e-Commerce DOCKET SHEET

P2P Tech Distributors May Be
Liable For Inducing Infringement

A party that distributes technology “with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement,” may be liable for “active inducement” of the acts of infringement by

third-party users of that technology. Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. _____ (2005), 2005 U.S. LEXIS 5212 (June 27, 2005). The Court reversed the Ninth Circuit ruling that because the file-sharing software had substantial non-infringing uses, the distributors were not secondarily liable unless there was a showing they had actual knowledge of specific infringement upon which they failed to act. The Court detailed the evidence before the district court on summary judgment showing the distributors' intent to induce infringement, including efforts to attract Napster file-sharing system users, distribution of promotional materials advertising their software as an alternative to Napster, executives' monitoring the system to determine number of available songs by popular commercial artists, free distribution of the software as part of a business model depending on high-volume and therefore likely infringing uses, and the distributors' failure to make efforts to impede sharing of copyrighted works on the system.

---

FCC Can Exempt Cable Companies
From ISP Access Regulations

The Federal CommunicationsCom-mission (FCC) acted within its authority under the Communications Act of 1934 when it ruled that cable companies that provide Internet service to their cable subscribers are not subject to mandatory common-carrier regulations that are applicable to telecommunications providers. National Cable & Telecommunications Association v. Brand X Internet Services, 545 U.S. _____ (2005), 2005 U.S. LEXIS 5018 (June 27, 2005). The Supreme Court ruled that the FCC had authority to define broadband cable modem service as an “information service” that is not subject to common-carrier regulations that require telecommunications service providers to open their systems to other telecommunications providers. The Court held that the FCC ruling was a lawful interpretation of the Communications Act to which the courts must defer.

---

Trademark Term In Web List Triggering
Pop-Up No Use In Commerce

The inclusion of a Web site address containing a trademark term in a directory that generates competitive pop-up ads when a user visits the trademark owner's Web site is not a “use in commerce” within the meaning of the Lanham Act. 1-800 Contacts, Inc. v. Whenu.com, Inc., 2005 U.S. App. LEXIS 12711 (2d Cir. June 27, 2005). The appeals court ruled that it was “plain error” to conclude that such use was actionable trademark infringement where: the address appeared only in an inaccessible directory that was scrambled to preclude access; there was no possibility of visual confusion with the plaintiff's trademark; and the software that generated the pop-up ads could not be triggered by a computer user's input of the trademark or by its appearance on a Web page accessed by the computer user. The court expressly declined to rule on whether the inclusion of a trademark itself in such a directory would constitute an actionable use.

---

FTC Settles Charges That Insecure
Customer Data Is Unfair Trade Practice

Retailer BJ's Wholesale Club agreed to settle charges brought by the Federal Trade Commission (FTC) alleging that the company's failure to take appropriate security measures to protect sensitive customer data is an unfair practice under federal consumer protection law. In the Matter of BJ's Wholesale Club, Inc., No. 042 3160 (FTC June 16, 2005). The charges arose from a theft of data from thousands of customer debit and credit card purchases that resulted in millions of dollars in fraudulent purchases. The FTC alleged that BJ's did not “provide reasonable security for sensitive customer information,” specifically in that the retailer: failed to encrypt sensitive consumer data; retained the data in violation of security rules imposed by credit card issuers; stored data in files accessible via commonly known default user IDs and passwords; failed to prevent access to data via an insecure wireless network; and failed to use adequate measures to detect and investigate security breaches. Under the settlement, the retailer agreed to a 20-year data-security reporting and audit program. The FTC press release is available at www.ftc.gov/opa/2005/06/bjswholesale.htm.

---

Hotel's Web Site Meets Purposeful
Availment For Long-Arm Jurisdiction

The requirement of purposeful availment for establishing specific jurisdiction is satisfied by a hotel's interactive Web site that targets residents of the forum state by emphasizing geographic proximity and providing driving directions from the forum state. Snowney v. Harrah's Entertainment, Inc., 35 Cal. 4th 1054, 2005 Cal. LEXIS 5892 (Cal. June 6, 2005). The court noted the disagreement among numerous courts about the nature and degree of Web site interactivity that is sufficient to establish jurisdiction, concluding that the hotel's Web site satisfied the purposeful availment requirement “by any standard.” The court noted that the hotel's Web site was interactive in that it quoted room rates and permitted visitors to make reservations, among other things.

---

Bid Deadline Specified In Government
Contract Trumps Web Page Specs

A bid deadline contained in a contract specification document controls over a different bid deadline specified on the Web site page to which the contract specification was linked. Conscoop-Consoriza Fra Cooperative Di Prod. E. Lavoro v. United States, 2005 U.S. App. LEXIS 11029 (Fed. Cir. June 10, 2005). The court ruled that the Web page specifying a later bid deadline was not part of the solicitation but merely a mechanism that provided access to the solicitation document. The court noted that the Web page itself stated that the requirements for submission of a bid were described in the solicitation.

---

44 Attorneys General Seek Disclosures
In Big Credit Card Data Glitch

The 44 officials signed a letter asking a credit-card processing company that recently experienced a major data security breach to voluntarily notify all affected consumers of the breach. According to news reports cited in the letter, the processing company reported the exposure of records pertaining to as many as 36 million credit cards to the credit card companies in May. The letter requests that the notification provide: the total number of consumers affected in each state; an explanation of how the security breach occurred and the remedial steps the company is taking, including notification of affected consumers; and an outline of an ongoing plan for avoiding reoccurrence of such breaches. The letter is available at www.atg.wa.gov/pubs/SecurityBreach.pdf.

---

FTC Obtains Injunction, Asset Freeze
Against Co. On Anti-Spyware Claims

The Federal Trade Commission (FTC) obtained a preliminary injunction and asset freeze in an enforcement action alleging that the defendants made false claims and used illegal spam in connection with the distribution of an anti-spyware program that didn't function as represented. FTC v. Trustsoft, Inc., No. H 05 1905 (S.D. Tex. June 1, 2005). The FTC complaint alleged that in distributing the SpyKiller program, the defendants used deceptive marketing practices, including pop-up and e-mail messages informing consumers that their computers had been remotely “scanned” and that spyware had been “detected” even though no such scans had been conducted, and false claims that spyware had been removed from the computers of consumers that purchased the program. The complaint also alleged violations of the federal CAN-SPAM Act, including deceptive claims, failure to identify messages as advertising, using false “from” lines, failure to give a valid postal address and failure to provide notice of and the ability to op-out of receiving the company's e-mails. The FTC press release is available at www.ftc.gov/opa/2005/06/trustsoft.htm.

---

Comprehensive ID Theft Bill
In Senate Has Notice Requirements

The Personal Data Privacy and Security Act of 2005 (S. 1332) was introduced in the Senate on June 29. Co-sponsored by Senators Arlen Specter (R-PA) and Patrick Leahy (D-VT), the bill contains provisions that would require that notice be given to any U.S. resident whose “sensitive personally identifiable information was subject to a security breach.” The data security breach notification provisions in the bill would largely pre-empt state notification laws that have been enacted in at least nine states. The bill also contains provisions that would, among other things, increase penalties for crimes involving electronic personal data, allow individuals access to any personal information held by “data brokers” and permit correction of erroneous information, along with requiring parties that handle and maintain significant amounts of personal data to adopt data security policies. The text of the legislation is available at www.brownraysman.com/InternetLawUpdate/S1332IS.pdf.

---

e-Mails Pushing Proprietary Software
Satisfy MD Long-Arm Statute

Sending e-mails advertising proprietary Internet gaming software to be downloaded from a remote server outside the forum state satisfies the Maryland long-arm statute. Beyond Systems, Inc. v. Realtime Gaming Holding Co., 2005 Md. LEXIS 318 (Md. Ct. App. June 22, 2005). The appeals court noted that the long-arm statute had been amended to give courts jurisdiction to the full extent allowed by the U.S. Constitution, and to specifically apply to computer information and computer programs in the same manner as goods and services. The court concluded that the transmission of the e-mails advertising the software constituted “conducting business … that involves supplying computer programs or information to Maryland residents” just as if the software constituted tangible goods or services.

---

Julian S. Millstein Edward A. Pisacreta Jeffrey D. Neuburger

P2P Tech Distributors May Be
Liable For Inducing Infringement

A party that distributes technology “with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement,” may be liable for “active inducement” of the acts of infringement by

third-party users of that technology. Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. _____ (2005), 2005 U.S. LEXIS 5212 (June 27, 2005). The Court reversed the Ninth Circuit ruling that because the file-sharing software had substantial non-infringing uses, the distributors were not secondarily liable unless there was a showing they had actual knowledge of specific infringement upon which they failed to act. The Court detailed the evidence before the district court on summary judgment showing the distributors' intent to induce infringement, including efforts to attract Napster file-sharing system users, distribution of promotional materials advertising their software as an alternative to Napster, executives' monitoring the system to determine number of available songs by popular commercial artists, free distribution of the software as part of a business model depending on high-volume and therefore likely infringing uses, and the distributors' failure to make efforts to impede sharing of copyrighted works on the system.

---

FCC Can Exempt Cable Companies
From ISP Access Regulations

The Federal CommunicationsCom-mission (FCC) acted within its authority under the Communications Act of 1934 when it ruled that cable companies that provide Internet service to their cable subscribers are not subject to mandatory common-carrier regulations that are applicable to telecommunications providers. National Cable & Telecommunications Association v. Brand X Internet Services, 545 U.S. _____ (2005), 2005 U.S. LEXIS 5018 (June 27, 2005). The Supreme Court ruled that the FCC had authority to define broadband cable modem service as an “information service” that is not subject to common-carrier regulations that require telecommunications service providers to open their systems to other telecommunications providers. The Court held that the FCC ruling was a lawful interpretation of the Communications Act to which the courts must defer.

---

Trademark Term In Web List Triggering
Pop-Up No Use In Commerce

The inclusion of a Web site address containing a trademark term in a directory that generates competitive pop-up ads when a user visits the trademark owner's Web site is not a “use in commerce” within the meaning of the Lanham Act. 1-800 Contacts, Inc. v. Whenu.com, Inc., 2005 U.S. App. LEXIS 12711 (2d Cir. June 27, 2005). The appeals court ruled that it was “plain error” to conclude that such use was actionable trademark infringement where: the address appeared only in an inaccessible directory that was scrambled to preclude access; there was no possibility of visual confusion with the plaintiff's trademark; and the software that generated the pop-up ads could not be triggered by a computer user's input of the trademark or by its appearance on a Web page accessed by the computer user. The court expressly declined to rule on whether the inclusion of a trademark itself in such a directory would constitute an actionable use.

---

FTC Settles Charges That Insecure
Customer Data Is Unfair Trade Practice

Retailer BJ's Wholesale Club agreed to settle charges brought by the Federal Trade Commission (FTC) alleging that the company's failure to take appropriate security measures to protect sensitive customer data is an unfair practice under federal consumer protection law. In the Matter of BJ's Wholesale Club, Inc., No. 042 3160 (FTC June 16, 2005). The charges arose from a theft of data from thousands of customer debit and credit card purchases that resulted in millions of dollars in fraudulent purchases. The FTC alleged that BJ's did not “provide reasonable security for sensitive customer information,” specifically in that the retailer: failed to encrypt sensitive consumer data; retained the data in violation of security rules imposed by credit card issuers; stored data in files accessible via commonly known default user IDs and passwords; failed to prevent access to data via an insecure wireless network; and failed to use adequate measures to detect and investigate security breaches. Under the settlement, the retailer agreed to a 20-year data-security reporting and audit program. The FTC press release is available at www.ftc.gov/opa/2005/06/bjswholesale.htm.

---

Hotel's Web Site Meets Purposeful
Availment For Long-Arm Jurisdiction

The requirement of purposeful availment for establishing specific jurisdiction is satisfied by a hotel's interactive Web site that targets residents of the forum state by emphasizing geographic proximity and providing driving directions from the forum state. Snowney v. Harrah's Entertainment, Inc. , 35 Cal. 4th 1054, 2005 Cal. LEXIS 5892 (Cal. June 6, 2005). The court noted the disagreement among numerous courts about the nature and degree of Web site interactivity that is sufficient to establish jurisdiction, concluding that the hotel's Web site satisfied the purposeful availment requirement “by any standard.” The court noted that the hotel's Web site was interactive in that it quoted room rates and permitted visitors to make reservations, among other things.

---

Bid Deadline Specified In Government
Contract Trumps Web Page Specs

A bid deadline contained in a contract specification document controls over a different bid deadline specified on the Web site page to which the contract specification was linked. Conscoop-Consoriza Fra Cooperative Di Prod. E. Lavoro v. United States, 2005 U.S. App. LEXIS 11029 (Fed. Cir. June 10, 2005). The court ruled that the Web page specifying a later bid deadline was not part of the solicitation but merely a mechanism that provided access to the solicitation document. The court noted that the Web page itself stated that the requirements for submission of a bid were described in the solicitation.

---

44 Attorneys General Seek Disclosures
In Big Credit Card Data Glitch

The 44 officials signed a letter asking a credit-card processing company that recently experienced a major data security breach to voluntarily notify all affected consumers of the breach. According to news reports cited in the letter, the processing company reported the exposure of records pertaining to as many as 36 million credit cards to the credit card companies in May. The letter requests that the notification provide: the total number of consumers affected in each state; an explanation of how the security breach occurred and the remedial steps the company is taking, including notification of affected consumers; and an outline of an ongoing plan for avoiding reoccurrence of such breaches. The letter is available at www.atg.wa.gov/pubs/SecurityBreach.pdf.

---

FTC Obtains Injunction, Asset Freeze
Against Co. On Anti-Spyware Claims

The Federal Trade Commission (FTC) obtained a preliminary injunction and asset freeze in an enforcement action alleging that the defendants made false claims and used illegal spam in connection with the distribution of an anti-spyware program that didn't function as represented. FTC v. Trustsoft, Inc., No. H 05 1905 (S.D. Tex. June 1, 2005). The FTC complaint alleged that in distributing the SpyKiller program, the defendants used deceptive marketing practices, including pop-up and e-mail messages informing consumers that their computers had been remotely “scanned” and that spyware had been “detected” even though no such scans had been conducted, and false claims that spyware had been removed from the computers of consumers that purchased the program. The complaint also alleged violations of the federal CAN-SPAM Act, including deceptive claims, failure to identify messages as advertising, using false “from” lines, failure to give a valid postal address and failure to provide notice of and the ability to op-out of receiving the company's e-mails. The FTC press release is available at www.ftc.gov/opa/2005/06/trustsoft.htm.

---

Comprehensive ID Theft Bill
In Senate Has Notice Requirements

The Personal Data Privacy and Security Act of 2005 (S. 1332) was introduced in the Senate on June 29. Co-sponsored by Senators Arlen Specter (R-PA) and Patrick Leahy (D-VT), the bill contains provisions that would require that notice be given to any U.S. resident whose “sensitive personally identifiable information was subject to a security breach.” The data security breach notification provisions in the bill would largely pre-empt state notification laws that have been enacted in at least nine states. The bill also contains provisions that would, among other things, increase penalties for crimes involving electronic personal data, allow individuals access to any personal information held by “data brokers” and permit correction of erroneous information, along with requiring parties that handle and maintain significant amounts of personal data to adopt data security policies. The text of the legislation is available at www.brownraysman.com/InternetLawUpdate/S1332IS.pdf.

---

e-Mails Pushing Proprietary Software
Satisfy MD Long-Arm Statute

Sending e-mails advertising proprietary Internet gaming software to be downloaded from a remote server outside the forum state satisfies the Maryland long-arm statute. Beyond Systems, Inc. v. Realtime Gaming Holding Co., 2005 Md. LEXIS 318 (Md. Ct. App. June 22, 2005). The appeals court noted that the long-arm statute had been amended to give courts jurisdiction to the full extent allowed by the U.S. Constitution, and to specifically apply to computer information and computer programs in the same manner as goods and services. The court concluded that the transmission of the e-mails advertising the software constituted “conducting business … that involves supplying computer programs or information to Maryland residents” just as if the software constituted tangible goods or services.

---

Julian S. Millstein Edward A. Pisacreta Jeffrey D. Neuburger New York Brown Raysman Millstein Felder & Steiner LLP