Wednesday, March 20, 2013

Published Here Or Abroad? Regardless, It's All Good (Says the Supreme Court).

Today the Supreme Court handed down its decision in the case of Kirtsaeng v. John Wiley & Sons.  The case involves a college student who got sued by a book publisher because the student sold his foreign-made textbooks once he was done using them.  (Yes, you read that correctly. He was sued for selling textbooks that were published abroad, but which he used and sold in the U.S. once he was done with them.  Sound crazy?  Read on...)

Even if you're not into selling textbooks, you should be happy with the decision.  Really happy.  Like, celebratory-type happy.  Why?  Because the Kirtsaeng decision clarifies the fact that you're not breaking the law when you sell or buy certain foreign-made goods on sites such as eBay or Amazon. 

Here's the story:  Kirtsaeng, a citizen of Thailand, came to the U.S. to attend Cornell University (for undergrad), and the University of Southern California (for a Ph.D).  While in the U.S., he asked his friends and family back in Thailand to buy copies of foreign edition English language textbooks at Thai book shops--where they sold for low prices--and mail them to him in the U.S.  Once he was done with the books, Kirtsaeng sold the books, reimbursed his family and friends, and kept whatever profit remained from the sale.

Enter the book publisher, John Wiley & Sons.  Wiley was less than thrilled that Kirtsaeng was selling his foreign-made books, since it prevented Wiley from selling those same books (copies of which Wiley had published in the U.S.) for a higher price.  Wiley claimed that Kirtsaeng's importation of its books, and his subsequent resale of those books, amounted to an infringement of Wiley's exclusive right to distribute its books in the U.S.

Ok, let's pause for a moment to consider the law...and to keep score.

Under the Copyright Act, authors posses the exclusive right to control the distribution of their works.  (Score one for Wiley).  

There is, however, an exception to this exclusive right of distribution, called the "first sale rule."  The first sale rule carves out an exception to all three forms of intellectual property protection, (i.e.,  copyright, trademark and patent).  With regard to copyright law, the rule provides that a person who owns a lawfully made copy of a copyrighted work may “sell or otherwise dispose” of that copy without the authorization of the copyright owner.  (Score one for Kirtsaeng).

But wait, there's an exception to the exception...or is there?  (Stay with me now, because this is the crux of the case.)  

The Copyright Act says that the first sale rule applies only to works "lawfully made under this title."  But what does that mean?  

Wiley argued that the textbooks were made overseas, and were intended to be distributed overseas.  Wiley point was this: the books were not 'lawfully made' under the Copyright Act--they were 'made' under foreign law, so the first sale rule didn't apply, and it didn't protect Kirtsaeng.  (Hmmm.  An interesting point--and one with which many courts across the country agree.)

Kirtsaeng countered that the words "lawfully made" meant "legally made", i.e., the books needed to be authentic and not pirated.  Since the books were authentic and "legally made" (albeit overseas), Kirtsaeng argued that the first sale rule applied to his purchase and subsequent sale of the books, and protected him from claims of copyright infringement by Wiley.  

In a 6-3 decision, the Supreme Court agreed with Kirtsaeng and held that there is no geographic limitation on the first sale rule. Put another way: it doesn't matter if the item was made abroad and was intended to be sold abroad.  In fact, it doesn't matter where the item was made at all.  Under Kirtsaeng, when a purchaser buys an item, the first sale rule permits the purchaser to subsequently sell that item in the U.S. without the author's or manufacturer's permission.

So why should you care?  Well, let's think about that import disc that you want to sell on eBay.  Or that book you bought in Europe that you're selling on  Or any item that may have originally been made and sold in Asia, but made its way to the U.S.  In the days before the Kirtsaeng decision, it wasn't clear whether you had the right to sell those items without first getting the original author's or manufacturer's approval.  Now, the Supreme Court has made it crystal clear that the first sale rule covers the transaction.

The decision is even more important for technology companies.  As Justice Breyer said, 

Technology companies tell us that automobiles, microwaves, calculators, mobile phones, tablets, and personal computers contain copyrightable software programs or packaging. ... Many of these items are made abroad with the American copyright holder’s permission and then sold and imported (with that permission) to the United States. ... A geographical interpretation would prevent the resale of, say, a car, without the permission of the holder of each copyright on each piece of copyrighted automobile software. Yet there is no reason to believe that foreign auto manufacturers regularly obtain this kind of permission from their software component suppliers... Without that permission a foreign car owner could not sell his or her used car.
Well said Mr. Justice, well said.  

Tuesday, November 13, 2012

Upsell By Clickwrap? The Second Circuit Says "Not So Fast..."

Have you ever purchased something from a website only to get bombarded at the checkout or payment screen with offers of other products or services?  That process, called "upselling", is a merchant's last ditch effort to get you to spend a few extra bucks before you close your browser. 
Sometimes upsells are easy to spot.  Other times, upsells are so intertwined in the checkout page that it's difficult to figure out where the terms of the original purchase end, and the upsold product begins. All too often, flashy and deceptive upsells trick unwary consumers into buying items that they didn't want, and don't need.

But a recent court ruling may help put an end to deceptive and confusing upsells.  In Schnabel v. Trilegiant Corp., the Second Circuit held that purchasers who unknowingly enrolled in an upsold "Great Fun" membership plan were not bound to an arbitration provision contained in the membership plan's "Terms & Conditions" agreement.  The case, which you can read here, clearly demonstrates how courts are loathe to enforce clickwrap agreements that are anything less than clear and conspicuous.

In Schnabel, the plaintiffs were invited to click on a hyperlink to receive "cash back" on purchases they had made at and standard stuff as far as upsells are concerned.  But the "Great Fun" membership was no ordinary upsell. In this particular case:
  1. The upsell did not indicate that the "cash back" offer involved merchants other than Priceline and;
  2. The upsell included terms (including an arbitration provision) that were emailed to the plaintiffs after they had already enrolled in the Great Fun membership plan; and,
  3. The membership cost $14.99/month, which was automatically charged to each plaintiff's credit card. Curiously, however, the plaintiffs never provided their credit card numbers to the membership plan.  (How can that be?  Answer: it's called 'post transaction marketing'.  It's also called 'data passing'.  More on that in a future blog entry...)
The court questioned whether, in light of the peculiar conditions involved in the Great Fun upsell, the plaintiffs ever gave their assent to enroll in the Great Fun membership plan.  The court focused on three factors: (i) the timing of the contract formation ("an offeree cannot actually assent to an offer unless the offeree knows of its existence"), (ii) notice ("A]n offeree, regardless of apparent manifestation of his consent, is not bound by inconspicuous contractual provisions of which he is unaware, contained in a document whose contractual nature is not obvious"), and, (iii) manifest or implied assent ("silence constitutes assent only in particular circumstances, such as where there is a duty to respond or where there is a contemporaneous oral agreement").
  After considering the relevant factors, the court held that 
[t]he plaintiffs were never put on inquiry notice of the arbitration provision, and their continued credit-card payments, which were auto-debited from their credit cards, were too passive for any reasonable fact finder to conclude that they manifested a subjective understanding of the existence of the arbitration and other emailed provisions and an intent to be bound by them in exchange for the continued benefits Great Fun offered.
If there's a lesson to be learned here, it's this: clickwrap agreements are alive and well--and generally enforceable--unless they are too complex, confusing or generally unfair, in which case they won't be enforced. 

Friday, September 7, 2012

Clickwrap / Browsewrap Agreements: It’s the Notice, Stupid!

If your company sells stuff online, it likely relies on a Terms of Use link to bind its customers to a purchase agreement, or requires its customers to click through a Terms of Use agreement before a sale can be consummated.

But is that enough?   A recent case out of NY says, maybe not.

In Nguyen v. Barnes & Noble, Inc., the plaintiff purchased two 16 GB HP TouchPad Tablets for $101.95 through Barnes & Noble’s website.  A short time later he received an email from Barnes & Noble confirming his order.  All seemed well until the next day when the plaintiff received another email from Barnes & Noble canceling his order, stating that his order would “not be shipped for the advertised price.”

As a result, the plaintiff “was unable to obtain an HP Tablet during the liquidation period for the discounted price, “and he was “forced to rely on substitute tablet technology, which he purchased . . . [at] considerable expense.”  (Yes, I know…that’s a peculiar basis for a lawsuit.  And yes, I know, he might have been able to get “substitute tablet technology” from eBay or a hundred other places at a discounted price.   And yes, I know, HP’s “tablet technology” might have been unsuitable for his needs—remember, HP discontinued those tablets due to poor sales.  But the merit of the plaintiff’s lawsuit isn’t as important as what happened next….so let’s move on.)

Barnes & Noble moved to dismiss the lawsuit and to compel arbitration, citing its website’s “Terms of Use” document that required arbitration for all claims arising from purchases made through the website.  The plaintiff countered by arguing that he didn’t agree to arbitrate his claims because the website didn’t require him to click through or affirmatively assent to the website’s Terms of Use.  (In fact, this was true: the Terms of Use hyperlink was located on the bottom left corner of each webpage, and it wasn’t necessary for a visitor to click on the Terms of Use hyperlink in order to buy something through the website.)  The plaintiff further argued that the Terms of Use were inapplicable since (i) he never clicked on the Terms of Use hyperlink, and (ii) he never actually read the Terms of Use before making his purchase. 

The court agreed with the plaintiff, and refused to dismiss the case against Barnes & Noble.  This was a predictable (and in my opinion, correct) result.  See, if you follow these types of clickwrap/browsewrap cases, then you know that these cases are rarely decided on whether a person had to click an “I Agree” button or follow a Terms of Use hyperlink.  Instead, the key to these cases is simply whether the person had reasonable notice of the terms imposed by the seller.  (Now the title of this blog article makes sense, right?)

There’s no bright line rule governing when and how “reasonable notice” is provided at a seller’s website.  But here’s my informal, not-legal-advice-but-for-educational-purposes-only list that might help you determine whether notice is “reasonable”:

Likely sufficient:
  • The buyer has to affirmatively click “I Agree”.
  • The buyer has to click a checkbox indicating his/her assent to the website’s terms.
  • The Terms of Use hyperlink is clear and conspicuous and located in the upper portion of the seller’s website.
  • The buyer is a regular visitor to the seller’s website, and is familiar with the Terms of Use of the seller’s website.

Likely insufficient:
  • The Terms of Use are provided after the sale is completed.
  • The Terms of Use are buried on the bottom of the seller’s website, and/or are displayed in a small font that could be overlooked easily by customers.
  • The color scheme used to create the Terms of Use hyperlink makes the hyperlink difficult to distinguish from the surrounding background material.  

Wednesday, August 29, 2012

Guidelines Prodding Companies to Disclose Cyberattacks? Not Likely.

Last October, the SEC issued guidelines to companies about when they should notify their shareholders about incidents involving cyberattacks.  The guidelines were--and still are--voluntary, so public companies are still free to keep cyberattack incidents out of earshot of their shareholders.   I'm not sure if that's a good thing or not--reasonable people can disagree on the issue.  But I feel pretty confident about one thing: companies are not revealing incidents involving cyberattacks because they feel legally or ethically compelled to do so.

Since issuing the guidelines, the SEC "nudged" to be more forthcoming about the cyberattack incident in which its subsidiary,, was targeted.  In April, Amazon provided certain additional references about the attack in its annual report, but nonetheless argued that the disclosure was not required under SEC rules.  (By the way, I agree with Amazon's position.  Unless the incident materially impacts the business, disclosure isn't generally required under SEC rules.)

Both Verisign and LinkedIn made public announcements about cyberattacks on their systems, but it was unclear whether those announcements were motivated by the SEC's guidelines, or by the desire to maintain damage control using the press.

So what's happening here? Are companies being more forthright about cyberattacks because they have to be?  Some pundits think so--check out the article in today's Bloomberg News.  

But I disagree.  Companies are not disclosing cyberattacks because they feel like they have to do so.  If they felt legally compelled to make such disclosures, we'd be bombarded with stories about cyberattacks on a daily basis.  

So which cyberattacks do we hear about?  How does a company make the decision to release information about a cyberattack?

First, there's the easy answer: if the security or integrity of customer data was compromised, then companies will notify the public of the cyberattack in accordance with applicable state and federal laws.  (That situation is the legal equivalent of a ground ball to first base: it's an easy out.)

But what about cases in which the attack does NOT result in customer data becoming compromised?  Do we hear about those cases?  Those are far more intriguing cases, and usually involve internal conversations in the impacted companies that go like this:
Company: "We've had a security breach."
Company's Attorney: "No way!  Really?  Wow.  What happened?" 
Company: "We're still looking into what happened, but we know all our data is safe.  It's encrypted.  Even if they saw it, they can't open it or read it." 
Company's Attorney: "That's a good thing.  So no one's information was compromised?" 
Company: "No, whoever did this won't be able to decrypt it.  But tell me, do we have to tell anyone about this?" 
Company's Attorney: "Hmmm...since the data was encrypted, I don't think we need to say a word about it.  But who else knows about this?" 
Company: "More people than we had hoped.  It's going to get leaked to people outside the company.  It probably already has." 
Company's Attorney: "Ok, then let's do damage control so no one gets the wrong idea about what happened.  Issue a press release stating that the company was attacked, that such attacks are becoming commonplace, that such attacks are a reality in today's online world, and that the company's security precautions successfully withstood the attack.  Within a few days, no one will care about the incident."

The bottom line is this: until the law requires disclosure, we shouldn't expect companies to voluntarily discuss the fact that they were targeted by hackers.  If an incident does get reported (especially incidents in which no customer data was compromised), it's likely the result of a company exercising damage control, as opposed to the company feeling legally compelled to discuss the matter with its shareholders.  

Thursday, August 23, 2012

Business Liability Coverage & IP Issues: You're Not Covered.

A case recently filed in California reminds us that so-called “business liability policies” do not cover all business-related liabilities—especially when the liabilities involve claims of intellectual property infringement.

Some background:

Purplus is a California company that sells software online.  In 2009, Adobe sued Purplus in federal court for copyright and trademark infringement, alleging that Purplus illegally made, offered for sale, and distributed copies of Adobe’s software.  

Purplus owned and maintained a “business liability” policy through Hartford Insurance Company.  The policy provided coverage for “personal and advertising” injuries.  (What’s that mean?  Good question.  Read on….)

Purplus asked Hartford to cover the costs of its defense in the Adobe litigation, but Hartford refused to do so.

Jump cut: Time passes, and the parties settle the case.  As part of the settlement, Purplus pays Adobe an (undisclosed) five-figure settlement amount.  Purplus again asks Hartford to pay for the costs of the litigation and the settlement, bur Hartford again says, “no.”

Second jump cut:  Now it’s July 2012.  Purplus files a lawsuit against Hartford seeking reimbursement for Purplus's legal expenses and the five-figure settlement amount that Purplus paid to Adobe.  Purplus’s theory is that the “advertising injury” portion of the insurance policy required Hartford to cover Adobe’s claims of intellectual property infringement.

Huh?  How does copyright or trademark infringement fall under the category of “advertising injury”?  (Actually, I don’t think it does…but let’s keep analyzing this.)

Now, dear readers, try to follow this logicPurplus “advertised” Adobe’s software by displaying Adobe's software for sale at Purplus’s website. Presumably, those advertisements led to sales.  The sales motivated Adobe to sue Purplus.  If not for Purplus’s “advertising” activity, Purplus wouldn’t have made any sales.  Without sales, there likely would have been no lawsuit.

See, “advertising” was at the heart of this whole thing—so Hartford should have covered Purplus’s litigation expenses, right?


The way I see it, Adobe’s lawsuit for intellectual property infringement had nothing to do with advertising.  Admittedly, Purplus did advertise Adobe’s software through its website, but that doesn’t mean that the case involved an “advertising injury”.  Taking Purplus’s argument a bit further, one could always invoke an “advertising injury” by engaging in intellectual property infringement, and then advertising and selling the infringing materials through a website.   

Let me put it this way: intellectual property infringement might, or might not, involve advertising.  (Want an example?  Go to a local flea market and see if you can buy bootlegged versions of music or movie DVDs.  Those DVDs are all examples of unadvertised intellectual property infringement.)  The fact that a person may use advertising as a means to promote and sell allegedly infringing materials doesn’t transform an IP infringement case into an “advertising injury”.

Purplus’s case is pending in California, but I don’t think it has much chance of success.  
But Purplus’s situation highlights something that you need to know about so-called “business liability” policies.  Very often, the only intellectual property matters covered under business liability policies are matters in which the insured unintentionally uses someone else’s trademark or copyrighted materials in the insured’s advertisements or promotions.  

For example, if I advertised a product I was selling and my advertisement unintentionally included copies of Coca-Cola’s trademarks, then I might incur an advertising-related injury for which I might be covered under a business liability policy.  But it is highly unlikely that I could use Coca-Cola’s trademarks, advertise the fact that I was doing so, and then claim an “advertising injury” if Coca-Cola sued me for trademark infringement.

The point is this: business liability policies come in all shapes and sizes.  Don’t assume your company is covered, especially with regard to intellectual property issues, just because your company has a business liability policy.  

Saturday, July 28, 2012

What Are Your Online Ads "Up To"?

What does it mean if an advertisement says that you’ll receive “up to” a certain percentage off normal prices?  Would it surprise you to learn that almost half of the people reading that probably don't know the answer?  It's true...there's even a report to prove it.

In late June, the FTC released a report which analyzed how consumers interpret the words “up to” in advertisements.  You can check out the report here

Not surprisingly, the FTC's report concluded that about half of all people surveyed thought that an ad containing the words “up to” (such as “up to 47% savings”) meant that they would receive the maximum savings (i.e., 47% savings), and not something less than that (like, for instance, 25% savings).

Does this mean that online merchants must sell everything at the maximum discount listed in their promotions or else risk violating an FTC mandate?  No.  Companies can still take advantage of the “up to” language to discount their products and services for less than the maximum promoted discounted rate.  But tread carefully: the FTC’s report reminds us that there are many other issues that your business needs to consider when advertising discounts for its products or services.  Among them are:

1. Wording establishes customer expectation.  Although it's not “deceptive” to say that consumers will receive “up to” a certain amount of savings, the FTC’s report illustrates that approximately half of your consumers expect to receive the maximum level of savings when the words “up to” are included in your ad.  (And you know what happens when consumer expectations are not met, right?  You end up with customer service complaints.  Or charge backs.  Or class action lawsuits.) 

2. Under federal and state consumer sales laws, if your company promotes discounts of “up to” a certain amount, then there must be a way—a commercially reasonable way—for your customers to receive that maximum discount.  For example, if you say, “We’ll sell you a car for up to 25% off if you buy it through our website”, but in reality the full discount would apply only to sales occurring during certain hours and apply only to a limited number of cars, then you’ve likely violated both federal and state consumer protection laws—unless you clarify the limitations using clear and unambiguous language.  

3. State Attorneys General and the FTC scrutinize businesses that use the “up to” language in their advertisements.  If you use “up to” in your online promotions, you’d better be prepared to demonstrate (i) how the maximum promoted discount could be achieved reasonably under normal commercial terms and in light of reasonable consumer expectations, and (ii) examples where your customers actually qualified for, and received, the your company's maximum advertised discount.  

Any questions about whether your online advertisements meet or exceed legal standards?  Drop me an email and I’ll send you my whitepaper, “Promises, Promises: Current Standards in Online Advertisements.”

Monday, June 4, 2012

Groupion v. Groupon: Sometimes a Name is Just a Name.

Let's consider two companies: Groupion and Groupon.

Are their names similar?  Sure they are.  In fact, they're so similar, that Groupion--which started doing business before Groupon adopted its now-famous trademark--thought it could sue Groupon for trademark infringement.

Open and shut case?  Hardly.  

Yes, I know, the names sound very similar.  But the companies offer very different services--which is why late last month, Groupion's trademark case was dismissed by a federal court in California.  See, it's not always about the fact that two trademarks sound alike.

Let's repeat it again for those of you (mostly attorneys) who still don't get it: the issue is NOT whether two names sound alike.  If it was, then Apple Movers couldn't exist in light of Apple Computers.  (Look it up--there really is an Apple Moving company.)  Infiniti Printers couldn't exist in light of the car maker, Infiniti.  Get the point?

The question, boiled down to its most basic elements, is whether two companies that have similar trademarks also offer similar goods or services to similar customer bases.  This can all be summarized in two words: customer confusion.  If customer confusion exists, then so does infringement.  And vice versa.  

Now back to our Groupion/Groupon case...

Groupion offers a software solution that allows companies and project teams to work together and execute different tasks within one integrated, Web-based working environment.  (On an unrelated side note, I'm not personally familiar with the company, but their solution does look pretty cool....)

Groupon, as most of you probably know, is a “deal of the day” website that enables merchants to offer discounts and e-coupons to consumers over the Web. 

So let's put aside mere syllabic (or perhaps, semantic?) similarities and look at it this way: would a reasonable consumer be confused into thinking a company that offers "deal of the day" opportunities is somehow affiliated with another company that, according to its website, offers a Web-based "business Groupware and CRM platform which helps companies and project teams work together and execute different tasks within one integrated working environment"?

I think not.  And the court thought not too.  Case dismissed.