2002 Cyberspace Law Exam Sample Answer — Eric Goldman

Santa Clara University School of Law
Cyberspace Law – Spring 2002
“Sample” Answer
Eric Goldman (ericgoldman@onebox.com)

Introduction

I thought this was a super easy exam, but maybe I was wrong!  A surprising number of you struggled with both issue spotting and accuracy in your analysis.  I hope this sample answer clears up some of the confusion.  There were 10 As, 20 Bs and 5 Cs.

Question 1

This question was based on a composition of several real-life situations, including Yahoo’s recent well-publicized decisions and some issues I faced for clients.  This is a typical situation where marketing people, charged with generating more user activity, view customer lists as an exploitable asset regardless of the context under which the customer list was generated.

To answer this question correctly, you needed to carefully identify the different classes of users.  User classification was a big lever in scores for this question.  Those of you who did a good job classifying users usually did well, and those of you who didn’t couldn’t easily recover.

Classes of Users and Risks

Users who opted in.  Generally these users raise no issues.  However, you might query whether a movie newsletter fits within the scope of consent given by consenting to receive “updates about WooHoo.”

Users who were never asked their preferences.  Interestingly, there is probably no legal grounds for these users to complain, but they might be cranky nonetheless if they thought the silent social contract was different from the default preferences being assigned to them.

Users who opted out.  There’s a bit of a conundrum here.  The users expressly said they were interested in receiving certain types of communications.  However, these same users agreed to the privacy policy which said that WooHoo could change its privacy policy whenever it wants.  So can WooHoo trump the users’ preferences just by changing the privacy policy?  If so, WooHoo eliminates all legal risk to these users when it changes its policy.

There’s no certain answer to this question.  Fundamentally, it’s a matter of contract interpretation, and a court could look to see what terms were part of the original contract, what terms constituted an amendment, and under what situations the amendment trumps the original contract.

However, my belief is that many judges, presented with facts like this, would choose to limit WooHoo’s amendment right such that it cannot trump specific instructions from the user.  Otherwise, WooHoo can change X to not X, and this is so incongruous with users’ expectations that it doesn’t seem consistent with a bilateral contract.

Even if WooHoo can legally change its privacy policy so that X can become not X, there’s still an issue about whether it can do so merely by posting the changes to a website and not notifying users in any other manner.  As I’ve mentioned in class, this is a suspect practice and might be procedurally defective even if the substance is OK.

If the privacy policy amendment doesn’t cure the defect with the opt-out users, WooHoo could be liable for:

  • FTC Act violation for unfair trade practices because it breached its privacy policy
  • Breach of contract assuming either the privacy policy or the users’ preference configurations constituted a mutually binding contract
  • Spam by the applicable Internet access providers who see WooHoo as ignoring user preferences.  This can lead to a lawsuit or the RBL.  Interestingly, users probably can’t bring suit under state anti-spam laws because most state laws exclude pre-existing business relationships from the definition of spam.

Note that WooHoo could be a little slippery and argue that the movie email is neither an update or a special offer, in which case the user was never asked whether or not they consented to receive this type of email.

Users who were falsely registered.  These users can assert that WooHoo’s email is spam and sue under state anti-spam laws.  IAPs will also treat this as spam.

Some of you discussed the EU Directive and COPPA, although there weren’t any facts to make either topic especially relevant.  Some of you also spent time, in some cases substantial, on possible content liability for the newsletters.  While this was a slightly relevant topic, there wasn’t much to go on.

Seriousness of the risks

How serious are these risks?  The legal risks are probably a little less serious than our intuition might tell us.  WooHoo does have some legal risk to the opt-out users, but their claims aren’t certain and it would require class action coordination or the FTC’s involvement to become serious.  WooHoo also has some risks to falsely registered users, although these lawsuits have been virtually non-existent.

In my opinion, the more serious risks are:

  • WooHoo will be deemed a spammer by IAPs and be blacklisted.
  • WooHoo will be criticized by the press (as Yahoo was)
  • WooHoo will undermine its goodwill with users who lose trust in WooHoo because of its slutty practices.  I personally think this is the most serious risk.  Many users changed their relationship with Yahoo to eliminate all contact with Yahoo after its policy change, and other users (such as myself) who didn’t have a Yahoo account will be far less likely to tell Yahoo the truth or accept communications from Yahoo in the future based on their degraded trustworthiness.  Interestingly, in my experience, if you pose this specific risk to the marketing folks, almost without fail they will dismiss its importance and be willing to accept the risk.

If the marketing folks dismiss the goodwill argument, then I can see a rational company deciding to proceed despite the possible legal risks.

Interestingly, some of you thought the risks weren’t that great because of the easy unsubscribe procedures.  While easy unsubscribe procedures may ameliorate some users’ concerns, it certainly doesn’t have any legal effect and may not alleviate user crankiness.

Alternatives

There aren’t many great alternatives here.  Some of the things WooHoo can do:

  • Send emails only to validated email addresses.  This is a core business practice useful for many purposes.
  • Send newsletters only to users who opted in or who were never asked.
  • Post the newsletters as web pages and don’t email users (kind of defeats the purpose)
  • Provide opt in opportunities on the site to try to sway the opt outs to change their preferences.
  • Email notification of the changes to the privacy policy.  This addresses the process defect with the privacy policy amendment, but not the potential substantive defect.
  • Emails users who said they would accept updates but not special offers and ask them to sign up for the other newsletters.
  • Change the wording on the registration page to be clearer about what consent is being solicited.  Of course this applies only to new users.  However, the crux of this question turns on the ambiguous consent being asked and the limitations if someone opts out of a broadly worded consent.

Question 2

This is a pretty faithful paraphrase of an actual letter I received at Epinions.  It turns out the person complaining only cared about a specific product name for which we had received inaccurate information from an upstream provider, and thus the problem was easy to fix.  Unfortunately, they initially wrote a generic bigfoot letter, which wasn’t very nice of them and created some extra work for me.

The arguments in response to their letter:

1.         Onionpie isn’t making a trademark use of the term PL at all, because the term is not being used to identify and distinguish Onionpie’s goods and services.  Onionpie uses the PL term much like a newspaper, catalog or retailer does—to accurately describe the name of a product available in the marketplace and not as a source identifier for the newspaper, catalog or retailer.  If this is not a use of the term in a trademark sense, then there’s no infringement or dilution.

2.         If Onionpie is making a trademark use of PL, then such use is trademark fair use.  From the Welles case, nominative fair use occurs when “(a) the product not readily identifiable without using the trademark; (b) the mark is used only as reasonably necessary to identify the product; and (c)  there’s no suggestion of sponsorship or endorsement by the trademark holder.”  Here, Onionpie doesn’t have any way to describe PL other than by using its name.  PL could argue that that more use than necessary is being made, and while that’s debatable I don’t think Onionpie’s use exceeds the use in the Welles case.  PL could also argue that there is implied sponsorship or endorsement.  Disposition of that factor really depends on exactly how the information is presented on the page.  However, in sum, I think there’s a good argument for nominative fair use assuming trademark use is occurring.

Some of you analyzed fair use using the copyright concept of fair use.  The copyright fair use doctrine is a different test motivated by different issues, and therefore it does not help analyze this issue.

3.         If the use is not fair, then it’s not confusing or dilutive.

To analyze confusion, we apply the Sleekcraft factors.  Given the time allocated for this question and the limited facts you were given, you didn’t have time to do a thorough Sleekcraft analysis, nor were you expected to.  As with the implied sponsorship/endorsement test in nominative fair use, it’s hard to analyze this issue without seeing the specific implementation on the pages.  Further, the Sleekcraft test doesn’t fit easily in situations that are really non-TM uses or nominative fair use anyway.  However, in your letter you’d argue that there is no confusion because there is no relatedness of products, no bad intent and no evidence of actual confusion.

However, PL could argue that even if there is no confusion on the Onionpie site, there is initial interest confusion occurring at the search engines, especially because of the metatags.  As I mentioned in class, the cases are split on this topic right now, but in a situation like this the initial interest confusion doctrine would lead to horrible results that most judges would probably avoid if they are made aware of it.  The metatags would not be a problem if the use is nominative fair use.

You would also argue that there’s no dilution for at least 2 reasons.  First, the PL term is not being used “in commerce” per the Sumpton case, although I think this is dubious.  Second, there is no blurring (the product name is being used in connection with the product, not some random thing) or tarnishment (Onionpie is not a porn site).  PL could argue that there is tarnishment if there are negative reviews of PL on the site, although I don’t think negative reviews alone create tarnishment if they are generally truthful (they can’t undermine a brand if they accurately describe limitations with the brand).

Some of you discussed contributory trademark infringement, but there’s no contributory issues because Onionpie is committing any violations itself.

Some of you discussed the DMCA 512 safe harbors.  The DMCA does not apply to trademark claims and therefore was irrelevant to this question.  It’s conceivable the 512(c) standards for notice may prove persuasive to judges evaluating the validity of trademark infringement notices, but that’s just a guess.  Also, the DMCA 512(c) safe harbor was irrelevant because it protects against user-committed infringement, and there’s no facts suggesting the infringement was being committed by a third party.

Question 3

This was an incredibly easy question, probably too easy.  A top-scoring answer could be done in just a few sentences.

These quotations are also pretty-faithful paraphrases of letters I received at Epinions.  One of the senders was so ticked with my perceived intransigence that he challenged me to pose the question to my students.  So I did!  Surprise—you almost unanimously reached the same conclusion I did, although that’s not a scientifically significant result….

The Nellay letter was defective because it treats the DMCA 512(c) notification procedures as applying to defamation claims.  Furthermore, the assertion that Onionpie might be protected from inadvertently publishing defamatory material is imprecise at best.  Under 230 and Zeran, notification and intent is irrelevant to liability.  Onionpie is insulated from the claims under 230 even if it has received notice and even if it has proceeded deliberately in continuing to publish defamatory material.  See Zeran and its progeny.

The US Shipping letter is defective because Onionpie is not hiding behind the First Amendment.  Rather, it is asserting the defense of 47 USC 230, a statutory enactment of Congress.  Under 230, Onionpie has no obligation to verify the information.  The safe harbor applies even if Onionpie does nothing in response to a notice.  Further, if 230 didn’t apply, the First Amendment would be relevant because it raises the scienter standards for defamation liability in some cases.

Of course there are some theoretical holes in 230(c), such as its applicability to websites and the “provided by” language.  Some of these holes have been plugged by Schneider.  All signs seem to indicate that courts will shut down most end runs around the 230 bar.

Some of you hit the above points but said more, in some cases lots more.  Saying more wasn’t intrinsically bad, but some of you lost points because what you said was wrong.  The few of you never mentioned 230 scored poorly on this question.