Cyberspace Legal Topics
by Eric Goldman
Derivative Liability for Speaker/Publisher Claims (47 USC 230(c))
What is an “interactive computer service”? Does it include a website? A provider of email list services? An email list moderator? Who is covered as a “user” of interactive computer services?
What are “speaker/publisher” claims? How will inaccurate/harmful information claims be treated? Hot news or other misappropriation claims? Rights of publicity/privacy claims?
Did Congress really intend to preempt derivative liability under state laws regarding obscenity and child pornography?
What is covered by the words “provided by”? Who is the provider when the work is done by an independent contractor under the direction of the I.C.S.? Can a web publisher take responsibility for third party content through excessive editing? Is this a way to introduce vicarious liability through an agency doctrine?
Did Congress really intend to give newspaper publishers differential protection for content they simultaneously publish in their dead trees paper and in their online equivalent?
Derivative Liability for Copyright Infringement (DMCA)
Does 17 USC 512(c) offer any meaningful protection for websites? Is a website a “service provider” under the statute?
Does 17 USC 512(c) offer any protection for the sale of infringing items that were sold via website listings?
What do the words “at the direction of a user” mean in 17 USC 512(c)?
Under what theories could 17 USC 512(d) apply? Is there any viable theory that a website could have been *directly* liable for copyright infringement by linking?
Will the notice provisions of 17 USC 512(c) prove to be the standard whether a website received sufficient notice for purposes of a common law contributory infringement claim? Or will something lesser be sufficient to give notice for the contributory infringement claim?
What constitutes direct financial benefit for purposes of vicarious copyright infringement? Delivering banner ads in connection with infringing files? Taking a commission on the sale of infringing items? Charging a fixed-rate subscription fee?
What constitutes “right and ability to control” for purposes of vicarious copyright infringement? A provision saying that the website can users off for any reason contribute (Fonovisa)? An indemnity from the user (see Stratton Oakmont)? A software routine that prescreens for verboten words? Moving/terminating off-topic postings? Removal of illegal/tortious postings? Can a website ever be deemed, for purposes of vicarious infringement, to have the right and ability to control a third party site it links to?
What constitutes sufficient knowledge for purpose of contributory trademark infringement? How will these notices differ from the standards of 17 USC 512(c)?
Can a website be derivatively liable if a user picks a third party’s trademark as their registered user name?
Can a web host be liable for helping a client register an infringing domain name?
Should registrars be derivatively liable for infringing domain names? Does it matter if registrars “knows” the content of the website? Does it matter if a registrar is given a general demand not to register a domain name substantially similar to a particular trademark expression?
Under what theory could a website be liable for content at the terminus of a link?
Are anonymous/pseudonymous remailers liable for material sent through their system?
Can a party be liable for tortious content that resides in their proxy cache?
To what extent should a Usenet operator be liable for the contents of a Usenet feed?
To what extent should a Usenet operator be liable for infringement if the newsgroup name contains a third party trademark?
Should the standards for evaluating whether a statement is defamatory be different in online publications than elsewhere?
Should the right of reply replace defamation suits?
What is a public figure online? Can a person rise to the level of a public figure in a particular venue by being a frequent contributor in that venue?
Is an entity that prepares a filtering database liable for defamation for mischaracterizing a site?
Is an entity that incorrectly places a company on the list of known rogue spammers liable for defamation?
Is linking to a file copyright infringement? Does it matter if the file is in-lined?
Is deep linking actionable? On what basis?
Is linking trespass? What if the linked site says that links are not welcome? What if the linked site uses technology controls to prevent linking?
Is framing copyright infringement? Does a frame create a derivative work?
Is framing a misappropriation? Of hot news?
Is framing a Lanham Act violation? Trademark infringement? Trademark dilution? Unfair competition?
Is using scripts copyright infringement? (Note that there may be multiple steps in the use of the robot: the initial accessing of the page, a distillation of content from the page, the incorporation of the distilled content into a database, and then the display of the database or portions of the database).
Is using scripts trespass? Does it matter if the site used robot exclusion headers? If the site had a terms and conditions page that said scripts were not welcome? If the site blocked the IP address the scripts initially came from? If the site sent an email to the robot operator telling them never to come back?
Is using scripts a violation of the Computer Fraud & Abuse Act?
Do scripts cause an actionable misappropriation?
Does stripping content from a web page violate 17 USC 1201/1202 by not carrying the copyright management information from the page?
What other issues arise from using a “shopping bot”?
Is web browsing infringement? Does it make a difference if the browser is an offline browser?
Is the archiving of postings to a mail list/newsgroup infringement?
Is permanent web archiving infringement?
Under what situations can a party be liable for proxy caching? (See 17 USC 512(b)) Local caching?
Must copyright owners deploy technology controls before bringing suit for browsing/linking/framing/caching/archiving? Does it make a difference if the technology controls are simple for the copyright owner to deploy?
Who (if anyone) owns a compilation copyright in message boards/mail lists?
How does one register the copyright for a website?
Is HTML code copyrightable?
Should the US adopt a moral rights doctrine? Has it already done so with 17 USC 1202?
Can fair use be established when it can be shown that the infringement also increased traffic to the infringed party?
What kinds of content license provisions should websites and ISPs put into their user agreements with their users?
What would the effect of an anti-database piracy law be on the growth of the Internet?
Does industry need sui generis database protection? Is there empirical evidence supporting or refuting this?
How can pricing information be protected from being used elsewhere (i.e., protected from the shopping bots)? Should it be protectable at all?
How can reputational statistics be protected from being used elsewhere? Should they be protectable at all?
Is there any legitimate way to systematically extract factual information from someone else’s website?
What is the effect of the EU Database Directive on US companies?
Does the use of a celebrity’s name in a metatag violate their right of publicity? In a domain name?
Does publishing a photo of a celebrity online violate their publicity/privacy rights? Does it matter what the photo’s subject matter is? Does it matter if the photo is published on a personal home page vs. a commercial site? Would a website’s delivery of banner ads over a celebrity photo make the website liable/derivatively liable for the publicity right misappropriation?
What are the key differences between ACPA and UDRP?
Is reserving a domain name (but never using it) a trademark infringement? A trademark dilution?
What are the parameters of the “Initial Interest Confusion” doctrine? (Brookfield)
When can a third party’s trademarks be used in metatags?
Is a domain name “property” for purposes of establishing a security interest? For purposes of suing in rem?
Should there be a difference under trademark law between .com and .net?
Will new TLDs solve the domain name crisis? Or does the dilution theory prevent new TLDs from helping at all? Will new TLDs merely increase the expenses for trademark owners?
What is a famous mark for purposes of dilution?
How does a company register domain names in all TLDs (including foreign TLDs)?
What issues arise in a domain name “sharing” or “leasing” agreement?
Are “XXX Sucks” sites infringement? Dilution?
Are parody sites infringement? Dilution?
Are fan sites infringement? Dilution? Misappropriation?
Should there be a mandatory non-judicial dispute resolution procedure for domain names? Who does this benefit?
Is selling a third party’s trademark as a “keyword” to deliver banner ads when a user searches on the keyword trademark infringement or dilution? Some other type of tort? Does it matter if the buyer is a competitor? If the buyer is a pornographer?
Can a trademark licensee who received a geographically limited trademark license ever use that trademark on the Internet?
Is there a cause of action for “trademark misuse”?
Is reverse domain name hijacking actionable? Should an ethical attorney participate in a reverse domain name hijack?
Who should win if a person registers his or her own personal name and then is sued by a trademark owner who has a trademark in that name?
Does a trademark licensee have an obligation to eliminate references to the trademark from indexes, links, etc. after the termination/expiration of the license?
Does a domain name confer a trademark-like status onto generic terms? Is a domain name an address, a mnemonic, a trademark, all of the above or none of the above—and does it matter?
How can the look and feel of websites be protected?
Do “tell a friend” features violate the anti-spam laws?
Can a website change outsourcers of its branded email service without violating the ECPA?
Can a website ever “sell/rent” its list of email addresses, or will the recipient who tries to use it run afoul of the anti-spam laws?
Under what circumstances will someone be liable for vending software used to facilitate spam?
Can a website ever “transfer the consent” it has received from a user to permit the transferee to send email to the user?
Can a website ever transfer its “existing business relationship” with a user to permit the transferee to send email to the user?
Do spam filters deployed by ISPs violate the ECPA? Must the ISP disclose that it is using the spam filter to avoid this liability?
Under what theories could the Realtime Blackhole List be liable for blacklisting a site?
To what extent will a federal anti-spam law preempt the state anti-spam laws?
Do state anti-spam laws violate the Commerce Clause?
When are clickthrough agreements binding and enforceable?
Where do they need to be positioned on the screen?
What should be done about entering into voidable contracts with minors?
Other impediments to proper contract formation (language, other incapacities, ease of bypassing agreement depending on site placement, contracts of adhesion, unilateral contracts, provisions that are void for public policy under local law)
In what situations can a legally binding action be taken using a process other than a clickthrough agreement?
Does exceeding the scope of a user agreement constitute a trespass? A violation of the Computer Fraud & Abuse Act?
What is the scope of the prohibition against online taxes based on the Internet Tax Freedom Act? What tax laws were grandfathered in? What will happen when this law expires?
When do foreign states’ sales tax laws apply to online transactions? Does the e-tailer have to collect taxes for states where the e-tailer uses a third party drop-shipper?
Is there a state whose laws are more favorable than other states for purposes of e-commerce?
What state consumer protection laws apply to e-commerce?
What is the effect of the EU Distance Selling Directive?
Do sellers in an online auction need to register under state auction laws?
How does one perfect a security interest in a “website”?
Does fixed-price Internet access pricing make sense? Are there viable alternatives, such as metered/per-packet pricing, congestion pricing and transfer pricing? Do they make more sense?
How does standard-setting differ in the Internet context from other standard-setting processes? Is there any way to prevent companies from manipulating the standards to benefit their commercial interests? Is there any legal liability incurred by those who set the standards?
Any antitrust issues in selectively blocking someone’s IP address?
Are export control laws a violation of First Amendment rights?
What constitutes good faith compliance with export control laws when selling software over the Internet (checking IP addressees, checking physical addresses, real time or post hoc check of the Table of Denial Orders and List of Specially Designated Nationals)?
Do co-branding agreements violate franchise law? Do affiliate or other referral agreements violate franchise law?
Does a domain name X.Y.com (where X and Y are each parties’ trademarks) constitute a combination mark? If so, how should the combination mark be allocated/managed? What happens to users who try to access the domain name post-termination?
Does the brander’s promotion of the provider’s site, if the provider is breaking the law, constitute an illegal promotion? How do the parties allocate responsibility for complying with the laws?
Does the brander need an indemnity for content on the provider’s site? If so, why?
If the brander has the right to force provider to take down user content, how does this affect the parties’ respective liability for user content?
What are standard service levels offered by providers?
Are there any legal or ethical rules in allocating Media Metrix “reach”?
Can an objectively-understandable category exclusivity be drafted?
Do affiliate programs violate anti-referral fee statutes?
What issues arise in running a contest or sweepstakes over the Internet?
Are online referral programs a sweepstakes? When does the element of chance creep into these programs?
What regulations apply to online loyalty “points” programs?
To what extent should a user’s use of a server confer personal jurisdiction in the jurisdiction where the server is located?
Does a website by itself ever confer general jurisdiction in a state?
How does the Zippo three-part standard get applied to e-commerce sites? Brochureware sites? Content publishing sites?
How does a website comply with all of the laws in the world? Or does it need to?
What should constitute “verifiable consent” from parents for purposes of authorizing their children to disclose personal information?
When does a website “know” it is dealing with a child?
Should US-only companies comply with the EU Data Protection Privacy directive? If so, how? What constitutes express consent? Must a US company register with an EU country if it is collecting personal information? Can U.S. companies receive “transborder” data flows?
Under what circumstances will a web-based file delivery system (such as the greeting cards delivered containing personal messages) violate the ECPA?
Can the government use information it obtained in violation of the ECPA? (Hambrick)
Does disclosing a user’s IP address in response to a government subpoena violate the ECPA?
What issues arise when a company surreptitiously uses a program that extract information from a user’s hard drive or browser software and communicate the information back to a central server?
Under what situations must an ISP or website report to the government that child porn-related activity is occurring on its network?
How can a company learn the identity of someone posting harmful material on a website? Should there be restrictions on when the company can “sue the Doe”? Should the website try to squash the resulting subpoena? Does the DMCA’s provision permitting disclosure of information about purported copyright infringers tip the balance too far in favor of disclosure?
Does a company need an Internet use policy with its employees? Can the company monitor its employee’s email without some sort of policy in place?
Under what circumstances can a user sue a web publisher for inaccurate or harmful information? Does liability vary with the substance of the information (e.g., health information vs. general information)? Is there a way for the web publisher to disclaim this liability?
How does the Computer Fraud and Abuse Act apply to license management software?
What constitutes online “harassment”? What constitutes online threats in a way that should be actionable?
Is the trespass to chattels doctrine too broad? (Hamidi case) What does it take to revoke any implied consent to trespass? What “self-help” steps, if any, must a plaintiff take before establishing standing to sue?
Can any state regulation of harmful to minor materials survive a First Amendment challenge?
Is online gambling legal for the gambling institution? Is it legal for the manufacturers of the gambling devices? Is it legal for the gambler? If a person pays a gambling site by credit card, can the person refuse to pay the credit card bill, and is the credit card company stuck?
Is running advertisements for gambling websites illegal?
Who should bear the costs of truly anonymous activities?
Is cyberspace its own community? Are there multiple online-only communities in cyberspace?
Should the definition of “reasonable person” be adjusted for the cyberspace community?
What liability should attach for releasing cancelbots?
Should we recognize real property-like interests in user accounts (i.e., quiet enjoyment, rights after termination)
Do physical space laws apply in MOOs and MUDs? (Punishment for virtual rape)
Does using unencrypted email for attorney/client communication blow the privilege?
Under what circumstances can a website create an attorney/client privilege? If there is a chat room? If there is a message board? If the firm’s attorneys participate in either? If the user can customize the site in some manner? If there is the ability to email attorneys directly?
Does a law firm encounter any increased liability for framing third party content?
What issues are raised by third party websites that help litigants settle their disputes?
Does the public forum doctrine create a right of access against private online entities?
Can government employees be restricted from accessing pornography from their desktop?
Does a library’s use of filtering software violate the First Amendment?
Do University Internet/Computer use policies violate the First Amendment?
Should government employees cookies, history files or caches be subject to the Freedom of Information Act?
Are digital signatures “goods” under UCC Article 2 or are they services? Does it matter?
What are a CA’s duties to verify the accuracy of data contained in an application for a certificate?
What are a CA’s duties in establishing a trustworthy system (e.g., security from intrusion and misuse; levels of availability, reliability and correct operation; performance of intended functions; adherence to generally accepted security principles).
What are a CA’s duties in hiring and retaining personnel?
What are a CA’s duties in keeping and maintaining records?
What are a CA’s duties to act on instructions from the subscriber to suspend or revoke a certificate? Other than at the request of a subscriber?
What are a CA’s duties to maintain the privacy of information submitted by subscribers? The privacy of transactional information?
What are a CA’s duties if it ceases activities?
Under what circumstances should a CA be liable for negligence or negligent misrepresentation in issuing a certificate? If its key is compromised and fake certificates are issued? If its security is breached and private keys issued by the CA are compromised? For errors or delays in suspending or revoking certificates? For wrongful suspension or revocation of a certificate? Under what circumstances should a CA be able to disclaim warranties, limit liability and exclude damages?
What duties should a digital signature subscriber have?
What presumptions should arise when a party uses a digital signature?
Should a digital signature satisfy writings and signature requirements?
Under what circumstances should the government be entitled to force users to disclose their private keys?
This document was last revised January 21, 2001.