Transcript GuestLecture_May11_E-CommerceTechnology Law_spring2005.ppt

E-Commerce and
Technology Law Issues
For Managers
A Guest Lecture for BA 483,
Information Technology, Business
Strategy and E-Commerce
Spring 2005
By Professor Nancy King,
Assistant Professor of Business Law, OSU
Preview of Topics:






Cyber Crime and the global marketplace
Jurisdiction of the courts over online
businesses
Contracting in cyberspace
Trademarks in cyberspace
Online dispute resolution and its use to
resolve domain name/trademark disputes
Copyright issues and the Digital Millennium
Copyright Act
Cyber Crime
Cyber crime involves the use of computers in
cyberspace to injure a person or property (the crime
occurs online or in a virtual community)







Financial crimes (example: use computer to commit
embezzlement or theft of intellectual property)
Identity theft
Theft, alteration, etc. of data
Denial of service attacks (DOS)
Cyber stalking (find victim online, cause to have
reasonable fear for safety of self or family)
Deceptive spamming prohibited by federal law
Online obscenity/First Amendment issues
Global Enforcement


FBI’s Cyber Action Teams
EU’s Cyber Cops
Challenges in
Prosecuting Cyber Crimes


Location of the crime raises jurisdictional
issues.
Identification of offenders and obtaining
evidence is often difficult.

But use of computer forensics is closing this gap.
Unauthorized Access to
Computers


Hacking (use one computer to break into
another one without authorization; it is a crime
even if nothing is taken).
Federal Computer Fraud and Abuse Act
(accessing a protected computer online without
authorization and taking classified, restricted or
protected data).
Federal CAN-SPAM Act



Controlling the Assault of Non-Solicited
Pornography and Marketing Act of 2003.
Criminal penalties including fines and up to 5 years
prison for serious spamming violations that are
committed in furtherance of any felony or as a
second offense.
Two serious spamming violations:


Accessing a protected computer and sending spam
without authorization, with intent to deceive or mislead
recipients of the origin of such messages.
Materially falsifying header information in spam and
intentionally initiating such messages (“Spoofed email
addresses”).
CIVIL Remedies Under CAN-SPAM
Prohibits less-serious spamming acts and provides remedies
for engaging in these activities:
 Using materially false or misleading information in spam
messages (example: false or misleading email header,
including the “from” line or the “subject” line).
 Failure to include a working return email address or other
way to “opt-out” of receiving future email from the sender.
 Sending future spam after opt-out by recipient;
 Failure to include identifier of sender, opt-out, and a
physical address in commercial email.
 Use of automated programs to generate email addresses.
Nature of civil remedies: cease and desist orders; fines
example: $250 per violation/$2 million limit.
Limitations of CAN-SPAM



Only applies to commercial spam – does not
regulate political or charitable spam.
Preempts (supersedes) more restrictive state
spam laws -- but allows states to provide
more stringent laws to regulate false and
deceptive spam.
Essentially allows commercial spammers at
least “one freebie” – one spam message that
is not false and deceptive sent to a consumer
without advance permission.
FTC and CAN-SPAM





Congress delegated administrative agency powers to
the FTC in CAN-SPAM under “unfair or deceptive acts
or practices” authority of the FTC.
Rule-making authority– FTC adopted an administration
requiring the placement of a warning label on email
containing sexually oriented material (FTC required
label: “Sexually-Explicit” in Subject line; the message
cannot contain graphic material).
Investigations: FTC authorized to investigate violations
of CAN-SPAM and impose civil sanctions (fines).
Adjudicate disputes: disputed civil sanctions are
reviewed by administrative law judges and available
internal appeals processes.
FTC can refer cases for criminal prosecution to U.S.
DOJ.
Criminal Charges for
Spamming


In April 2004 the DOJ charged the first four people
for criminal violations of the CAN-SPAM act related
to mass emails sent by the four to advertise
fraudulent weight-loss products.
Defendants are alleged to have disguised their
identity as senders in the emails and to have
delivered hundreds of thousands of email
advertisements by bouncing the messages off
unprotected computers.
SPAM Convictions


2004 – first felony convictions in the U.S. A Virginia
man was convicted of spamming felonies and
received nine years and a $7500 fine (in a three day
period he sent tens of thousands of unsolicited
email advertisements using false Internet addresses
to America Online subscribers through an AOL
server).
2005- Florida man was sentenced to a year in jail
and 6 years probation for sending millions of
unsolicited email using a phone company’s Internet
services.
Instant-Message Spam





Spam sent to instant-message services advertising
(“SPIM”).
In instant messaging (IM) programs, words typed by a
sender immediately appear on recipients’ screens.
First criminal case: a NY man was arrested in Feb. 2005
for sending 1.5 million spim ads for pornography and
cheap mortgages. He was charged with violation of the
federal Can-SPAM act and faces 18 years if convicted.
Well known IM services:
MYSpace, Friendster, and other web service firms that
connect people with shared interests or mutual
friends. AOL, Microsoft, and Yahoo Inc. all offer IM
programs.
SPIM can spread viruses, overload servers.
EU and SPAM LAW



2002 EU E-Commerce Directive requires member
countries to implement national legislation to regulate
SPAM by October, 2003.
This EU Directive prohibits email marketing when
consumers have “opted-out” via an “opt-out registrar.”
This EU Directive also requires e-marketers to take
steps to make sure unsolicited commercial
advertisements are clearly designated as such as
soon as received (for example, in the email header) so
the consumer can delete the unsolicited email without
opening it.
EU and SPAM


Member states’ laws may be more restrictive than the EU
E-Commerce directive. Some EU countries (e.g., Austria,
Germany, Italy, Denmark, and Finland) prohibit sending
unsolicited email without prior permission of the recipient
(thus, if these rules are followed, email is no longer spam).
In these countries email marketers may only send bulk
unsolicited commercial e-mail if the consumer has “optedin” by making the choice to receive email advertisements,
which protects the privacy of consumers’ personal
information.
Spam filters, etc. are being developed that complement
spam regulation. For e.g., Microsoft is working with
international governments to fight SPAM and is developing
technological measures to fight SPAM for MSN, Microsoft
Exchange, and Outlook Messaging in Office.
Businesses Are Taking Action:
Civil Liability for Computer Crime
Several tort and intellectual property laws may be used
by businesses and individuals to recover damages
(money) for computer crime or to get a temporary
restraining order to stop undesired activity:
 Trespassing or Conversion
 Misappropriation of Trade Secrets
 Trademark, Copyright or Patent Infringement
 Defamation
 Fraud, interference with a contractual relationship,
etc.
Online Obscenity



Communications Decency Act (Reno I)
Child Online Protection Act (COPA) (Reno II)
 Not to be confused with the COPPA – the federal
Children’s Online Privacy Protection Act which is in
force (requires websites to get parental consent
before collecting personally identifying information
from children 13 or younger – see Federal Trade
Commission at www.ftc.gov for more information
about COPPA).
For regulation of online obscenity to be constitutional
under the First Amendment, the law may not be
overbroad – in other words it must be narrowly tailored
not to prohibit or unduly restrict adult access to First
Amendment protected speech and expression in the
form of non-obscene sexual material.
E-Commerce Law: Contracts



When is a contract entered online
enforceable by the parties?
What law applies to contracts entered online?
What law applies to contracts about computer
information that may or may not be entered
online?
Shrink-wrap Contracts

When is a shrink-wrap contract formed?



Elements of a contract: offer, acceptance,
consideration, legality.
Where is the agreement required to enforce a
contract?
Courts have found that an enforceable
Shrink-wrap contract is formed after the
buyer opens the box and has an opportunity
to read the terms. S/he can read the terms
and refuse to accept by returning the
software.
Definition of an E-Contract

A contract that is entered into in
cyberspace and is evidenced only by
electronic impulses (such as those in a
computer’s memory), rather than, for
example, a typewritten or handwritten
form.
Are Clickwrap Contracts
Enforceable?


Clickwrap contracts are the Internet
equivalent of shrinkwrap contracts:
standard form contracts, the
online/purchaser generally clicks “I agree”
to the terms.
Courts have generally held clickwrap
contracts are enforceable under common
law theories or the UCC-2 (Sales of
Goods).
Hotmail v. Van$ Money Pie, Inc.

Court held Hotmail was entitled to an
injunction against defendant spammer in a
breach of contract & fraud lawsuit related to a
free e-mail account.

The spammer (Van$ Money Pie) implicitly agreed
to terms and conditions of hotmail account which
prohibited spamming by clicking “I agree” when
applying for the account online.
Bottom-line on E-contracts



Many courts find e-contracts enforceable under
existing contract laws, drawing on common-law
contract theories or the Uniform Commercial Code
for Sale of Goods.
But before E-sign and UETA, there was still
significant risk that e-contracts would not be
enforced by the courts.
E-Sign (federal law) and UETA (as adopted by
individual states) remove the doubt that e-contracts
are enforceable and e-documents are valid but only
if the contract or document is otherwise valid.
What E-Sign Does



E-Sign is a federal law that makes e-signatures
and e-transactions as enforceable as if they
were not electronic (i.e. acts as a statute of
frauds).
It also provides consumer protections in many
situations: e.g. written notice to consumer
before their electric power or health insurance is
cut off is still required – e-mail won’t do.
When a state adopts UETA, E-sign is no longer
applicable to the extent UETA applies.
What UETA Does

UETA is a state law that acts as a statute of frauds
for e-contracts




Electronic signatures and records are equivalent to
“writings” in a legal sense -- E-signatures and Etransactions are not unenforceable simply because there is
no “writing”.
But it does not make e-contracts enforceable if they would
not be so under other laws like the common law of contract
or UCC2 (Uniform Commercial Code, Sales).
Reasons an e-contract might be otherwise unenforceable:
no agreement, no consideration, unconscionable, induced
by fraud, etc.
UETA leaves it up to the parties to decide whether to
use e-commerce.
Why Was UCITA Proposed?


Because contracts for computer information do not fit
neatly within the existing law on enforceability of
contracts.
This is especially true when a court tries to apply the
Uniform Commercial Code for Sales.


Why? Because contracts for computer information like software often involve
licenses to use information, rather than sale of the computer information.
And because the requirements for an enforceable
contract under the common law of contracts are
stiffer on the element of “agreement.”

For example, under common law, a court may find there is no agreement
when a computer agent enters a contract rather than a real person.
Scope of UCITA



Definition of Computer Information: “Information in
electronic form obtained from or through use of a
computer, or that is in digital or an equivalent form
capable of being processed by a computer.”
Examples: Contracts to license or purchase software,
contracts to create a computer program, contracts for
computer games, contracts for online access to
databases, contracts to distribute information on the
Internet, “diskettes” containing computer programs,
online books.
Status: UCITA has been enacted in only a few states.
Its drafter has withdrawn its recommendation for states
to adopt UCITA. Revision of UCITA is likely and there is
a good chance it will become law!!!
Special Concerns Related to
UCITA




Electronic Self Help (Sections 605, 815, 816)
Attribution in an e-contract (Sections 212-214)
Oral contracts vs. “Record” of contract (electronic
“memorandum” or traditional writing) of a contract
sufficient to satisfy the statute of frauds: $5000 rule
(Section 201)
Express Warranties & Implied Warranties in
contracts to sell or license computer information
(content & compatibility of the computer systems)
(Sections 401-409)
Identifying Potential Costs of ECommerce
E-Commerce businesses face increased risk of
litigation costs if they have business facilities in only
a few states, yet have interactive websites that are
available nationally. (Recent cases apply the Zippo
Mfg. Co. v. Zippo Dot Com continuum of interactivity
test to e-recruiting Web sites.)

Whether a court in a particular state (federal or state courts
are in all states) will find it has in personam jurisdiction over
these businesses depends in part on whether the business
uses interactive, as opposed to passive, Web technology for
e-recruiting.
The Zippo “Sliding Scale Test” for
Personal Jurisdiction Over NonResident Website Operators
No
Jurisdiction
Passive
Site
Maybe…
Middle
Spectrum
Site
Yes
Jurisdiction
Highly
Interactive
Site
When Having a Website is a
Jurisdictional Hook – E-recruiting
Example
Company-provided websites are increasingly
being used to recruit new employees. This is
called e-recruiting, using the Internet to
recruit new employees.
 Advantage: E-recruiting uses the power of
information technology to attract new
employees
 Disadvantage: Are there additional legal risks
of using this new technology?
What Does It Mean for an ERecruiting Web Site to be
“Interactive”?
Defined in Study as a Web Site that enables the Web
site use to apply for a job online, including Web sites
with the following features:
 Enables applicants to complete a job application or
submit a resume online.
 Enables applicants to generate an email message to
the employer on the employer’s Web site or using
an email address provided on the Web site that
may include a resume.
Example of E-Recruiting


JELD-WEN, inc. has a graphically interesting,
informative e-recruiting http://www.jeldwen.com/about/index.cfm [click: employment].
Markets the company and the community to potential
new employees:
 Advertises current job openings
 Provides a quick picture of job requirements
 Enables user to e-mail or fax a resume and cover
letter.
 Provides a link to its college recruiting site –
applicants may apply online [JW Careers and JW
Interns].
Recent Cases- In Personam
Jurisdiction Found
Tech Heads v. Desktop, 105 F. Supp.2d 1142 (D. Or. 2000).
 Defendant employer, an e-recruiter located in Virginia,
must defend a trademark infringement lawsuit in Oregon.
 Defendant employer maintained an interactive erecruiting Web site that was used by an Oregon resident
to submit a résumé (Middle-spectrum Web site).
 Defendant successfully argued the interactivity of the site
plus the transaction with an Oregon resident was
sufficient for IPJ over the Virginia company.
Recent Cases--No In Personam
Jurisdiction
American Information Corp. v American Infometrics,
Inc., 139 F. Supp.2d 696 (D. Md. 2001).
 California business with a middle spectrum erecruiting Web site successfully escaped litigating a
trademark infringement lawsuit in Maryland where
the plaintiff filed the lawsuit.
 Defendant e-recruiter maintained a middle spectrum
Web site with interactive features that allowed users
to submit a résumé online, but plaintiff was unable to
show that a Maryland resident had accessed the
site to do so.
Trademarks and the Internet




Registration of domain names
Domain names and trademarks
Cybersquatting
ICANN’s Uniform Domain Name Dispute
Resolution Policy
Trademarks and Related Property


A trademark is a distinctive mark, motto, device, or
implement that a manufacturer stamps, prints or
otherwise affixes to the goods it produces so that
they may be identified on the market and their origin
vouched for.
Generic marks are not protected by trademark law
because they are not distinctive. Phrase “You have
Mail” is generic, because mail means email and
does not refer to the email provider (AOL v. AT&T
case).
Federal Trademark Law:
The Lanham Trademark Act of 1946, Amended By
the Federal Trademark Dilution Act of 1995.


The owner of the trademark has the right to
prevent others from using the mark or a
substantially similar mark if it: 1) would
confuse customers about the source of the
product or, 2) if the owner has a famous
mark, and it would “dilute” the value.
Why register a trademark if “use” creates
right? Notice
Trademark Infringement – How
to Win This Type of Case


Infringement – trademark owner must prove
likelihood of confusion
Dilution – trademark owner must prove
tarnishment or blurring, but need not prove
likelihood of confusion
Microsoft
All the following would be confusingly similar to the
Microsoft mark and use of the mark would violate
trademark law:
 Mike Crow Soft (sounds same, looks different).
 Macrosoft (looks same, sounds different).
 TinySoft (means same, sounds and looks different).
 MI (fanciful use of the words and letters)
CRO
SOFT
(Source Elias, Trademark, Legal Care for Your Business & Product Name,
5th ed.)
Domain Name Disputes and U.S.
Trademark Law
Trademark:
Domain
Name:
a website
address:
http://www.mic
rosoft.com
the word
Microsoft
when used in
conjunction
with Microsoft
Company’s
products and
services.
Cybersquatting




A modern legal dispute: Cybersquatting takes place
when a person registers a domain name that
includes another company’s trademark.
ICANN oversees the Internet domain name system
and accredits companies to sell name registrations
in top level domains (.com, .net, .org, etc.).
Under ICANN registration agreement, the first
person to register a domain name “owns” the
domain name and takes responsibility for any
trademark or other legal disputes that relate to the
domain name.
There are other remedies for cybersquatting: sue
for trademark infringment and/or file a lawsuit
under the federal Anticybersquatting Consumer
Protection Act.
NFL vs. Bedford



Mr. Bedford, living in Sweden, establishes a Hockey
Fan website after registering the domain names:
www.nfl2003.com and www.nfl2004.com. The National
Football League owns the registered trademark NFL
and has registered the website www.nfl.org. The NFL
wants the fan site using its trademark to be transferred
to the NFL or shut down, so it files a complaint with
WIPO to demand ODR to resolve the dispute.
An arbitrator appointed by an ICANN approved ODR
provider will decide and issue a written opinion.
Who should win? Is the fan site unlawful trademark
infringement? Do fans have a “fair use” right to
establish web sites using registered trademarks in the
domain name?
Online Dispute Resolution (ODR)




ODR is used to resolve disputes about ownership of
domain names and other cyberspace disputes.
For example, the person who registers a domain
name agrees to ODR under ICANN’s (Internet
Corporation for Assigned Names and Numbers)
Uniform Dispute Resolution Policy.
ICANN provides Rules for ODR of domain name
disputes.
An approved ODR provider will appoint an arbitrator
to decide the dispute, for example: the World
Intellectual Property Organization’s Arbitration and
Mediation Center.
The Digital Millennium
Copyright Act (DMCA)



The DMCA creates civil and criminal
prohibitions against tampering with copy
protection, breaking encryption, etc.
The DMCA does not add new exclusive
rights to the rights of copyright owners.
The DMCA applies to a variety of digital
works.
Types of
Copyrightable Works
Literary works
(computer code
including source and
object code; text on a
website)
Pictorials, graphics,
and sculptures
(design of a website,
graphics on a
computer game)
Musical works (the
lyrics of popular
music)
Motion pictures and
A/V works (digital
movies)
Dramatic works
Sound recordings
(digital music)
Pantomimes and
choreography
Architectural works
(building blue prints)
Let’s Provisions
Major
Let’s
Discuss
Discuss
of the DMCA
Anti-circumvention rules (prohibits
enabling cracking encryption codes)
Anti-circumvention exceptions
(includes copying for maintaining or
repairing a computer)
Copyright management information
(makes it illegal to delete “© King.”
Safe harbors for ISPs (generous
protections from liability)
Other Cyberlaw Issues…




Data mining and other privacy issues related to the
privacy of personal information including that of
consumers.
Online trade secret theft.
When online offers to sell interests in businesses,
including stock, may violate federal and state
securities laws.
Business method patents for online business models
that may give the owner of the patent a 20 year
exclusive right to use an online selling method that
has been patented (Amazon.com’s “one-click”
check-out process to purchase an item on its site – is
it patentable? Can Barnes And Noble use a similar
check out process on its site?)