISP disclose this information? Lastly, what does this mean in terms of Fourth Amendment privacy rights and the authority of law enforcement professionals? The government’s encouragement—and even reliance—on third-party monitoring of citizens is not a new phenomenon. As technologies have continued to advance, and telecommunications companies have expanded their sphere of influence over the day-to-day operations of citizens’ lives, a natural partnership has arisen between the government and the telecommunications industry. [FN1] But 9/11 and the subsequent War on Terror [FN2] have introduced a new level of urgency to the government’s need for information, [FN3] thus straining the relationship between the government and telecommunications companies. [FN4] While telecommunications companies often seek to help the government for both patriotic and commercial reasons, the fear of lawsuits [FN5] and customer outrage requires them to pursue a more tempered approach to disclosure of customer information. Congress passed the Stored Communications Act (“SCA”) [FN6] in 1986 to limit electronic communications service providers’ ability to disclose private information, and regulate the government’s ability to compel these disclosures[FN7] The SCA requires the government to follow specified legal procedures to access private communications. [FN8] These procedures become increasingly more burdensome for the government as the information it seeks is more private and protected. [FN9] The SCA also contains a recently amended provision governing the voluntary disclosure of private information by Providers in the case of an emergency. [FN10] The emergency exception allows the Provider to disclose the contents of a customer’s communication “to a governmental entity, if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency.” [FN11] The “clean hands” exception allows the government to introduce evidence into trial that was illegally obtained by a third party when the government did not play any role in obtaining that information. [FN12] The clean hands exception stands in contrast to the exclusionary rule in that it values the state’s interest in prosecuting the defendant more than the defendant’s right to privacy. [FN13] It is vital to remember that the clean hands exception only applies in incidents in which the government played no part in the obtaining of the information.[FN14] While the very existence of the “clean hands” exception has split federal circuits, [FN15] Congress never clarified its legislative intent. However, the rationale underlying the clean hands exception is present in Congressional amendments to the SCA. This Comment argues that although amendments to the voluntary disclosure provisions of the SCA are ostensibly an update and ratification of previously existing standards for the controversial ‘clean hands’ exception, the SCA’s emergency exception extends the rationale far beyond the boundaries of the clean hands exception. This difference is markedly different from the “lucky break” fortuitous logic implicated within the clean hands exception. [FN16] This Comment begins with a primer on the laws regulating third party surveillance and its intersection with government access to information obtained by a third party. Part I provides an overview of the Fourth Amendment, its application to electronic surveillance, and a discussion of the exclusionary rule governing the admissibility of evidence obtained in violation of the Fourth Amendment. Part I then assesses the Sixth Circuit’s clean hands exception, including an explanation of the rationale underlying the exception and a discussion of the primary cases invoking the doctrine. Part I next addresses the inadequacies of the Fourth Amendment right to privacy and exclusionary rule pertaining to its application to electronic information as a result of the business records cases. Part I concludes with an overview of Congressional response to these inadequacies through the enactment of several privacy-driven statutes, most notably the Stored Communications Act,[FN17] with particular focus on the compulsory, voluntary, and emergency disclosure provisions aimed at the telecommunications industry in 18 U.S.C. §§ 2702 and 2703. Part II examines connections between the clean hands exception and the amended portions of the SCA. Secondly, Part II conducts an analysis of the deterring factors facing ISPs in each instance, and concludes that the modified voluntary disclosure provisions in Section 2702(b)(8) are less constrained than its clean hands counterpart because of the lack of a legitimate scheme to deter abuses. Part II concludes with a forecast of some of the difficulties that may arise in applying the SCA as a result of these similarities, and argues that the potential for encouraged abuses of the voluntary disclosure provisions may overextend the SCA’s application. Finally, Part III demonstrates this vulnerability through an application of SCA and clean hands exception logic to the hypothetical scenarios presented at the onset of this Comment. I. BACKGROUND A. Stored Communications and Internet Service Providers The growth and pervasion of the internet in the day-to-day lives of Americans cannot be overstated. [FN18] In the 10 years between 1997 and 2007, the percentage of American households containing computers with internet access has grown from 18% to 61.7%. [FN19] The ability to communicate across the internet, particularly though e-mail, has been a major factor in the growth of the internet. [FN20] The structure of the internet, and the fact that we communicate through its unique structure, has a significant effect on both the Fourth Amendment privacy protections of these communications as well as the subsequent regulation of the internet communication industry. [FN21] Individuals using the internet do not communicate directly with another person. Instead, they transmit data across a network and through an ISP, who then routes the data to the desired endpoint. [FN22] This voluntarily disclosure of information to a third party invokes a body of controversial Fourth Amendment law. [FN23] Internet communication is further complicated by another unique aspect of electronic communications. ISP’s generally store records of all communications passing through their servers. [FN24] This further distinguishes e-mail from telephonic conversations, in which the communications company merely transmits the information over their line. ISPs often utilize the communications in the emails passing through their servers to accumulate information about the tendencies and profiles of their customers, as well as to protect their network from any harm that might be caused by customers. [FN25] B. The Fourth Amendment and Protection of Personal Privacy The Fourth Amendment demands that all searches and seizures be reasonable. The Fourth Amendment provides:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. [FN26]
The Fourth Amendment represents the Founders’ belief that personal privacy was fundamental to the success of the American polity. [FN27]Some commentators have posited that the Fourth Amendment’s protection of privacy rights is America’s “most prized possession” [FN28]and the element of the Constitution that most directly affects and influences the lives of Americans. [FN29] The Fourth Amendment’s Warrant Clause, including the requirement that a judge authorize a police officer’s determination of probable cause, provides a substantial check on the Executive’s ability to interfere with the personal privacy rights of the citizens during the course of criminal investigation. [FN30]However, the application of the Fourth Amendment to surveillance, and particularly electronic surveillance, is not as clear. [FN31] 1. The Exclusionary Rule, Evidence Suppression, and the Good Faith Exception Concerns over individual privacy complications in electronic surveillance have their roots in the Fourth Amendment exclusionary rule, which has been used to deter police officers from engaging in unconstitutional searches. [FN32] The exclusionary rule excludes or suppresses evidence obtained in violation of an accused person’s constitutional rights. [FN33] For example, under the exclusionary rule, if police conduct a search without a warrant or probable cause, or obtain a warrant through misinformation, and evidence obtained by the search is suppressed. [FN34] The exclusionary rule applies in both state and federal courts. [FN35] While some argue that this rule is a disservice to the criminal justice system, it is one of the most fundamental deterrents to illegal search and seizure in the American criminal justice system. [FN36] The Supreme Court introduced an important exception to the exclusionary rule in United States v. Leon: the “good faith” exception. [FN37] In Leon, the Court held that when police officers discovered evidence while acting on a defectively administered warrant the evidence from trial because the officers’ reliance on the correct administration of the warrant had been made in objectively reasonable good faith. [FN38] The Court reasoned that that the exclusionary rule is designed to deter police officers, as opposed to a magistrate who issues a warrant. [FN39] The Court then concluded that excluding the evidence in this case would not serve the purpose behind the exclusionary rule. [FN40] As a result, a balancing test has evolved to determine the application of the exclusionary rule in the instance of a good faith police error in which the court considers the nature and intent of the Fourth Amendment violation against the applicability and necessity of tangible evidence. [FN41] The Leon court enumerated four instances in which the good faith exception will not apply to avoid suppression of evidence through the exclusionary rule. First, the good faith exception does not apply if police officers provide misleading or untrue information to a magistrate. [FN42] Secondly, the good faith exception does not apply if law enforcement officials have reason to know that a magistrate has “wholly abandoned his judicial role.” [FN43] Thirdly, the good faith exception does not apply if a warrant is completely unsatisfying of the probable cause standard to the extent that a reasonable police officer should know it is invalid. [FN44] Lastly, the good faith exception will not apply if the warrant is facially defective. [FN45] This rule and series of exceptions reinforces the notion that the Fourth Amendment prohibition of unreasonable search and seizure is at its heart a balancing test. [FN46] 2. The Fourth Amendment and Electronic Communications Historically, the Executive Branch asserted its right to conduct warrantless searches of electronic communications in both the domestic and national arenas as part of its task to protect national security. [FN47] Some have argued that the Founders simply did not contemplate the possibility of electronic communications, and as such, Fourth Amendment privacy concerns should be limited to criminal investigations and not applied to civil litigation. [FN48]Initially, the Executive faced very little resistance in its broad application of Executive authority in electronic surveillance due to the 1928 Supreme Court decision Olmstead v. United States[FN49] In Olmstead, police wiretapped defendant’s phone without a warrant because they suspected he was violating the National Prohibition Act. [FN50] The Olmstead court interpreted the Fourth Amendment’s privacy protection very narrowly and very literally, holding that its protections extended only to physical searches and seizures. [FN51] Since the police did not detain the defendant, enter his home in any manner, or seize any of his material objects, the court held that the police did not violate the Fourth Amendment. [FN52] The limited scope of constitutional privacy protections set forth in Olmsteadsuffered gradual erosions between 1928 and 1967, albeit outside the arena of electronic surveillance. [FN53] However, it was not until 1967 when the Supreme Court, in two landmark decisions, set the standard for individual privacy protection in the face of government electronic surveillance. First, in the June 1967 decision Berger v. New York[FN54] the Court declared unconstitutional a New York statute that permitted law enforcement to engage in wiretapping based merely on the reasonable ground that the wiretap may obtain evidence of an unspecified crime. [FN55] The Court held that the New York statute lacked the “requirement for particularity in the warrant as to what specific crime has been or is being committed” and reversed defendant’s conviction. [FN56] The Berger Court included a dissent from Justice White that foreshadowed the uncomfortable intersection between electronic surveillance for the purposes of law enforcement and surveillance in the name of national security. [FN57]Justice White attached an appendix to his opinion entitled “Excerpt from ‘The Challenge of Crime in a Free Society,’ A Report by the President’s Commission on Law Enforcement and Administration of Justice, at 200-203 (1967).” [FN58] The excerpt highlights the numerous difficulties experienced by the executive in administering surveillances, and calls upon Congress to “enact legislation dealing specifically with wiretapping and bugging.” [FN59]Notably, the Commission Report suggested “All private use of electronic surveillance should be placed under rigid control, or it should be outlawed” and limited the Report by explaining “matters affecting the national security not involving criminal prosecution are outside the Commission’s mandate, and nothing in this discussion is intended to affect the existing powers to protect that interest.” [FN60] Just six months later in 1967, the Supreme Court further expanded the constitutional right to privacy in Katz v. United States[FN61] In Katz, a man inside a public phone booth engaged in illegal wagering over the telephone.[FN62] Agents of the Federal Bureau of Investigation (“F.B.I.”) had placed recording devices just outside of the phone booth that it used to listen to the man’s conversations, and introduced the recordings into evidence. [FN63] The District Court for the Southern District of California convicted defendant on eight counts of transmitting wagering information, and the Ninth Circuit Court of Appeals affirmed the conviction and rejected the argument that the F.B.I. obtained the evidence in violation of the Fourth Amendment. [FN64] The Supreme Court reversed, holding that Fourth Amendment’s privacy protections extended to electronic surveillance and phone conversations specifically.[FN65] Additionally, through Justice Harlan’s concurring opinion, Katzestablished a two-part test for whether an individual has an expectation of privacy that, when violated, can result in the exclusion of evidence. The test finds an expectation of privacy if: (1) the individual had a subjective expectation of privacy, and (2) society recognizes this subjective expectation of privacy as reasonable. [FN66] The importance of this case is twofold: first, it reinforced the Court’s understanding of an implied right to individual privacy in the Constitution, and, secondly, it demonstrated the Court’s willingness to engage in a balancing test when comparing this individual right to privacy against the government’s interest in surveillance. [FN67] The Court’s narrowing of Katz is also important. Much as the Court did just six months earlier, [FN68] the Katz decision included two caveats, both pertaining to national security concerns. [FN69] First, Justice Stewart’s majority opinion included a footnote explaining that the question of national security is not an issue presented to the court. [FN70] Secondly, in a brief concurrence, Justice White reiterated his interpretation that the warrant requirement should not extend to national security matters in which the President and/or the Attorney General have “authorized electronic surveillance as reasonable.” [FN71]Although not explicitly, Justice White appeared to be calling upon Congress to act with regard to the distinction between electronic surveillance for law enforcement purposes and for national security purposes. [FN72] C. Congress Responds to the Inadequacies of Katz 1. Enactment of Title III Congress promptly acquiesced to Justice White’s subtle suggestion from Katz, and passed Title III of the Omnibus Crime Control and Safe Streets Act of 1968, [FN73] widely referred to as Title III. [FN74] Title III embraced the holdings of Katz and Berger by codifying the rights to privacy in oral communications [FN75] and wire communications. [FN76] Title III requires that if the government wishes to begin oral or wire surveillance, it must obtain a warrant before beginning surveillance. [FN77] Additionally, Title III establishes a uniform standard under which the government may pursue a warrant. [FN78]Specifically, to obtain a warrant, the government must demonstrate that it (1) has probable cause against the target of the surveillance; [FN79] (2) has a special need to conduct electronic surveillance; [FN80] and (3) will minimize the interception of innocent communications. [FN81] Furthermore, a target of electronic surveillance under Title III has the right to learn about the surveillance and challenge the probable cause against him, and may demand the exclusion of any evidence obtained against him if the government has violated Title III in obtaining the evidence. [FN82] Title III extends to third party intrusion on individual privacy through a broad application of the exclusionary rule as the remedy available. The evidentiary prohibition portion of Title III stipulates the following: [FN83]
Whenever any wire or oral communication has been intercepted, no part of the contents of such communication and no evidence derived therefrom may be received in evidence in any trial, hearing, or other proceeding in or before any court, grand jury, department, officer, agency, regulatory body, legislative committee, or other authority of the United States, a State, or a political subdivision thereof if the disclosure of that information would be in violation of this chapter.
In applying an exclusionary remedy to a victim of illegal interception, Congress maintained Title III’s connection to the Fourth Amendment common law remedy. [FN84] For a short time after its enactment, individual privacy with respect to electronic communications fell largely under the purview of Title III. [FN85] Although not explicit in the statute’s language, Title III embraced Justice Harlan’s “reasonable expectation of privacy” test from Katz[FN86] While Title III extended to the suppression of oral or wire communications that were intercepted by third parties, Title III did not account for the fact that individuals voluntarily share information with third party telecommunications companies during the course of normal interaction. [FN87] It soon became clear that the Fourth Amendment did not protect this information either, when the Supreme Court narrowed the scope of the Fourth Amendment’s privacy protections with regard to this voluntarily shared information in two landscape-altering cases. 2. Miller, Smith, and the Court’s Narrowing of Fourth Amendment Privacy Protections In 1976 and 1979, the Supreme Court decided United States v. Miller [FN88]and Smith v. Maryland[FN89] commonly referred to as the “business record” cases. [FN90] The holdings of Miller and Smith significantly marginalized Katz.[FN91] Specifically, these cases jointly established that the temporary-yet-voluntary possession of an individual’s information by a third party precluded a legitimate expectation of privacy in that information, thus precluding application of the exclusionary rule to that information. [FN92] In Miller, agents from the Bureau of Alcohol, Tobacco, and Firearms subpoenaed defendant’s bank account to demonstrate that he was engaged in several illegal acts, including prohibition-related offenses and tax fraud.[FN93] The government used the defendant’s bank account information to convince the district court to convict him after denying his motion to suppress the bank account information from evidence on Fourth Amendment grounds.[FN94] The Court of Appeals for the Fifth Circuit reversed the conviction, citing Boyd v. United States [FN95] and determining that the government’s subpoena of the defendant’s bank account information was a Fourth Amendment violation. [FN96] The Supreme Court reversed, holding that the defendant did not have a reasonable expectation of privacy with regard to his bank records because he voluntarily disclosed the records to the bank. [FN97] The Court stressed that the Fourth Amendment “does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities.” [FN98] Just three years later, the Court fortified its holding in Miller by holding that an individual does not have a legitimate expectation of privacy with regard to the phone numbers he dials from his house. [FN99] In Smith v. Maryland, the police requested and the phone company agreed to install a pen register[FN100] at the telephone company’s offices that recorded the numbers the defendant dialed from home. [FN101] The Smith Court applied both prongs of Justice Harlan’s Katz test to determine whether the Fourth Amendment applied to the phone numbers that the defendant dialed. First, the Court concluded that a telephone user should not have a subjective expectation of privacy in telephone numbers dialed because “[a]ll telephone users realize that they must ‘convey’ phone numbers to the telephone company.” [FN102] Secondly, the Court reasoned that even if the defendant had a subjective expectation of privacy, such expectation is not one that the society recognizes as reasonable.[FN103] The Court held that the telephone user “assumed the risk” that the government would obtain these telephone numbers, and reiterated its stance in Miller that a person does not hold a legitimate expectation of privacy in information he turns over to a third party. [FN104] As it turns out, Smith was just the beginning of widespread confusion when applying Fourth Amendment principles to developing technologies. D. The Clean Hands Exception: An Avenue for Introducing Illegally Obtained Evidence into the Courtroom Early legislative efforts in response to the business records cases granted a broad range of individual privacy protections. [FN105] However, one important instance of discord centered around whether the government should be allowed to introduce into evidence information obtained illegally by a third party but which the government did not play a part in obtaining. [FN106]Commonly referred to as the “clean hands” exception, the question is one that continues to split federal circuits. [FN107] The most modern seminal “clean hands” case is United States v. Murdock[FN108] in which the Sixth Circuit held that the government was allowed to introduce evidence of a man’s criminal conduct that was recorded illegally by the man’s wife. [FN109] 1. Factual and Procedural Background In Murdock, a wife became suspicious of her husband’s dealings, both personally and professionally. [FN110] As a result, she began recording conversations from the family business telephone line on an extension of the business’ telephone line connected to the family’s home. [FN111] After seeing a story in the local paper about the negotiations between the school board and a local dairy, the wife became convinced that her husband, who was president of the school board, was acting improperly. [FN112] She went back and listened to her recordings, and found evidence of her husband accepting a bribe from the local dairy. [FN113] The wife forwarded the information to a competing dairy, who in turn forwarded the information to the local newspaper.[FN114] An investigation ensued, and the government eventually used this information to charge the husband for income tax evasion because he failed to report the bribe as income. [FN115] The husband then moved to suppress the evidence under Section 2515 of Title III, [FN116] which provides for the exclusion of evidence obtained through illegal surveillance. [FN117] The district court denied the defendant’s motions to suppress on two grounds. First, the court held that the statutory prohibitions of Title III did not apply in this case because of the business line extension in the family’s home. [FN118] The Court explained that Sections 2510(4) and 2510 (5) provide an exception to the statutory prohibition of electronic surveillance that occur in the place of business and during the ordinary course of business. [FN119] The Sixth Circuit reversed this holding, yet conceded that the wife’s monitoring of her husband was in fact a violation of Section 2515 of Title III. [FN120] Second, the district court held alternatively that the exclusionary remedy for a Title III violation did not apply to the government “where it played no part in the interception of the conversation.” [FN121] The Sixth Circuit agreed with this conclusion, and affirmed the lower court’s decision that the government was entitled to a “clean hands” exception to the Title III exclusionary rule. [FN122] 2. The Court’s Rationale The Sixth Circuit’s holding in Murdock rested on the fact that the government did not play a part in the illegal electronic recording activity. [FN123] This led the court to reason that the public policy interest in allowing the evidence into court outweighed an interpretation of the applicable law in favor of the defendant. [FN124] In reaching this conclusion, the Sixth Circuit analyzed competing theories of Title III and Fourth Amendment jurisprudence. First, the court reanalyzed the legislative history of Section 2515, and determined that the statute only aimed to protect victims of unlawful interception from the perpetrator’s use of the information against the victim.[FN125] In so holding, the Murdock court distanced itself from United States v. Vest[FN126] the initial case to invoke the clean hands exception. [FN127] In Vest, the government prosecuted a man for acting as a conduit in the bribery of a Massachusetts police officer. [FN128] A criminal defendant made an illegal recording of his payment to a Boston police officer as part of a bribe to ensure a lenient sentence. [FN129] When the police officer claimed that he had not received the payment, the defendant turned over the recording to the authorities. [FN130] The government attempted to introduce the recording as evidence against the police officer. [FN131] However, the First Circuit rejected the government’s argument. [FN132] The court relied on the 1972 Supreme Court case Gelbard v. United States [FN133] to demonstrate Title III’s broad implications regarding fundamental privacy rights, and reiterated the finding that “the protection of privacy was an overriding congressional concern . . . and that secton 2515′s importance as a protection for the victim of an unlawful invasion of privacy could not be more clear.” [FN134] The Gelbard court relied on a 1968 Senate Report supplementing the passage of Title III, which read in pertinent part: [FN135]
Virtually all concede that the use of wiretapping or electronic surveillance techniques by private unauthorized hands has little justification where communications are intercepted without the consent of one of the participants. No one quarrels with the proposition that the unauthorized use of these techniques by law enforcement agents should be prohibited. . . . Only by striking at all aspects of the problem can privacy be adequately protected. The prohibition, too, must be enforced with all appropriate sanctions. Criminal penalties have their part to play. But other remedies must be afforded the victim of an unlawful invasion of privacy. Provision must be made for civil recourse for damages. The perpetrator must be denied the fruits of his unlawful actions in civil and criminal proceedings. Each of these objectives is sought by the proposed legislation.
The Vest court also based its conclusion on the grounds that the government should not receive a clean hands exception when prosecuting a case in which the government would not have been able to receive a wiretap warrant.[FN136] A Title III warrant for electronic surveillance is only available when an appropriate magistrate determines that such surveillance will lead to evidence of an enumerated crime. [FN137] Perjury is not one of the enumerated crimes, and the police therefore would not have been able to obtain a wiretap to demonstrate the police officer’s perjury. [FN138] The Vest court’s rationale for rejecting a clean hands exception has most been embraced more recently by the Third Circuit in In re Grand Jury[FN139] The Third Circuit, in relying on Vest and explicitly rejecting Murdock, concluded that refusing to suppress the evidence might have been plausible had the court interpreted a conflict between the plain statutory reading of Section 2515 and available legislative history. [FN140] However, the court found no conflict, and emphasized a lack of legislative history suggesting a suspension of the suppression remedy. [FN141] The Murdock court disagreed with the Vest court’s analysis of the legislative history, and instead interpreted the legislative statements to read that Section 2515 did nothing to alter the traditional Fourth Amendment analysis that accompanies a search. [FN142] Thus, the court reasoned that like traditional Fourth Amendment procedure that does not require suppression of evidence that police obtain [in good faith / due to luck / etc], the Fourth Amendment and Title III in no way require courts to suppress oral and wire surveillance evidence when the police obtain that evidence merely through a lucky break.[FN143] In support, the court cited the Sixth Circuit case United States v. Underhill [FN144] in demonstrating the principle that evidence suppression under Section 2515 does not occur in all circumstances. [FN145] Nonetheless, the Murdock court held that Section 2515 did not intend to create a loophole through which a defendant could escape liability. [FN146] The Murdock court also considered it vital that a suspension of the suppression remedy in such circumstances would in no way adversely encourage police officers from violating Title III. [FN147] The Murdock court also relied heavily on United States v. Baranek[FN148]which held that the government could introduce evidence obtained when a defendant failed to properly hang up a phone after a legally wiretapped conversation. [FN149] The court in Baranek explained that the government caught a “lucky break,” and that allowing the introduction of this evidence into court would be consistent with 18 U.S.C. Section 2515. [FN150] The Murdock court came to a similar conclusion, finding the wife’s illegal recording and subsequent disclosure of the telephone conversation to the police analogous to the lucky break in Baranek. [FN151] The court found especially compelling the argument that allowing the evidence into trial “would not create the problem of government agents encouraging violations of Title III.” [FN152] 3. The Present Status of the Clean Hands Exception The Sixth Circuit stands alone in its analysis of the clean hands exception, however, as several other circuits have reasoned that a plain language reading of the statutory exclusionary rule leaves no room for the creation of a clean hands exception. [FN153] These courts hold that the deterrent effect of the exclusionary rule maintains its applicability even when the government has clean hands. These courts emphasize that the Fourth Amendment exclusionary rule, on which the Title III rule is based, is a judicial construct whereas the rule set forth in Title III is a congressionally-created mechanism.[FN154] The fact that the rule has a statutory foundation provides less leeway for the courts in determining when and how to implement the rule. [FN155] In 2009, the Fourth Circuit became the most recent Court of Appeals to hear the matter, and sided with the plurality of federal courts of appeal. [FN156] The court shared much of the reasoning of prior courts, and added that Congress’ silence regarding the ambiguous statute reinforces the plurality’s interpretation, as Congress has had ample time to clarify the statute’s meaning. Nestled within the debate of whether a clean hands exception exists under Title III is whether a plain language reading of the Title III leads one to a natural conclusion that Title III contains a clean hands exception. The Murdock court certainly believed the plain language reading was ambiguous, and looked to legislative intent in deciding the case, declaring “[t]here is nothing in the legislative history which requires that the government be precluded from using evidence that literally falls into its hands.” [FN157] The First Circuit, on the other hand, saw no ambiguity in the statute as written, and refused to extend a “clean hands” exception, explaining “the government’s use of unlawfully intercepted communications where the government was not the procurer would eviscerate the statutory protection of privacy from intrusion by illegal private interception.” [FN158] Congress has declined any opportunity to clarify its meaning, instead leaving the federal courts to battle out the existence and utility of a plain meaning reading of the statute. The clean hands exception functions as the “alter ego” of the good faith exception highlighted by the Court in Leon[FN159] The Court has applied the good faith exception narrowly, limiting it only to police officers in the field and not applying it to situations in which a Title III exclusionary rule question arises with respect to the third party surveillance. [FN160] In essence, a good faith argument against suppression of evidence may be replaced by one of clean hands in situations of third party monitoring. [FN161] One key distinction, however, is that in many situations of good faith, the officers in question may not be acting illegally, whereas an individual monitoring the communications of another is engaging in a violation of Title III. [FN162] E. The Stored Communications Act The combination of the business record cases and the rapid development of new technologies forced Congress to again address the nexus between Fourth Amendment individual privacy concerns and communications. [FN163]Specifically, due to the business records cases, any info transmitted voluntarily to a third party has no legitimate expectation of privacy, and thus is unprotected by the Fourth Amendment. Since more and more people are using email, which necessarily passes through a third party ISP, this suggests that a key way that people communicate is unprotected by the Fourth Amendment. In 1986, understandably concerned about the privacy of electronic communications, Congress passed the ECPA. [FN164] [FN165]Congress’ purpose behind the ECPA was to extend Fourth Amendment privacy principles to electronic communications and to regulate “the relationship between government investigators and electronic service providers in possession of users’ private information.” [FN166] The ECPA contains three primary sections: The Wiretap Act, the Pen Register Act (“PRA”), and the SCA. [FN167] The SCA alone regulates past and stored information, [FN168] whereas the PRA and the Wiretap Act both govern “communications in transit,” limiting application of these statutes to transmission of information occurring in the moment. [FN169] These statutes can also be distinguished on practical grounds. Whereas telecommunications companies providing services governed by the PRA and the Wiretap Act only have fleeting access to the content of their customers’ communication, ISPs (as well as mobile phone companies storing either voicemail or text messages) maintain access to this information for as long as a customer chooses to leave the information on the server without deleting it. [FN170] A 1985 Congressional study into the privacy implications for technologies to be governed by the ECPA concluded the following with respect to ISP practices:
All electronic mail companies retain a copy of the message both for billing purposes and as a convenience in case the customer loses the message. Based on the reasoning in United States v. Miller, 425 U.S. 435 (1976), where the Court ruled that records of financial transactions, including copies of personal checks, were the property of the bank and that an individual had no legal rights with respect to such records, it is possible that an individual would not have a legal basis from which to challenge an electronic mail company’s disclosure of the contents of messages or records of messages sent. [FN171]
Stored communications can include both content and non-content information,[FN172] but the protections enacted in the SCA seek to fortify an individual’s privacy with respect to the content of his electronic communication. [FN173] 1. The Statute’s Protection Against Compulsory Disclosure On its face, the SCA extends a broad range of protection to customers and consumers of electronic communications service providers (“Providers”), such as ISPs. Section 2701 provides both criminal and civil penalties for either accessing without authorization “a facility through which an electronic communication service is provided” or exceeding one’s authorization in accessing such facility. [FN174] However, Section 2701(c) nullifies these punishments in instances in which either an electronic communication service provider or the user of that service authorizes the access. [FN175] Some commentators have pointed out another limitation to the statute. The provision applies only to electronic communications services (“ECS”) [FN176] and, through omission, does not apply to facilities in which a remote computing service (“RCS”) [FN177] is provided. [FN178] This distinction is drawn out in later sections of the SCA, but an understanding of the differences between the two services is necessary to comprehend the SCA. Professor Orin Kerr best explains the distinction between ECS and RCS by breaking down the life of an e-mail into its two core parts: (1) transmission of communication; and (2) storage of that communication in its electronic form.[FN179] When an e-mail is sent to another person through a Provider, the Provider is acting as an ECS with respect to that message—it is providing the user with the ability to transmit the communication, as well as temporary storage. [FN180] However, if that e-mail stays on the Provider’s server beyond a temporary status, statutorily defined as 180 days, [FN181] the very same Provider becomes an RCS in that it is providing computer storage or processing to the public. [FN182] This is true regardless of whether the recipient has read the message. The distinction is further complicated by the fact that most modern ISPs provide both ECS and RCS through their normal procedures. [FN183] In certain circumstances, the SCA requires that a Provider disclose information to the government when the government follows certain specified procedures to request it. Compulsory disclosure under the SCA is governed by Section 2703 and trumps the disclosure limitations set out in Section 2701(c), meaning that neither the government nor the Provider suffers any criminal or civil penalties for disclosure. [FN184] Section 2703 considers three types of electronic communications: (1) those held by an ECS for 180 days or less; (2) those held by an ECS for more than 180 days; and (3) those held by an RCS.[FN185] The 180 day cut-off period becomes extremely important when the government is seeking a compulsory disclosure. Communications in the first group may only be compelled if the government obtains a warrant through normal Fourth Amendment probable cause standards. [FN186] But, communications in either the second or third group allow the police to compel the information by either obtaining a warrant, or obtaining a grand jury or administrative subpoena. [FN187] The government may also obtain the information through a court order provided that the government informs the customer of the subpoena or court order after the fact. [FN188] This tangled compulsory disclosure languages creates a difficult situation for the government seeking evidence in a criminal or national security investigation.[FN189] 2. The Statute’s Allowance of Voluntary Disclosure One pivotal distinction between the SCA and its counterparts enacted under the ECPA is the existence of a voluntary disclosure option. [FN190] While all three parts of the ECPA contain language governing compulsory disclosure by a Provider, the SCA alone contains a provision that allows Providers to independently and voluntarily supply certain information to the government in specific circumstances. [FN191] Sections 2702(b) and 2702(c) govern the voluntary disclosure of customer communicative information by Providers.[FN192] The disclosure of customer non-content, customer records falls under 2702(c), and overrides the limits set forth in Section2702(a). [FN193] Section 2702(b) provides the voluntary disclosure rules pertaining to content information. [FN194] In the case of stored communications, the content information consists of the actual communication within the body of an email.[FN195] The envelope information consists of the sending and receiving email addresses, IP addresses, and email subject lines. [FN196] For the purposes of assessing the connection between the clean hands exception and the SCA, the provisions controlling content information in Section 2702(b) are much important. Section 2702(b) reads as follows:
(b) Exceptions for disclosure of communications. A provider described in subsection (a) may divulge the contents of a communication– (1) to an addressee or intended recipient of such communication or an agent of such addressee or intended recipient; (2) as otherwise authorized in section 2517, 2511(2)(a), or 2703 of this title [18 U.S.C. § 2517, 2511(2)(a), or 2703]; (3) with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service; (4) to a person employed or authorized or whose facilities are used to forward such communication to its destination; (5) as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service; (6) to the National Center for Missing and Exploited Children, in connection with a report submitted thereto under section 2258A [18 U.S.C. § 2258A]; (7) to a law enforcement agency–(A) if the contents–(i) were inadvertently obtained by the service provider; and (ii) appear to pertain to the commission of a crime; or (8) to a governmental entity, if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency.
The first seven enumerated circumstances all pertain to either an individual’s right to control his own information, or a particular government purpose. The eighth provision is unlike the previous seven in that it (1) allows for a great deal of discretion, and (2) allows Providers to make the determination regarding both the severity of the emergency and the exigency with which the government will require the information. [FN197] Significantly, Section 2702(b)(8) did not always exist, so Providers were not always allowed to disclose purely because there was an “emergency” situation. [FN198] Prior to its enactment, the SCA allowed for voluntary disclosure only when two stipulations were satisfied: First, the information had to be inadvertently obtained by the service provider. [FN199] Second, the information had to relate to a crime. [FN200] In response to critical national security concerns in the wake of 9/11, and to give law enforcement personnel an enhanced ability to detect and prevent crimes, Congress significantly amended Section 2702(b)(8), otherwise known as the “emergency disclosure provision.” [FN201] The following subpart discusses the evolution of this provision. 3. Significant Amendments to 2702(b)(8) in the Wake of 9/11 Over the course of fourteen months immediately after 9/11, Congress made four critical changes to the voluntary disclosure provisions of Section 2702(b) which greatly increased the scope of provision and ISPs’ discretion. [FN202]Pursuant to Section 212 of the USA PATRIOT Act, on October 26, 2001 the government first expanded the scope of the voluntary disclosure by allowing an ISP to divulge content information to law enforcement if it believed “an emergency involving immediate danger of death or serious physical injury to any person” was imminent. [FN203] Just one year after the PATRIOT Act modifications, in November of 2002, Congress passed the Homeland Security Act which again expanded the scope of voluntary emergency disclosure. [FN204] This modification provided three significant changes to the statute. First, Congress allowed for disclosure in the instance of “serious physical injury,” thereby eliminating the previous “danger of death” requirement. [FN205] Secondly, the Homeland Security Act removed the “reasonable belief” requirement, leaving only a “good faith belief” standard. [FN206] Thirdly, Congress included a requirement that the communication disclosed through Section 2702(b)(8) “relate to the emergency” but also expanded ISPs’ options by allowing them to disclose to any federal, state, or local government entity instead of strictly a law enforcement official. [FN207] Aside from a small alteration in the USA PATRIOT Improvement and Reauthorization Act of 2005, in which Congress clarified that content and noncontent information should be treated identically, Section 2702(b)(8) remains unchanged and, perhaps surprisingly, widely unlitigated. [FN208] The amendments to the voluntary disclosure provisions were immediately controversial. The amendments met faced criticism during Congressional debates. [FN209] The debate featured those who insisted that the amendments were necessary to enable law enforcement and homeland security professionals access to vital information in a timely manner. On the other hand, many privacy advocates argued that the amendments overstepped Fourth Amendment boundaries. Alan Davidson of the Center for Democracy and Technology explained “the emergency disclosure provision of section 102 as drafted currently is overly broad, and we fear would eviscerate some important privacy protections that exist in the law right now…our fear is that these voluntary disclosures are turning into a major loophole in current law, because small providers are not in a position to evaluate these requests when they come, and of course, just turn around and provide this information.”[FN210] Congress also included a check against voluntary disclosure abuses via Section 2702 by requiring the Attorney General to submit an annual report containing the number of voluntary disclosures received by the Department of Justice to the Committee on the Judiciary of the House of Representatives and Committee on the Judiciary of the Senate. [FN211] This report must also contain the basis for disclosure for all instances in which the Department of Justice closed an investigation without filing charges against the ISP user in question. [FN212] It is noteworthy that Congress continues to introduce legislation in efforts to limit the broad scope of the emergency exception. [FN213] In late 2009, Senators Feingold and Leahy, joined by Representatives Conyers and Nadler in the House, proposed legislation to re-amend the language of the emergency disclosure provision. [FN214] The legislation proposed to insert an immediacy requirement for the disclosure. [FN215] This would limit the number of circumstances in which the Providers could disclose information, and provide an added level of privacy protection for customers. [FN216] 4. Remedies Under the SCA The SCA provides for a different set of remedies against a Provider than it does for an action against an individual in violation of the statute. Section 2701(b) provides for both fines and jail time for violations of the SCA by someone other than a Provider, a user with respect to the communication in question, or the government. [FN217] Violations made for the purpose of commercial advantage, malicious destruction or damage, for private commercial gain, or in furtherance of an act against the Constitution may receive a fine and/or jail time up to five years for a first offense and 10 years for any subsequent offenses. [FN218] Violations made in other circumstances may be punished by up to one year imprisonment and a fine. [FN219] The only remedy available against a Provider through the SCA is a civil action.[FN220] The exclusion of evidence is not an available remedy. [FN221]Moreover, Congress set the bar high, requiring the plaintiff to show the Provider acted “with a knowing or intentional state of mind.” [FN222] However, courts have been generous in awarding damages in successful suits, and may not necessarily require the plaintiff to show actual damages. [FN223] 5. SCA Voluntary Disclosure Litigation in the Wake of September 11, 2001 Litigation over Section 2702(b) remains scant. The leading case on this provision is Freedman v. Am. Online, Inc.[FN224] which was decided on Section 2703 grounds after the court explicitly rejected the government’s voluntary disclosure argument under Section 2702(b)(8). [FN225] In Freedman, two police officers in Connecticut faxed an unsigned warrant to America Online (“AOL”), an ISP. Believing the warrant to be effectuated properly, AOL complied with the warrant’s request and disclosed to the police officers the plaintiff’s “name, address, phone numbers, account status, membership information, software information, billing and account information, and his other AOL screen names.” [FN226] The police officers contended that they did not actually require AOL to disclose the information, but rather merely requested it, and that AOL subsequently provided the information in something akin to a voluntary disclosure under Section 2702(b)(8). [FN227] The court rejected the officer’s argument, holding that the officers failed to follow the stipulations set forth in 18 U.S.C. Section 2703(c), and noted that the SCA existed to balance the desire to protect personal privacy with legitimate law enforcement needs. [FN228] The Freedman court explicitly and purposefully distanced its opinion from how it might rule in an emergency circumstance. The court explained that it “decline[d] to speculate whether it would ever be appropriate, under exigent circumstances when it would not be feasible to get a signed warrant or comply with other legal process, for the government to notify the ISP of an emergency and receive subscriber information without conforming with the ECPA.”[FN229] AOL explained that they believed the warrant was issued correctly, and did not intend to voluntarily disclose any information to the police officers.[FN230] The net result is a single instance in which the court refused to find a legitimate voluntary disclosure because there was no evidence of volition by the service provider. However, this holding contains a significant caveat that the court might find otherwise if the circumstances were either (1) more similar to an emergency from the law enforcement’s perspective; or (2) more founded upon a subjective good faith voluntary disclosure by the ISP. Freedman differs from Jayne v. Sprint PCS[FN231] a 2009 case in which the Court for the Eastern District of California determined that the telecommunication provider acted correctly in providing authorities with an individual’s cell phone records and GPS location. [FN232] Authorities had reason to believe the defendant had kidnapped a child, and contacted the service provider requesting that Sprint voluntarily disclose the information.[FN233] Two key factors distinguish Freedman from Jayne. First, the issue at hand in Jayne was a cell phone and not an email. [FN234] The fact that it was a cell phone and that GPS could be used to locate the defendant increases the likelihood of utility and the urgency. Secondly, the authorities only requested the defendant’s cell phone records, as it would have been impossible to obtain the content of his communications. [FN235] These differences tip in the government’s favor, and the court approved of the disclosure. The court did not add any caveats, and appeared to completely approve of the voluntary disclosure, but the question remains unanswered as to how a similar case would unfold with an electronic communication. [FN236] II. CONNECTING THE CLEAN HANDS DOCTRINE TO THE SCA The modifications made to Section 2702 of the SCA, particularly the emergency exception, have improved the government’s ability to obtain content information from stored communications. [FN237] This enhanced ability assists in the prevention or detection of a crime, and certainly provides the government with another tool in war on terror. [FN238] Instead of engaging in the guesswork oftentimes associated with national security prevention, the government may now rely on Providers such as ISPs to monitor communications traveling through their network and alert the government to any potentially catastrophic events. In 2004, the Department of Justice explained the rationale behind the modifications to Section 2702 that have made this possible: [FN239]
Cooperation of Third Parties The cooperation of third parties in criminal or terrorist investigations is often crucial to a positive outcome. Third parties, such as telecommunications companies, often can assist law enforcement by providing information in emergency situations. Previous federal law, however, did not expressly allow telecommunications companies to disclose customer records or communications in emergencies. Even if a provider believed that it faced an emergency situation in which lives were at risk, if the provider turned over customer information to the government, it risked, in some circumstances, being sued for money damages. Congress remedied this problem in section 212 of the USA PATRIOT Act by allowing electronic communications service providers to disclose records to the government in situations involving an immediate danger of death or serious physical injury to any person. Section 212 has already amply proved its utility.
By enacting Section 2702(b)(8), Congress adapted and codified the policy underpinnings of the “clean hands” exception for surveillance by a third party conducted in violation of Title III. In the name of national security, particularly with respect to the asymmetric nature of the war on terror, Congress has created a provision that not only allows, but encourages ISPs to supply the government with a “lucky break.” [FN240] This Part first examines some of the similarities between the clean hands exception and the provisions of Section 2702(b)(8). This subsection also briefly touches upon the “grey zone” complication in which ISPs and other telecommunications companies are not sure if a particular set of facts falls within the compulsory disclosure language of Section 2703 or the voluntary disclosure language of Section 2702(b)(8), and the perverse effects this has on government’s involvement with potentially dangerous situations. This Part then discusses the deterrent factors influencing each regime, and highlights the failure of Congress to include a reasonable check on ISPs and law enforcement in emergency situations. A. Assessing Amendments to the Voluntary Disclosure Provisions as Ratifications of the Clean Hands Doctrine At its core, the clean hands doctrine allows the government to obtain and employ evidence that it either would not be able to obtain on its own, or would not know to obtain on its own. [FN241] This differs from the good faith doctrine, which essentially allows the government to obtain and employ evidence it knew to and attempted to obtain, but committed a procedural error during the course of investigation. [FN242] The clean hands exception comes at a non-trivial price, as the privacy of an individual—admittedly an individual engaging in illegal behavior—is compromised for the sake of furthering an investigation. While one monitoring the communications of another would likely still face Title III consequences, the doctrine implicitly condones the analysis and subsequent dissemination of this information to government officials. The similarities between the clean hands exception, which allows the government access to information obtained in violation of Title III, and the emergency provision codified in Section 2702(b)(8), which allows the government access to information voluntarily disclosed by an ISP independent of government compulsion, are numerous. Section 2702(b)(8), much like the clean hands exception—and its predecessor, the good faith exception—avoid the judicially-sanctioned exclusionary rule. However, there is a key distinction between the two regimes. Those monitoring the activities of others in clean hands cases are still face prosecution for illegally intercepting the electronic communications of another. This provides a deterrent against abuses. This deterrent is not applicable to voluntary disclosures falling under the emergency exception. Voluntary disclosure under the SCA faces three deterrents, though none of them provide enough teeth to satisfactorily deter abuses. First, while there is a civil action remedy available, litigation has been non-existent in cases invoking 2702(b)(8). Secondly, the reporting requirement outlined in Section 2702(d) fails to adequately apply any consequences to abusive monitoring and disclosure. This leaves market forces as the only true impediment to abuses of the voluntary disclosure provisions. Section 2702(b)(8) provides the government with a similar opportunity to collect and employ evidence that it either was not aware to collect, or potentially was unable to collect through other legal means. [FN243] For instance, Section 2703 requires the government to obtain a warrant to compel any electronic communication held within 180 days by an ECS. [FN244] Yet the emergency disclosure provision allows for voluntary disclosure “to a Federal, State, or local governmental entity, if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency.” [FN245] The government may be suspicious of an individual, or have reason to suspect harm that falls short of probable cause. In such an instance, the government would not be able to obtain the individual’s communications through traditional SCA means. The emergency provision allows the government access to this information completely at the discretion of the Provider. While this may be beneficial in true emergencies, it also opens the door to significant privacy abuses by Providers and the government that are virtually insusceptible to review because of the highly deferential language of the SCA. There are two essential parts to this subsection of the statute, each of which bears comparison with the policy supporting the “clean hands” exception. These are discussed below in turn. 1. The Good Faith Burden and the Exigency of the Situation In 2006 Congress chose to relax the burden of proof on Providers invoking the emergency disclosure exception. [FN246] Congress’ decision to relax the burden of proof on Providers from a good faith belief for disclosure in emergency situations evidences the government’s desire to cast a wide net.[FN247] This change accomplishes two important goals in encourage proactive compliance by Providers. First, the relaxed standard greatly reduces the likelihood of successful litigation against the Provider. [FN248]Theoretically a Provider would not have a difficult time demonstrating a good faith fear in an emergency situation in the aftermath of a publicized disclosure. The inclusion of “good faith” avoids complications arising from the inclusion of an immanency requirement, and defers to the Providers’ discretion regarding the potential for a situation to develop into an emergency. Secondly, by making the standard so attainable, the government makes the Providers virtually immune from legal liability. As a result, telecommunications companies will be more willing to make disclosures proactively, thereby allowing the government access to maximum information. Providers face a winless scenario with regard to voluntary disclosure. If they hold on to information that afterward proves to have been capable of preventing a devastating event, public reaction will be negative. Similarly, if telecommunications companies disclose information less judiciously, and the public determines such dissemination to be a violation of privacy, the reaction will again be negative. Such oversight essentially ensures that telecommunications companies will be controlled by public reaction to current levels of concern regarding terrorism. This encourages a sliding standard of determining imminence with regard to electronic communications. [FN249] This winless scenario is similar to the situation the wife in Murdock faced for a Title III violation. If she held on to the information, or obeyed the law and never obtained the information, then her husband would have continued to break the law with impunity. Similarly, by revealing the evidence, the defendant’s wife opened herself to Title III charges for illegally intercepting private communications. In both cases, the government prefers the interception and divulgence of the information. The executive externalizes the cost of invading individual privacy onto a third party. Under either the clean hands exception or the emergency provision, the government faces less procedural burden by not obtaining a warrant, and does not risk losing the evidence in court over a technicality. If the clean hands exception is applied the technicality of illegally obtained evidence is eliminated per se. Under the emergency exception, the Provider’s only burden is that he subjectively believed that harm would occur. Such a standard is almost impossible to dispel. Furthermore, this does not affect the government’s case: the remedy for a emergency voluntary disclosure is a civil action, and not exclusion of the evidence. This incentive broadens when one considers that Providers, as telecommunications companies, will likely be working in tandem with the government in determining the gravity of an imminent threat, as well as identifying the potential targets. Seth Rosenbloom explains:
Providers are not capable of evaluating the dangerousness of most “emergency” situations without government input. In many cases, the provider’s understanding of the “emergency” will rely entirely on the assertions of the same officials who seek disclosure . . . [n]onetheless, the “good faith” standard and absence of an imminence requirement effectively immunize providers. The combination of a lack of reliable information and poor incentives undermines any possibility that providers will adequately check the government’s access to information.[FN250] Congress’ adoption of the “clean hands” policy in its amendments to the SCA is a qualified adoption: voluntary disclosure may only occur in instances threatening danger of death or serious physical injury. This is a natural restriction, given the impetus for amending the statute. The USA PATRIOT Act aims to “deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and for other purposes.” [FN251]
Congress did not intend to generally broaden the investigative and enforcement powers for less severe circumstances. The effects cited by the Department of Justice have been less terrorist oriented and more akin to “other purposes”. The Department’s 2004 Report from the Field concerning the efficacy of the USA PATRIOT Act details one instance in which the emergency language came into play: [FN252]
Section 212 was used in the investigation of a bomb threat against a school. An anonymous person, claiming to be a student at a high school, posted on the Internet a disturbing death threat singling out a faculty member and several students to die by bomb and gun. The operator of the Internet site initially resisted disclosing to law enforcement any information about the suspect for fear that he could be sued if he volunteered that information. Once a prosecutor explained that the USA PATRIOT Act created a new provision allowing for the voluntary release of information in emergencies, the owner turned over evidence that led to the timely identification of the individual responsible for the bomb threat. Faced with this evidence, the suspect confessed to making the threats. The operator of the Internet site later revealed that he had been worried for the safety of the students and teachers for several days, and expressed his relief that the USA PATRIOT Act permitted him to help.
This example demonstrates the wide latitude Providers have in determining the exigency of an emergency. While certainly this situation and others profiled in the report merited police intervention, one may question whether they embody the spirit of the USA PATRIOT Act’s protection of the United States in the “war on terror.” The undermining of personal privacy is a momentous sacrifice, and flies in the face of the fundamental underpinnings of the Fourth Amendment. [FN253] As a society we have chosen privacy over the guaranteed prosecution of every crime, preferring individual liberty instead of a “big brother” totalitarian regime. [FN254] 2. To Whom the ISP May Disclose Information The Murdock court mentioned what it envisions as one effect, or lack thereof, stemming from the admission of a “clean hands” exception: that the government would not feel encouraged to violate privacy protection laws.[FN255] Inherent in this claim is the idea that if the government had played any part in the illegal surveillance and recording—including merely encouraging a third party to engage in the activity on the government’s behalf—the court would invoke the exclusionary doctrine and suppress the evidence. [FN256]However, such a regime may have unexpected consequences: this could result in widespread private citizen monitoring of one another. Professor Orin Kerr acknowledged such outcome might occur if the “clean hands” doctrine permeated more widely than the Sixth Circuit. He explained that “[i]f the suppression remedy applies only to government misconduct, a private party can make an illegal surreptitious interception of another person’s phone call, send it in to the police anonymously, and allow the government to use the evidence against the party whose communication was illegally intercepted.”[FN257] This could even result in police reliance on third party surveillance. If one envisions the scenario above, in which individuals feel at liberty to monitor the behavior of others, law enforcement officials might become dependent upon the individual surveillance mechanisms, especially given the difficulties and complexities of ascertaining a surveillance warrant. [FN258] Police burden for obtaining a warrant is high, rife with procedure, and susceptible to judicial whim. [FN259] As law enforcement become more aware of the clean hands alternative, they may begin to suggest more persuasively that the individuals comply with police insinuations. It is not hard to imagine a scenario in which individuals become conduits for investigations lacking in warrants or probably cause, ultimately eroding the protections of the Fourth Amendment. A similar result is apparent with the modified emergency provision. There is what Professor Orin Kerr calls a “grey zone” in which telecommunications companies will struggle to discern between compelled and voluntary disclosure. In such situations, “government officials have some pre-disclosure contact with providers, but do not ‘require’ disclosure using the procedures set forth in § 2703.” [FN260] This confusion could lead to an abuse by both law enforcement as well as Providers. Freedman v. Am. Online, Inc. evidences the potential for abuse this situation, as the police officers manipulated the ISP to provide information otherwise unattainable. [FN261] B. Limitations of Deterrents Under the Emergency Disclosure Provision of the SCA While the policy underlying the clean hands exception and the emergency disclosure provision of the SCA are very similar in nature, as both allow the government access to information it might otherwise not be aware to investigate or may not be able to investigate, the systemic prevention of abuses in both is very different. Title III still applies to one providing the government information which may eventually escape suppression through the clean hands doctrine. The SCA, however, lacks a substantive and effective means of deterring Providers from overstepping their bounds and interpreting Section 2702(b)(8) broadly. There are three potential factors influencing Providers to exercise discretion in voluntary disclosing personal content information to the government: civil law suits under Section 2707, congressional impugnation after the Department of Justice provides its report pursuant to Section 2702(d), and customer retaliation through market forces. Section 2707 allows for civil suits against Providers when they violate the SCA with a “knowing or intentional mind.” [FN262] When discussing voluntary emergency disclosure, this language must be paired with the language of Section 2702(b)(8), which allows for a “good faith” belief that an emergency “involving danger of death or serious physical injury” may occur. [FN263] This combines to mean that a plaintiff must demonstrate that a Provider (1) knowingly or intentionally reported information (2) without a good faith belief that (3) such an emergency might occur. This is an almost impossible burden for a plaintiff to carry, and “effectively immunize(s) providers.” [FN264] This is likely the reason that there has been no litigation holding a Provider liable under Section 2702(b)(8). [FN265] In other words, practitioners understand that the likelihood of success in litigation is virtually zero. [FN266] The reporting provision of Section 2702(d) has not been an issue of any litigation to date. While the provision appears to be a check on the Executive Branch through congressional oversight, there are notable limitations on this provision. The most significant limitation is that the provision does not provide for incidents in which information has been disclosed to the government but the investigation has not been closed. There are two possible explanations for this omission. First, this allows the Department of Justice and other national security agencies to continue to monitor potential situations. Secondly, and more cynically, this allows the government to protect an ISP who assisted the government by adhering to the broad disclosure regime in an instance in which disclosure was not reasonable. In either case, this provision is susceptible to manipulation, and does not provide Congress with any ability to remedy abuses. Even if Congress found a Provider to have violated the emergency disclosure provision, the only available remedy lies in civil litigation. Congress would need to convince a judge that the Provider did not subjectively believe that the information was necessary to prevent harm. This is an almost impossible standard for Congress, and leaves the Providers completely insulated. This leaves customer outrage and market forces as the sole legitimate deterrent to Provider abuses of the emergency disclosure provision. If customers feel that their Provider is abusing their right to privacy, they always have the right to choose another provider. Providers, such as ISPs, have recognized this potential fallout, and many advisors are recommending that they disengage from assisting the government without a search warrant or subpoena. For instance, the U.S. Internet Service Provider Association recognizes the confusion in emergency provision litigation, and recommends taking a safe approach: [FN267]
Law enforcement agencies sometimes invoke the “emergency” provision in an effort to avoid the necessity of a subpoena or other process. ISPs often must be firm in pointing out that this provision gives the ISP, not law enforcement, authority to decide whether or not to provide information. There is never an “emergency” obligation on an ISP to disclose under 2702(b)(7) . . . . Because of the intense interest of agencies in this exception, it is prudent for an ISP to adopt clear procedures for its use, and to require all government agencies to adhere to the procedures.
The threat of public embarrassment may be enough to deter abuse of the voluntary disclosure provision, but the jury is still out on this issue. There is of course the threat that failure to disclose information in a true emergency would lead to an equally vociferous backlash if customers believed that the ISP was the only actor capable of prevention. [FN268] This is potentially the most problematic aspect of the voluntary disclosure deterrence scheme—the reliance on market forces to compel ISP behavior may actually provide excessive deterrence, and marginalize the government’s ability to obtain the information it truly needs when it needs it. The potential for this outcome was the heart of a letter from Verizon to Congress in 2007, as the general counsel for Verizon explained “placing the onus on the provider to determine whether the government is acting within the scope of its authority would inevitably slow lawful efforts to protect the public” and “would delay the government’s receipt of assistance it might need to save lives.” [FN269] III. APPLYING THE SCA AND CLEAN HANDS TO THE HYPOTHETICALS The hypotheticals presented at the beginning of this Comment help elucidate the interplay between the clean hands exception and the voluntary emergency disclosure provision of the SCA. The first situation, in which a man has stored on his computer and with an ISP an email containing information vital to his plan to attack a major U.S. city, presents the quintessential case embracing the ISPs’ freedom from liability under the SCA. The government does not know about this man, and without the assistance of the ISP, he likely would be able to further his plot with impunity. This constitutes the emergency that we all fear, and the ISP’s disclosure of the man’s private communications is certainly justified under Section 2702(b)(8). An individual in possession of such information would, almost assuredly, provide the information to the government notwithstanding the threat of punishment under Title III. In such a situation, the modifications to the emergency disclosure provisions of the SCA play their intended role. The second scenario, in which a man plots an attack on an individual, is more complicated. There is still an emergency, but it is individual in scope and not within the purview of national security. Furthermore, there is reason to question to reasonable likelihood that the attack will actually occur. The wife in possession of the communication would have to weigh the likelihood of an attack against the potential of her being charged with a Title III offense. The ISP in possession of the same message would likely not face the same consequences—even if the man’s plan turned out to be fantasy, it certainly would prevail on the good faith standard. Some might feel that the ISP must or should disclose this information, while others may believe that this does not warrant the invasion of privacy inherent in such disclosure. Such a situation invokes the classic debate over the tradeoff between personal privacy and enhanced police protection—a debate that has consistently fallen on the side of personal privacy before the amendments to the SCA. [FN270] The third scenario demonstrates the gravest threat of the emergency provision amendments. The potential for collusive abuse between law enforcement and a third party in possession of information threatens to undermine the entire foundation of personal privacy in communications. The clean hands exception is distinct from the emergency exception in this instance. If a police officer approached an individual for help obtaining the suspect’s information, it is almost certain that individual would not comply. The stakes are too high, and there is no demonstrated reason to believe the man is engaged in illegal activity. The threat of collusion is not so overbearing so as to jeopardize the utility of the exception. A Provider, however, will be more willing to comply. There is no criminal liability associated with an inappropriate disclosure. Further, the deference given to Providers is so great that there is no true threat of civil liability for inappropriate disclosure. Furthermore, the government does not risk losing access to the evidence. This all adds to a situation in which there is no significant legal deterrent to an abuse of the emergency exception. With the only true threat of recourse stemming from customer outrage, the Provider will be willing to work with the police officer provided it was able to satisfy the low burden of good faith in the aftermath. A likely result of this will be a gradual erosion of privacy in communications. CONCLUSION The voluntary emergency disclosure provisions of the SCA grant a broad degree of discretion to Providers, and allow the government to obtain information it might otherwise be unable to obtain. Like the clean hands exception, this arguably benefits society by allowing law enforcement officials to respond to potential threats in a timely manner. However, the drawbacks of the clean hands exception that similarly exist within the SCA are magnified with the SCA’s voluntary disclosure provisions, as these provisions give Providers virtually no incentive, short of customer outrage, to push back against the government’s potential abuses. It is likely that in the future, the privacy demands of customers will force Providers to demand the government provide a more robust voluntary disclosure regime so that they feel neither overly nor insignificantly threatened by the ramifications of compliance. *** *Brendan Coffman is a student at the George Mason University School of Law, class of 2011, and alumnus of Georgetown University’s Walsh School of Foreign Service. He is an Articles Editor of the George Mason Law Review. [FN1] Jamie S. Gorelick et al., Navigating Communications Regulation in the Wake of 9/11, 57 Fed. Comm. L.J. 351, 353 (2005). [FN2] President George H. Bush, Address to Congress (September 21, 2001). [FN3] Access to information is the government’s foremost necessity with respect to prevention of terrorist attacks. There is an inherent tradeoff of personal liberties when the government augments its need and collection of information. As a result, government involvement with information collection, particularly electronic surveillance, breeds a great deal of resentment, distrust, and skepticism from the public. See, e.g., Wayne McCormack, Understanding the Law of Terrorism 203-212 (2008) (explaining the government’s dilemma with respect to gathering intelligence in hopes of preventing an attack and cultivating distrust among the public); Allison M. Buxton, In re Sealed Case: Security and the Culture of Distrust, 29 Okla. City U. L. Rev. 917, 929-31 (2004) (explaining the American public’s cultural distrust of law enforcement and surveillance activities generally). [FN4] Gorelick, supra note 1, at 353. [FN5] Under the amended language, communications provider who discloses records or other information pursuant to authorization contained in 18 U.S.C. § 2702(c)(4) in emergency circumstances has same protection from lawsuits as provider who discloses records pursuant to court order. See In re Application of U.S. For a Nunc Pro Tunc Order For  Disclosure of Telecomms. Records, 352 F. Supp. 2d 45 (D. Mass. 2005). [FN6] 18 U.S.C. §§ 2701-2712 (1986) (last amended 2008). [FN7] Seth Rosenbloom, Crying Wolf in the Digital Age: Voluntary Disclosure Under the Stored Communications Act, 39 Colum. Hum. Rts. L. Rev. 529, 531-32 (2008). [FN8] Id. [FN9] Id. [FN10] 18 U.S.C. § 2702(b)(8) (2006). [FN11] Id.; § 2702(c)(4) (2001). [FN12] See infra Part II.A. [FN13] Shaun T. Olsen, Reading between the Lines: Why a Qualified “Clean Hands” Exception Should Preclude Suppression of Wiretap Evidence under Title III of the Omnibus Crime Control and Safe Streets Act of 1968, 36 Val. U. L. Rev. 719, 745-46 (2002). [FN14] Id. [FN15] The Sixth Circuit stands alone in its application of the clean hands exception to Title III third party surveillance and has been rebuked by several other Circuits. Compare United States v. Murdock, 63 F.3d 1391 (6th Cir. 1995) with United States v. Crabtree, 565 F.3d 887 (4th Cir. 2009). [FN16] See infra Part D.2. [FN17] 18 U.S.C. §§ 2701-2712 (1986). [FN18] See Pew Internet & American Life Project, Daily Internet Activities, 2000-2009, available at http://www.pewinternet.org/Static-Pages/Trend-Data/Daily-Internet-Activities-20002009.aspx (showing that over 50% of American adults use the internet every day, and that almost 50% send or receive email every day). [FN19] United States Census Bureau, Current Population Survey Reports, October 2007, http://www.census.gov/population/www/socdemo/computer.html (last visited April 15, 2010). [FN20] K. G. Coffman & A. M. Odlyzko, Growth of the Internet, AT&T Labs Research, July 6, 2001, available at http://www.dtc.umn.edu/~odlyzko/doc/oft.internet.growth.pdf (last visited April 15, 2010). [FN21] Orin S. Kerr, A User’s Guide to the Stored Communications Act, and a Legislator’s Guide to Amending It, 72 Geo. Wash. L. Rev. 1208, 1209-10 (2004). [FN22] Id. [FN23] See infra Part I.B. [FN24] Alexander Scolnik, Protections for Electronic Communications: The Stored Communications Act and the Fourth Amendment, 78 Fordham L. Rev. 349, 359 (2009) (explaining ISPs’ protocol for storing transactional communication information on their servers). [FN25] Id. [FN26] U.S. Const. amend. IV. [FN27] William B. Cuddihy & B. Carmon Hardy, A Man’s House Was Not His Castle: Origins of the Fourth Amendment to the United States Constitution, 37 Wm. & Mary Q. 372, 400 (1980). Cuddihy and Hardy argue that the Fourth Amendment “represented an American extension of the English tradition that a man’ house was his castle…[t]he requirement that all search warrants be specific, the heart of the Fourth Amendment, accordingly enlarged the tradition’s scope, for it controlled searches by the government to a degree never previously attempted.” Id. [FN28] Marjorie G. Fribourg, The Bill of Rights: Its Impact on the American People 10 (1967) (explaining that the protection of personal rights is the most fundamental distinguishing factor in America’s Constitution). [FN29] William C. Banks & M.E. Bowman, Executive Authority for National Security Surveillance, 50 Am. U. L. Rev. 1, 2-4 (2001). [FN30] Daniel J. Solove, Digital Dossiers and the Dissipation of Fourth Amendment Privacy, 75 S. Cal. L. Rev. 1083, 1126 (2002) (explaining James Madison’s belief that the structure of the Constitution and the insertion of the judicial branch in the middle of the executive branch’s investigative process would lead to the best solution). [FN31] Banks & Bowman, supra note 29, at 3-4; David Hardin, The Fuss over Two Small Words: The Unconstitutionality of the USA PATRIOT Act Amendments to FISA Under the Fourth Amendment, 71 Geo. Wash. L. Rev. 291, 295-97(2003) (explaining that finding space for electronic surveillance in the Fourth Amendment doctrine has been difficult); James X. Dempsey;Communications Privacy in the Digital Age: Revitalizing the Federal Wiretap Laws to Enhance Privacy, 8 Alb. L.J. Sci. & Tech. 65, 69-71 (1997) (explaining that the indiscriminate nature of electronic surveillance has posed greater threats to privacy than physical search and seizure). [FN32] Rosenbloom, supra note 7, at 537. [FN33] Black’s Law Dictionary 1464 (8th ed. 2004). Many commentators debate the merits of the exclusionary rule, arguing that it creates an unfair position for the government in having to both combat crime and uphold civil liberties. For a discussion focusing on the dilemmas in applying the exclusionary rule.  See, Randy E. Barnett, Resolving the Dilemma of the Exclusionary Rule: An Application of Restitutive Principles of Justice, 32 Emory L.J. 937 (1983). [FN34] See, e.g.Wong Sun v. United States, 371 U.S. 471 (1973). [FN35] Weeks v. United States, 232 U.S. 383 (1914). Weeks remains the landmark case in the creation of the exclusionary rule in federal courts, whereas Mapp v. Ohio extended the rule to state courts. 367 U.S. 643 (1961). [FN36] See, e.g., Mapp, 367 U.S. at 648; Lawrence Crocker, Can the Exclusionary Rule Be Saved?, 84 J. Crim. L. & Criminology 310, 310-14 (1993). Many substitutions for the exclusionary rule have been suggested, most notably a solution in which violating police officers are liable in damages to individuals whom they arrest with the aid of illegally obtained information. See Pierre Schlag, Assaults on the Exclusionary Rule: Good Faith Limitations and Damage Remedies, 73 J. Crim. L. & Criminology 875 (1982). [FN37] United States v. Leon, 468 U.S. 897 (1984). [FN38] Id. at 918. [FN39] Id. [FN40] Id. [FN41] Id. at 908-913. [FN42] Id. at 922-23 (citing Franks v. Delaware438 U.S. 154 (1978)). [FN43] Id. at 23 (citing Lo-Ji Sales, Inc. v. New York442 U.S. 319 (1979) (warrant at issue “left it entirely to discretion of officials conducting search to decide items which were likely obscene and to accomplish seizure”). [FN44] Leon, 468 U.S. at 922 (quoting Brown v. Illinois422 U.S. 590 (1975)(Powell, J., concurring)). [FN45] Id.; 1 Wayne R. LaFave, Search and Seizure: A Treatise on the Fourth Amendment § 1.3 (4th ed. 2004). [FN46] See, e.g., Donald Dripps, The Case for the Contingent Exclusionary Rule, 38 Am. Crim. L. Rev. 1, 2 (2001) (arguing that the Supreme Court has appeared to “have adopted both positions” in the debate over the exclusionary rule). [FN47] David Hardin, The Fuss over Two Small Words: The Unconstitutionality of the USA PATRIOT Act Amendments to FISA Under the Fourth Amendment, 71 Geo. Wash. L. Rev. 291, 296-97 (2003). [FN48] Banks & Bowman, supra note 29, at 3-4. Banks and Bowman explain “Moreover, the Fourth Amendment was designed to protect against overreaching in investigations of criminal enterprises. Investigations of politically motivated threats to our national security, such as terrorism or espionage, were simply not contemplated.” Id. Prior to the enactment of the 14th Amendment, the Supreme Court suggested that warrants issued pursuant to federal civil litigation may not be protected by the Fourth Amendment. See Murray’s Lessee v. Hoboken Land & Improvement Co., 59 U.S. 272, 285 (1855). However, after the enactment of the 14th Amendment, the Supreme Court clarified its previous holding and narrowed its decision strictly to due process. See Walker v. Sauvinet, 92 U.S. 90, 92-93 (1875); Pac. Mut. Life Ins. Co. v. Haslip, 499 U.S. 1, 30-32 (1991) (explaining the interplay between Murray’s Lessee and Walker). [FN49] Olmstead v. United States, 277 U.S. 438 (1928). [FN50] Id. at 455-57. [FN51] Id. at 457. [FN52] Id. at 466. Justice Brandeis’ dissent foreshadowed the short lifespan of the Olmstead decision. Brandeis proclaimed “[The Founders] conferred, as against the Government, the right to be left alone – the most comprehensive of rights and the right most valued by civilized men. To protect, that right, every unjustifiable intrusion by the Government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the Fourth Amendment.” Id. at 478. [FN53] Several Supreme Court cases advanced the scope of the Fourth Amendment’s privacy protections. The Court’s first recognition of a Constitutional right to privacy concerned the freedom to associate. See NAACP v. Alabama ex rel. Patterson, 357 U.S. 449, 466 (1958) (holding that a private association could not be forced to disclose the names of its members). The Court also found constitutionally protected right to political privacy in Watkins v. United States, 354 U.S. 178 (1957) and Sweezy v. New Hampshire,354 U.S. 234 (1957). The most important case to advance the privacy rights of individuals during this time period was Griswold v. Connecticut, 381 U.S. 479 (1965) (holding that a Connecticut law criminalizing the use of contraceptives violated a constitutional right to marital privacy and was therefore unconstitutional). This summary was adapted from Banks & Bowman, supranote 29, at 44-47. [FN54] 388 U.S. 41. [FN55] Id. at 63-64. The Berger court was extremely divided and contained three vociferous dissents from Justice Black, Justice Harlan, and Justice White.Id. at 70, 89, 107. Justice White appeared most dissatisfied with the ruling, particularly because he felt that the New York legislature jumped through the requisite hoops to enact the statute. Id. at 109-111. Justice White’s wrath is most directly aimed at Congress for failing to clarify wiretapping and surveillance rules despite substantial indication that it was going to be a matter of great concern between the executive and the judiciary. Id. at 112-19. [FN56] Id. at 55-56. [FN57] Id. at 119. [FN58] Id. [FN59] Berger v. New York, 388 U.S. at 128. [FN60] Id. at 129. [FN61] 389 U.S. 347. [FN62] Id. at 348-49. [FN63] Id. [FN64] Id. at 348. [FN65] Id. at 359. [FN66] Katz v. United States, 389 U.S. at 360-61 (Harlan, J., concurring); Terry v. Ohio, 392 U.S. 1, 9 (1968) (adopting Justice Harlan’s concurring analysis). [FN67] Banks & Bowman, supra note 29, at 47 (2001). See also Christopher Woo & Miranda So, The Case for Magic Lantern: September 11 Highlights the Need for Increased Surveillance, 15 Harv. J. L. & Tech. 521, 523 (2002) (explaining that Justice Harlan’s concurring opinion has become the “the governing standard for defining when a Fourth Amendment search occurs and has been used by courts to determine whether a new technology comes within the scope of the Fourth Amendment”). [FN68] See Berger, 388 U.S. at 129 (noting that the holding does not pertain to national security concerns). [FN69] See Katz, 389 U.S. 347 (1967). [FN70] Id. at 358 n.23 (1967) (explaining “[w]hether safeguards other than prior authorization by a magistrate would satisfy the Fourth Amendment in a situation involving the national security is a question not presented by this case”). [FN71] Id. at 363-64 (1967) (White, J. concurring). [FN72] Id. at 363. [FN73] Omnibus Crime Control and Safe Streets Act of 1968, Pub. L. No. 90-351, 82 Stat. 197, 211-25 (codified as amended at 18 U.S.C. 2510-2522 (2000)). [FN74] Ric Simmons, From Katz To Kyllo: A Blueprint for Adapting the Fourth Amendment to Twenty-first Century Technologies, 53 Hastings L.J. 1303, 1339 (2002). [FN75] 18 U.S.C. § 2510(2) (1994); Orin S. Kerr, Are We Overprotecting Code? Thoughts on First-Generation Internet Law, 57 Wash & Lee L. Rev. 1287, 1299 (2000). Professor Kerr notes that that the protection of wire communications “did not include the requirement that the communications support a reasonable expectation of privacy” because in 1968 all wire communications were between two humans, and such a requirement would have seemed “superfluous.” [FN76] 18 U.S.C. § 2510(1) (1994). [FN77] 18 U.S.C. § 2518 (1968). [FN78] Id.; Paul M. Schwartz, Reviving Telecommunications Surveillance Law, 75 U. Chi. L. Rev. 287, 290 (2008). [FN79] 18 U.S.C. § 2518(3) (2000). [FN80] 18 U.S.C. § 2518(3)(c) (2000). [FN81] 18 U.S.C. § 2518(5) (2000). [FN82] Nathan C. Henderson, The Patriot Act’s Impact on the Government’s Ability to Conduct Electronic Surveillance of Ongoing Domestic Communications, 52 Duke L. J. 179, 183 (2002). [FN83] 18 U.S.C. § 2515 [FN84] Id. at 182-83. [FN85] Kerr, surpa note 75, at 1299; Simmons, supra note 74, at 1339-41. [FN86] Simmons, supra note 74, at 1340 (explaining § 2510 of Title III and connecting it to Justice Harlan’s concurring opinion in Katz). [FN87] Patricia L. Bellia, Surveillance Law through Cyberlaw’s Lens, 72 Geo. Wash. L. Rev. 1375, 1396 (2004). [FN88] U.S. v. Miller, 425 U.S. 435 (1976). [FN89] Smith v. Maryland, 442 U.S. 735 (1979). [FN90] Marc J. Zwillinger & Christian S. Genetski, Criminal Discovery of Internet Communications Under the Stored Communications Act: It’s Not a Level Playing Field, 97 J. Crim. L. & Criminology 569, 574 (2007). [FN91] Id. [FN92] Orin S. Kerr, A User’s Guide to the Stored Communications Act, and a Legislator’s Guide to Amending Itsupra note 21, at 1209-10. [FN93] Miller, 425 U.S. at 437. [FN94] Id. at 438-39. [FN95] 116 U.S. 616 (1886). [FN96] Miller, 425 U.S. at 439. [FN97] Id. at 440. [FN98] U. S. v. Miller, 425 U.S. 435, 443 (1976). [FN99] Smith, 442 U.S. at 735. [FN100] At the time of the case, a pen register was understood to mean “a device that records the numbers dialed on a telephone by monitoring electrical impulses caused when the dial is released.” Bellia, supra note 87, at 1427-28. [FN101] Smith, 442 U.S. at 737. [FN102] Id. at 742. [FN103] Id. at 743. [FN104] Id. at 744. [FN105] See infra Part I.C. [FN106] Francis M. Hamilton, III, Should “Clean Hands” Protect the Government Against § 2515 Suppression Under Title III of the Omnibus Crime Control and Safe Streets Act of 1968?, 53 Wash & Lee L. Rev. 1473, 1480 (1996). [FN107] Olsen, supra note 13, at 749. [FN108] 63 F.3d 1391 (6th Cir. 1995). [FN109] Id. [FN110] Id. at 1392-93. [FN111] Id. [FN112] Id. [FN113] Id. [FN114] Id. [FN115] Id. at 1393-94. The “business extension exemption” is a limit on the applicability of Title III, and exempts the monitoring of communications carried out in the normal course of business. The court of appeals determined that despite the fact that the family’s business had a phone line in the house, the nature of the monitoring was not consistent with normal business practices. For more information regarding the business extension exemption, see Thomas R. Greenberg, E-mail and Voice Mail: Employee Privacy And The Federal Wiretap Statute, 44 Am. U. L. Rev. 219, 239 (1994). [FN116] Murdock, 63 F.3d at 1393. [FN117] 18 U.S.C. § 2515 (1968). [FN118] Murdock, 63 F.3d at 1393. [FN119] Id. (citing Williams v. Poulos, 11 F.3d 271, 279 (1st Cir.1993)). [FN120] Id. [FN121] Id. [FN122] Id. at 1404. [FN123] Id. at 1402-04. The applicable law in the matter was 18 U.S.C. § 2515. [FN124] Murdock, 63 F.3d at 1402-04. The applicable law in the matter was 18 U.S.C. § 2515. [FN125] Id. at 1403. [FN126] United States v. Vest, 813 F.2d 477 (1st Cir. 1987). [FN127] Id. [FN128] Id. at 481. [FN129] Id. at 479. [FN130] Id. [FN131] Id. [FN132] Id. at 481. [FN133] 408 U.S. 41 (1972). [FN134] Vest, 813 F.2d at 481 (internal quotations omitted) (citing Gelbard v. United States, 408 U.S. 41, 47-52 (1972)). [FN135] S. Rep. No. 1097, 90th Cong., 2d Sess., 66 (1968) (quoted in Gelbard v. United States, 408 U.S. 41, 47-52 (1972)). [FN136] Vest, 813 F.2d at 481. [FN137] 18 U.S.C. 2516(1)(b) (1986). [FN138] Id. [FN139] In re Grand Jury, 111 F.3d 1066, 1068 (3rd Cir. 1997). [FN140] Id. at 1077. [FN141] Id. [FN142] Murdock, 63 F.3d at 1402-03. [FN143] Id. at 1403. [FN144] 813 F.2d 105 (6th Cir. 1987). [FN145] Murdock, 63 F.3d at 1402 (citing United States v. Underhill, 813 F.2d 105, 111-112 (6th Cir. 1987)). [FN146] Id. at 1403. [FN147] Id. at 1402. [FN148] 903 F.2d 1068 (6th Cir. 1990). [FN149] Id. [FN150] Id. at 1072. [FN151] Murdock, 63 F.3d at 1402-03. [FN152] Id. at 1402. [FN153] See United States v. Crabtree, 565 F.3d 887, 889 (4th Cir. 2009); Chandler v. U.S. Army, 125 F.3d 1296, 1302 (9th Cir. 1997); In re Grand Jury,111 F.3d 1066, 1079 (3d Cir. 1997); United States v. Vest, 813 F.2d 477, 481 (1st Cir. 1987) (all holding that a plain reading of § 2515 does not allow for a clean hands exception to be granted to the government in an illegal surveillance case). [FN154] See, e.g., United States v. Vest, 813 F.2d 477, 481 (1st Cir. 1987). [FN155] Matthew A. Josephson, To Exclude Or Not To Exclude: The Future of the Exclusionary Rule After Herring v. United States, 43 Creighton L. Rev. 175, 180 (2009). [FN156] Crabtree, 565 F.3d at 890. [FN157] Murdock, 63 F.3d at 1403. [FN158] Vest, 813 F.2d at 481 (internal quotations omitted). For an article discussing the accuracy of the First Circuit’s logic, see Hamilton, supra note 106, at 1506. [FN158] See Precision Instrument Mfg. Co. v. Auto. Maint. Mach. Co.324 U.S. 806, 814-15 (1945) (holding that “clean hands” is essentially a vehicle for the implementation of the “good faith” doctrine); see also Castle v. Cohen, 840 F.2d 173, 178 (3d Cir. 1988) (holding that “clean hands” is simply another expression of “good faith”); Olsen, supra note 13, at 722. [FN160] Olsen, supra note 13, at 722. [FN161] Id. [FN162] 18 U.S.C. § 2511(1)(a). The court has noted some exceptions, most notably the business extension exemption. See supra note 94. [FN163] Bellia, supra note 87, at 1396; Michael S. Leib, E-Mail and the Wiretap Laws: Why Congress Should Add Electronic Communication to Title III’s Statutory Exclusionary Rule and Expressly Reject a “Good Faith” Exception, 34 Harv. J. on Legis. 393, 396 (1997). [FN164] Pub. L. No. 99-508, § 101(c), 100 Stat. 1848, 1851-52 (1986) (changes various portions of Title III, 18 U.S.C.). [FN165] Leib, supra note 163, at 402-04. [FN166] Kerr, supra note 21, at 1212. [FN167] Rosenbloom, supra note 7, at 538 n.151. [FN168] 18 U.S.C. §§ 2701-2712 (1986). [FN169] 18 U.S.C. §§ 2511-2522 (1986). [FN170] Federal Government Office of Technology Assessment: Electronic Surveillance and Civil Liberties 45 (1985); See also, Leib, supra note 163, at 404-05 (explaining ISPs practice of retaining copies of customers’ emails for administrative purposes). [FN171] Federal Government Office of Technology Assessment: Electronic Surveillance and Civil Liberties 45 (1985). [FN172] The content/non-content distinction is often referred to as the “Content/Envelope Distinction.” The analogy is clear: there is a difference between the actual content and information transmitted between two parties, and the information required to direct a third party transmitter (such as a telephone company or ISP) to the correct recipient. For more information regarding the distinction, see, Achal Oza, Amend the ECPA: Fourth Amendment Protection Erodes as E-mails Get Dusty, 88 B.U. L. Rev. 1043, 1049 (2008). [FN173] While not completely resolved, court and commentators largely agree that non-content information is not protected by the Fourth Amendment. See, e.g., Warshak v. United States, 532 F.3d 521, 525-27 (6th Cir. 2008) (holding that an individual has a reasonable expectation of privacy to the content of his email, but not to the transactional information). See also United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2007) (holding that ISP transactional information was “constitutionally indistinguishable from the use of a pen register that the Court approved in Smith”). Congress eventually recognized that transactional envelop information pertaining to e-mail revealed considerably more about a person than the numbers he dials on a telephone. As a result Congress stopped allowing law enforcement to obtain this information through subpoena in 2000 through the Communications Assistance for Law Enforcement Act (CALEA), and instead limited access to such information to a court order. Communications Assistance for Law Enforcement Act, Pub. L. No. 103-414, 108 Stat. 4279 (1994). For more information about CALEA, see Henderson, supra note 82, at 183. [FN174] 18 U.S.C. § 2701 (a)-(b) (1986). [FN175] 18 U.S.C. § 2701 (c) (1986). [FN176] The statute defines electronic communications services as “any service which provides to users thereof the ability to send or receive wire or electronic communications.” 18 U.S.C. § 2510 (15) (1986). [FN177] The statute defines remote computing service as “the provision to the public of computer storage or processing services by means of an electronic communications system.” 18 U.S.C. § 2711(2) (1986). [FN178] Bellia, supra note 87, at 1415. [FN179] Kerr, A User’s Guide to the Stored Communications Actsupra note 21, at 1216-18. [FN180] Id. at 1215-16. [FN181] The 180 day threshold is provided by the compelled disclosure provision of the SCA, found at 18 U.S.C. 2703 (1986). See infra Part 2. [FN182] Kerr, A User’s Guide to the Stored Communications Actsupra note 21, at 1215-16. [FN183] LaFave, Criminal Procedure, supra note 45, at § 4.8(d); U.S. Internet Service Provider Association, Electronic Evidence Compliance–A Guide for Internet Service Providers, 18 Berkeley Tech. L.J. 945, 949 (2003). [FN184] Bellia, supra note 87, at 1416. [FN185] 18 U.S.C. § 2703 (1986). [FN186] 18 U.S.C. § 2703(a) (1986). [FN187] Id. [FN188] 18 U.S.C. § 2703(b)-(c) (1986). [FN189] The Department of Justice Computer Crimes and Intellectual Property Section officially interprets Section 2703(d) to mean that the government can access, through subpoena, any copies of electronic communication at any time after the recipient of the communication has accessed it. For more information, see, Office of Legal Education, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations (Richard Downing et al. eds., 3rd ed. 2009), available athttp://www.cybercrime.gov/ssmanual/ (last visited April 19, 2010). [FN190] Rosenbloom, supra note 7, at 538-39. [FN191] Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, Pub. L. No. 107-56, 115 Stat. 272, 284-85; Rosenbloom, supra note 7, at 538. [FN192] 18 U.S.C. §§ 2702(b)-(c) (1986). [FN193] 18 U.S.C. § 2702(a) (1986). [FN194] 18 U.S.C. §§ 2702(b)-(c) (1986). [FN195] Rosenbloom, supra note 7, at 543-44. [FN196] Id. [FN197] Gorelick, supra note 1, at 361 n.53. [FN198] 18 U.S.C. § 2702(b)(6)(A) (2000). [FN199] Id. [FN200] 18 U.S.C. § 2702(b)(6)(A) (2000). [FN201] Rosenbloom, supra note 7, at 559-60. [FN202] Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, Pub. L. No. 107-56, 115 Stat. 272, 284-85; Id. at 559-60. [FN203] Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, Pub. L. No. 107-56, 115 Stat. 272, 284-85. [FN204] Homeland Security Act of 2002, Pub. L. 107-296, 116 Stat. 2135, 2157. [FN205] Rosenbloom, supra note 7, at 559-60. [FN206] Id. [FN207] Id. [FN208] Rosenbloom also notes a fourth change in the 2006 USA PATRIOT Act Improvement and Reauthorization Act in which Congress officially removed any barriers separating the rules for content disclosure and noncontent disclosure by inserting the broadly defined phrase “communications relating to the emergency”. Id.; USA PATRIOT Improvement and Reauthorization Act of 2005, Pub. L. 109-177, 120 Stat. 192, 202-03 (2006). [FN209] See, e.g., Cyber Security Enhancement Act of 2001 Hearing Before the H. Subcomm. on Crime, 107th Cong. 58 (2005), available at http://commdocs.house.gov/committees/judiciary/hju77697.000/hju77697_0f.htm (last visited April 19, 2010). [FN210] Id. [FN211] 18 U.S.C. 2702(d) (2006). [FN212] Id. [FN213] S. 1686, 111th Cong. § 105 (1st Sess. 2009); H.R. 1800, §7. S. 1686, §105 (1st Sess. 2009). [FN214] Id. [FN215] Id. [FN216] Charles Doyle, Congressional Research Service, National Security Letters: Proposed Amendments in the 111th Congress, at 20, (Oct. 2009),available at http://www.fas.org/sgp/crs/intel/R40887.pdf. [FN217] 18 U.S.C. 2701(b) (1986). [FN218] Id. [FN219] Id. [FN220] 18 U.S.C. 2707 (1986). [FN221] United States v. Mercado-Nava, 486 F. Supp. 2d 1271, 1279 (D. Kan. 2007) (explaining that “exclusion of the evidence is not an available remedy for a Title II violation of the ECPA, see 18 U.S.C. §§ 2515, 2708. The remedy for such a violation, set forth in 18 U.S.C. § 2707, lies in a civil action against the person or entity who violated the statute”). [FN222] 18 U.S.C. 2707 (1986). [FN223] See, e.g., Konop v. Hawaiian Airlines, Inc. (In re Hawaiian Airlines, Inc.), 355 B.R. 225, 230 (D. Haw. 2006). [FN224] 303 F. Supp. 2d 121 (D. Conn. 2004). [FN225] Id. at 124. [FN226] Id. at 123. [FN227] Id. at 126-27. [FN228] Id. at 127. [FN229] Id. at 128. [FN230] AOL successfully dismissed all claims against it relating to this matter on a forum selection clause in the contract, and therefore did not have to litigate the matter. Freedman, 303 F. Supp. 2d at 123. [FN231] 2009 WL 426117 (E.D. Cal. Feb. 20, 2009). [FN232] Id. at *2. [FN233] Id. [FN234] Id. at *2 [FN235] Id. [FN236] Id. at *7. [FN237] See, Wayne McCormack, Understanding The Law of Terrorism 135 (2007). [FN238] Id. [FN239] U.S. Dep’t of Justice, Report from the Field: The USA PATRIOT Act at Work 26 (2004), available at http://www.justice.gov/olp/pdf/patriot_report_from_the_field0704.pdf. [FN240] See, Jim Garamone, Rumsfeld Says Country Faces Two Options in War on Terror, American Forces Press Service, August 25, 2003, available at http://www.globalsecurity.org/military/library/news/2003/08/mil-030825-afps02.htm (last visited Jan. 17, 2010). [FN241] Olsen, supra note 13, at 755. [FN242] See Part I, supra note xx [FN243] Rosenbloom, supra note 7, at 562-63. [FN244] 18 U.S.C. 2703(a) (2006). [FN245] 18 U.S.C.S. § 2702(b)(8) (2006). [FN246] Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, Pub. L. No. 107-56, 115 Stat. 272, 284-85. [FN247] Homeland Security Act of 2002, Pub. L. 107-296, 116 Stat. 2135, 2157. [FN248] Rosenbloom, supra note 7, at 564-65. [FN249] Id. at 566. [FN250] Rosenbloom, supra note 7, at 565. [FN251] Preamble to the USA PATRIOT Act, Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT Act) Act of 2001, Pub. L. No. 107-56, 115 Stat. 272 (2001) (codified as amended in scattered sections of 18 U.S.C. and 50 U.S.C. (2000 & Supp. 2003)). [FN252] U.S. Dep’t of Justice, Report from the Field: The USA PATRIOT Act at Work 26 (2004), available at http://www.justice.gov/olp/pdf/patriot_report_from_the_field0704.pdf. The report contains a total of five instances in which Section 212 of the USA PATRIOT Act, amending Sections 2702 and 2703 of the SCA, have led law enforcement officials to successful prevention of serious injury. Only the example given could reasonably be categorized as a national security concern. [FN253] See Solove, supra note 30, at 1117-28. [FN254] Id. at 1101. [FN255] Murdock, 63 F.3d at 1402. [FN256] See, e.g., Olsen supra note 13, at 756-59. [FN257] Orin Kerr, Lifting the “Fog” of Internet Surveillance: How a Suppression Remedy Would Change Computer Crime Law, 54 Hastings L.J. 805, 837 n. 154 (2003). [FN258] See Solove, supra note 30, at 1119. [FN259] Id. at 175-76. [FN260] Rosenbloom, supra note 7, at 565. [FN261] Freedman, 303 F. Supp. 2d at 128. [FN262] 18 U.S.C. § 2707(a) (1986). [FN263] 18 U.S.C. § 2702(b)(8) (2006). [FN264] Rosenbloom, supra note 7, at 565. [FN265] Kerr, The Future of Internet Surveillance Lawsupra note 21, at 1209-10. [FN266] Id. [FN267] U.S. Internet Service Provider Association, supra note 183, at 962. [FN268] Rosenbloom, supra note 7, at 564-65. [FN269] Letter from Randal S. Milch, Senior Vice President, Legal & External Affairs & General Counsel, Verizon Business. to John D. Dingell, Chairman, U.S. H.R. Comm. on Energy & Commerce, to Edward J. Markey, Chairman, U.S. H.R. Subcomm. on Telecomm. & Internet, and to Bart Stupak, Chairman, U.S. H.R. Subcomm. on Oversight & Investigations 3-4 (Oct. 12, 2007), available at http://markey.house.gov/docs/telecomm/Verizon_wiretaping_response_101207.pdf (last visited April 19, 2010). [FN270] Solove, supra note 30, at 1117-28.