e-Commerce Docket Sheet

Five States Enact Data Security
Breach Notification Law Similar To CA's

The legislation was recently enacted in Arkansas, North Dakota, Montana and Washington, and, at the time of this writing, awaits the signature of Georgia's governor. The legislation in Arkansas, North Dakota, Montana and Washington closely parallels the requirements of the California data security breach notification law enacted in 2002. In each of these states, the legislation provides that entities that own or license “computerized data” that contains “personal information” about individuals must disclose any breach in the security of the data to the individuals in the manner specified in the statute. The pending Georgia bill applies only to “information brokers.”

The legislation is available at:

• Arkansas Act 1526 (S.B. 1167) (signed Mar. 31, 2005): www.arkleg.state.ar.us/ftproot/acts/2005/public/act1526.pdf.
• Georgia S.B. 230 (signed May 5, 2005) www.legis.state.ga.us/legis /2005_06/pdf/sb230.pdf.
• North Dakota SB 2251 (signed Apr. 28, 2005): www.state.nd.us/lr/assembly/59-2005/bill-text/FRBS0500.pdf.
• Montana H.B. 732 (signed Apr. 28, 2005): http://data.opi.state.mt.us/bills/2005/billhtml/HB0732.htm.
• Washington S.B. 6043 (signed May 10, 2005): www.leg.wa.gov/pub/billinfo/2005-06/Htm/Bills/Senate%20Passed%20Legislature/6043-S.PL.htm.

---

Video Game Developer's Secondary Liability
Negated By Failure To Allege Trademark Infringement

The developer of a video game that permits users to create video game characters that allegedly infringe registered trademarks cannot be held secondarily liable for trademark infringement by the video game users. Marvel Enterprises, Inc. v. NCSoft Corp., No. 04-9253 (C.D. Cal. Mar. 9, 2005). The court concluded that the secondary liability claims failed because the trademark owner did not allege that the video game users who created characters were using its marks in commerce in connection with the sale or advertising of goods or services. The court declined, however, to dismiss direct and secondary copyright-infringement claims against the developer of the video game, concluding that the plaintiff's allegations that it was the holder of copyrighted characters that were allegedly infringed by users of the defendant's game were sufficient to survive a motion to dismiss.

---

Object Code Licensee Entitled To
Reverse Engineer Source Code Under Copyright '117(a)(1)

A company that reverse-engineered, decompiled and modified the source code of programs written for it by a former consultant may claim the affirmative defense in '117(a)(1) of the Copyright Act as an “owner of a copy” of the computer program. Krause v. Titleserv, Inc., 2005 U.S. App. LEXIS 4570 (2d Cir. Mar. 21, 2005). The circuit court agreed that the company met the requirement that its actions were “an essential step in the utilization of the computer program[s] in conjunction with a machine” because the company's changes were “modest alterations” made only to the company's copies, and they did not harm the interests of the copyright owner.

---

Without Contract Principles, Parent Can't Enforce
Arbitration Rule In Software Pact Subsidiary Signed

A parent company, the defendant in the lawsuit, may not enforce an arbitration provision in a software-license agreement signed by its subsidiary, unless the company can show entitlement to the benefit of the provision under principles of contract and agency law. Appforge, Inc. v. Extended Systems, Inc., 2005 U.S. Dist. LEXIS 5039 (D. Del. Mar. 28, 2004). The court concluded that the parent company had not shown such entitlement with respect to copyright, trademark and unfair competition claims that the software licensor asserted under federal and state law, under either equitable estoppel or third-party beneficiary theories. The court concluded that the litigation should be stayed with respect to the parent company, however, because the same claims against the parent's subsidiary were found to be arbitrable, and the parent had agreed that it would be bound by any factual adjudications in the arbitration proceeding in which the subsidiary would participate.

---

Fix Of False Game Packaging Claim Creates
Material Fact Issue Against Summary Judgment

A defendant's remediation efforts concerning false claims on the packaging of its computer-game software creates a material issue of fact precluding summary judgment in favor of the plaintiff on its false advertising claim. eGames, Inc. v. MPS Multimedia, Inc., 2005 U.S. Dist. LEXIS 4536 (E.D. Pa. Mar. 22, 2005). The competitor alleged, and the defendant company admitted, that the packaging on its game software overstated the number of games, backgrounds and layouts in the package. The court concluded, however, that there was a material issue of fact concerning harm to the competitor, because the defendant company had corrected the false statements on the packaging of its software, and provided downloadable patches on its Web site to correct the already distributed software. The court also noted the defendant's assertions that the competitor was not likely to be harmed because the products were not likely to be sold side-by-side.

---

Non-Commercial Trademark Use As
Domain Name Isn't Lanham Act Infringement

Non-commercial use isn't actionable under the Lanham Act where the Web site with the trademark as a non-commercial domain-name use contains consumer commentary about the products and services that the mark represents. Bosley Medical Institute, Inc. v. Bosley Medical Group, 403 F.3d 672 (9th Cir. 2005). The appeals court upheld the district court dismissal of the trademark owner's trademark-infringement and dilution claims, concluding that the consumer's use of the mark was not “in connection with the sale of goods or services” and so was “noncommercial.” The court rejected the argument that the commercial use requirement was established because the Web site was aimed at preventing other consumers from obtaining or using the plaintiff's goods and services, expressly rejecting the reasoning of the Fourth Circuit in People for the Ethical Treatment of Animals v. Doughney, 263 F.2d 359 (4th Cir. 2001). The court did, however, preserve the plaintiff's claim under the Anticybersquatting Consumer Protection Act for further adjudication.

---

Family Entertainment And Copyright Act Becomes Law

The Family Entertainment And Copyright Act (S.167) was signed into law on April 27. Pub.L. No. 109-9 (Apr. 27, 2005). The Act contains several individual titles, including Title I, which comprises the Artists' Rights and Theft Prevention Act of 2005 or ART Act. The ART Act substantially increases the penalties for distributing pirated copies of films before the films are legitimately released. Title II of the law, the Family Movie Act of 2005, exempts from liability infringement related to technology that permits the skipping of offensive content in motion pictures. The text of S.167 is available at www.brownraysman.com/InternetLawUpdate/S167.pdf.

---

Site Access With Actual Or Imputed Knowledge Of Terms Of Use,
Absent Express Agreement, Is Assent

Access to a Web site in a manner that gives rise to actual or imputed knowledge of the Web site's terms of use constitutes assent to those terms, even if the user does not expressly agree to the terms. Cairo, Inc. v. CrossMedia Services, Inc., 2005 U.S. Dist. LEXIS 8450 (N.D. Cal. Apr 1, 2005) (unpublished). The court noted that each page of the Web site displayed a notice asserting that use of the site constituted agreement to the terms of use. The court ruled that the repeated automated use of a screen scraper to access the plaintiff's Web site could form the basis of imputed knowledge of the terms of use, including a forum-selection clause, binding the user to those terms.

---

Broad Injunction Against Using 'Identical Or
Confusingly Similar' Domain Names Upheld

The district court did not abuse its discretion in preliminarily enjoining an activist from using domain names “identical or confusingly similar to” the plaintiff's trademarks in connection with Web sites supporting a controversial social cause. Faegre & Benson, LLP v. Purdy, 2005 U.S. App. LEXIS 5402 (8th Cir. Apr. 4, 2005). The injunction also prohibited the use of marks or Web site trade dress that is either identical or confusingly similar to the plaintiff's.

---

Copyright Owner Can't Use DMCA Subpoena
To Get Subscriber ID From ISP

A copyright owner seeking the identity of an anonymous Internet user alleged to have engaged in unlawful file-sharing may not use the subpoena provisions in '512(h) of the Digital Millennium Copyright Act (DMCA) to obtain identifying subscriber information from the user's Internet service provider (ISP). In re Subpoena to University of North Carolina at Chapel Hill, No. 1:03MC138 (M.D. N.C. Apr. 14, 2005). The court concluded that the DMCA subpoena provisions apply only to service providers referenced in DMCA Section 512(b), (c) and (d), ie, those that engage in some form of information storage, and not to service providers under '512(a), ie, those that provide only “transitory digital network communications.” The court concluded that to read the subpoena provisions expansively to apply to '512(a) service providers would change the substance of the statute as enacted by Congress.

---

NY Attorney General Sues 'Spyware' Distributor

New York State Attorney General Eliot Spitzer filed suit on April 28 against Intermix Media, alleging that the company engaged in deceptive business practices in its distribution of software that redirects Web addresses, adds toolbars and delivers pop-up ads to Internet users' computers. According to the complaint, the company deceptively and surreptitiously bundled “undisclosed and invasive spyware (also known as 'adware') programs” with free games, cursors, screensavers and other small software programs that it distributed free to consumers. The complaint seeks injunctive relief and civil penalties.

The complaint is available at www.oag.state.ny.us/press/2005/apr/apr28a_05.html.

---

Julian S. Millstein Edward A. Pisacreta Jeffrey D. Neuburger

Five States Enact Data Security
Breach Notification Law Similar To CA's

The legislation was recently enacted in Arkansas, North Dakota, Montana and Washington, and, at the time of this writing, awaits the signature of Georgia's governor. The legislation in Arkansas, North Dakota, Montana and Washington closely parallels the requirements of the California data security breach notification law enacted in 2002. In each of these states, the legislation provides that entities that own or license “computerized data” that contains “personal information” about individuals must disclose any breach in the security of the data to the individuals in the manner specified in the statute. The pending Georgia bill applies only to “information brokers.”

The legislation is available at:

• Arkansas Act 1526 (S.B. 1167) (signed Mar. 31, 2005): www.arkleg.state.ar.us/ftproot/acts/2005/public/act1526.pdf.
• Georgia S.B. 230 (signed May 5, 2005) www.legis.state.ga.us/legis /2005_06/pdf/sb230.pdf.
• North Dakota SB 2251 (signed Apr. 28, 2005): www.state.nd.us/lr/assembly/59-2005/bill-text/FRBS0500.pdf.
• Montana H.B. 732 (signed Apr. 28, 2005): http://data.opi.state.mt.us/bills/2005/billhtml/HB0732.htm.
• Washington S.B. 6043 (signed May 10, 2005): www.leg.wa.gov/pub/billinfo/2005-06/Htm/Bills/Senate%20Passed%20Legislature/6043-S.PL.htm.

---

Video Game Developer's Secondary Liability
Negated By Failure To Allege Trademark Infringement

The developer of a video game that permits users to create video game characters that allegedly infringe registered trademarks cannot be held secondarily liable for trademark infringement by the video game users. Marvel Enterprises, Inc. v. NCSoft Corp., No. 04-9253 (C.D. Cal. Mar. 9, 2005). The court concluded that the secondary liability claims failed because the trademark owner did not allege that the video game users who created characters were using its marks in commerce in connection with the sale or advertising of goods or services. The court declined, however, to dismiss direct and secondary copyright-infringement claims against the developer of the video game, concluding that the plaintiff's allegations that it was the holder of copyrighted characters that were allegedly infringed by users of the defendant's game were sufficient to survive a motion to dismiss.

---

Object Code Licensee Entitled To
Reverse Engineer Source Code Under Copyright '117(a)(1)

A company that reverse-engineered, decompiled and modified the source code of programs written for it by a former consultant may claim the affirmative defense in '117(a)(1) of the Copyright Act as an “owner of a copy” of the computer program. Krause v. Titleserv, Inc., 2005 U.S. App. LEXIS 4570 (2d Cir. Mar. 21, 2005). The circuit court agreed that the company met the requirement that its actions were “an essential step in the utilization of the computer program[s] in conjunction with a machine” because the company's changes were “modest alterations” made only to the company's copies, and they did not harm the interests of the copyright owner.

---

Without Contract Principles, Parent Can't Enforce
Arbitration Rule In Software Pact Subsidiary Signed

A parent company, the defendant in the lawsuit, may not enforce an arbitration provision in a software-license agreement signed by its subsidiary, unless the company can show entitlement to the benefit of the provision under principles of contract and agency law. Appforge, Inc. v. Extended Systems, Inc., 2005 U.S. Dist. LEXIS 5039 (D. Del. Mar. 28, 2004). The court concluded that the parent company had not shown such entitlement with respect to copyright, trademark and unfair competition claims that the software licensor asserted under federal and state law, under either equitable estoppel or third-party beneficiary theories. The court concluded that the litigation should be stayed with respect to the parent company, however, because the same claims against the parent's subsidiary were found to be arbitrable, and the parent had agreed that it would be bound by any factual adjudications in the arbitration proceeding in which the subsidiary would participate.

---

Fix Of False Game Packaging Claim Creates
Material Fact Issue Against Summary Judgment

A defendant's remediation efforts concerning false claims on the packaging of its computer-game software creates a material issue of fact precluding summary judgment in favor of the plaintiff on its false advertising claim. eGames, Inc. v. MPS Multimedia, Inc., 2005 U.S. Dist. LEXIS 4536 (E.D. Pa. Mar. 22, 2005). The competitor alleged, and the defendant company admitted, that the packaging on its game software overstated the number of games, backgrounds and layouts in the package. The court concluded, however, that there was a material issue of fact concerning harm to the competitor, because the defendant company had corrected the false statements on the packaging of its software, and provided downloadable patches on its Web site to correct the already distributed software. The court also noted the defendant's assertions that the competitor was not likely to be harmed because the products were not likely to be sold side-by-side.

---

Non-Commercial Trademark Use As
Domain Name Isn't Lanham Act Infringement

Non-commercial use isn't actionable under the Lanham Act where the Web site with the trademark as a non-commercial domain-name use contains consumer commentary about the products and services that the mark represents. Bosley Medical Institute, Inc. v. Bosley Medical Group , 403 F.3d 672 (9th Cir. 2005). The appeals court upheld the district court dismissal of the trademark owner's trademark-infringement and dilution claims, concluding that the consumer's use of the mark was not “in connection with the sale of goods or services” and so was “noncommercial.” The court rejected the argument that the commercial use requirement was established because the Web site was aimed at preventing other consumers from obtaining or using the plaintiff's goods and services, expressly rejecting the reasoning of the Fourth Circuit in People for the Ethical Treatment of Animals v. Doughney , 263 F.2d 359 (4th Cir. 2001). The court did, however, preserve the plaintiff's claim under the Anticybersquatting Consumer Protection Act for further adjudication.

---

Family Entertainment And Copyright Act Becomes Law

The Family Entertainment And Copyright Act (S.167) was signed into law on April 27. Pub.L. No. 109-9 (Apr. 27, 2005). The Act contains several individual titles, including Title I, which comprises the Artists' Rights and Theft Prevention Act of 2005 or ART Act. The ART Act substantially increases the penalties for distributing pirated copies of films before the films are legitimately released. Title II of the law, the Family Movie Act of 2005, exempts from liability infringement related to technology that permits the skipping of offensive content in motion pictures. The text of S.167 is available at www.brownraysman.com/InternetLawUpdate/S167.pdf.

---

Site Access With Actual Or Imputed Knowledge Of Terms Of Use,
Absent Express Agreement, Is Assent

Access to a Web site in a manner that gives rise to actual or imputed knowledge of the Web site's terms of use constitutes assent to those terms, even if the user does not expressly agree to the terms. Cairo, Inc. v. CrossMedia Services, Inc., 2005 U.S. Dist. LEXIS 8450 (N.D. Cal. Apr 1, 2005) (unpublished). The court noted that each page of the Web site displayed a notice asserting that use of the site constituted agreement to the terms of use. The court ruled that the repeated automated use of a screen scraper to access the plaintiff's Web site could form the basis of imputed knowledge of the terms of use, including a forum-selection clause, binding the user to those terms.

---

Broad Injunction Against Using 'Identical Or
Confusingly Similar' Domain Names Upheld

The district court did not abuse its discretion in preliminarily enjoining an activist from using domain names “identical or confusingly similar to” the plaintiff's trademarks in connection with Web sites supporting a controversial social cause. Faegre & Benson, LLP v. Purdy, 2005 U.S. App. LEXIS 5402 (8th Cir. Apr. 4, 2005). The injunction also prohibited the use of marks or Web site trade dress that is either identical or confusingly similar to the plaintiff's.

---

Copyright Owner Can't Use DMCA Subpoena
To Get Subscriber ID From ISP

A copyright owner seeking the identity of an anonymous Internet user alleged to have engaged in unlawful file-sharing may not use the subpoena provisions in '512(h) of the Digital Millennium Copyright Act (DMCA) to obtain identifying subscriber information from the user's Internet service provider (ISP). In re Subpoena to University of North Carolina at Chapel Hill, No. 1:03MC138 (M.D. N.C. Apr. 14, 2005). The court concluded that the DMCA subpoena provisions apply only to service providers referenced in DMCA Section 512(b), (c) and (d), ie, those that engage in some form of information storage, and not to service providers under '512(a), ie, those that provide only “transitory digital network communications.” The court concluded that to read the subpoena provisions expansively to apply to '512(a) service providers would change the substance of the statute as enacted by Congress.

---

NY Attorney General Sues 'Spyware' Distributor

New York State Attorney General Eliot Spitzer filed suit on April 28 against Intermix Media, alleging that the company engaged in deceptive business practices in its distribution of software that redirects Web addresses, adds toolbars and delivers pop-up ads to Internet users' computers. According to the complaint, the company deceptively and surreptitiously bundled “undisclosed and invasive spyware (also known as 'adware') programs” with free games, cursors, screensavers and other small software programs that it distributed free to consumers. The complaint seeks injunctive relief and civil penalties.

The complaint is available at www.oag.state.ny.us/press/2005/apr/apr28a_05.html.

---

Julian S. Millstein Edward A. Pisacreta Jeffrey D. Neuburger New York Brown Raysman Millstein Felder & Steiner LLP