is a question that I (and I would imagine many lawyers) get a lot.  Entrepreneurs obviously want to know whether a potential course of action they are thinking about taking will end up causing them to be sued - by a customer, by a competitor, or by anyone else.  And, unfortunately, this question is usually not conducive to a "Yes" or "No" answer.  Like many answers in the law (especially intellectual property law) in which little is black and white, the best answer we can often give is "it depends." 

The reason "it depends" is that we are trying to predict (because we certainly can’t control) the actions of a third party (and their lawyer). In our judicial system, anyone can sue anyone at any time for almost anything.  Doing so does not mean they will ultimately be successful, of course.  They might even lose on summary judgment, which basically means that a judge has decided there is no legal merit to their case even before a trial has occurred.  But the defendant will still have to get to at least that point, and getting there takes time and money.  Given that in the U.S. everyone pays their own lawyer (unless there is a statutory or contract provision stating otherwise), you can can expend significant resources vindicating yourself.  Which may make you feel like you have lost, even when you have won.  Whether or not a lawsuit is filed depends in part on the legal merits of the claims to be made, of course, but, unfortunately, it also depends on the motivations of the potential plaintiff, the financial resources they may have, and the advice that they are getting from their business colleagues and lawyers.  Some lawsuits are filed for little more reason than as a bullying tactic.

So, when asked to give my opinion on whether or not you will get sued, I always start with an explanation like I have above.  We can then get to the merits of the potential case, actions you may take to avoid a potential lawsuit (the focus of my law practice), and whether or not you are likely to prevail if you do get sued.  But the question of whether or not a lawsuit will be filed is one that cannot be definitively answered.  I understand that that is not a very satisfying answer for an entrepreneur but sometimes it is the best we can do.

The FTC recently updated the CAN-SPAM Act (stands for Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003) to clarify certain requirements that affect commercial emailers.  If you send commercial email, and especially if you have affiliates that potentially send commercial email, you will want to stay up to date on the requirements of CAN-SPAM.   The FTC clarified 4 basic topics: 

The first involves the "unsubscribe process" that has always been a part of the CAN-SPAM requirements (you must provide a valid and functioning unsubscribe method).  The new FTC rule now clearly states that you cannot charge a fee for the right to opt out (seems obvious), you can’t require someone to provide personally identifiable information as part of the unsubscribe process,  or to have to take multiple steps beyond sending a simple unsubscribe reply email or visiting one web page. 

The second issue involves the common situation where a commercial email is really coming "from" more than one party.  The clarification allows the designation of a single party as the "sender" for purposes of CAN-SPAM.  The single party must meet certain requirements, however (must meet the definition of sender under the Act, for example) and it is important to note that if the designated sender does not comply with the other requirements of the Act, the other parties involved in the email can still be held responsible for those violations. 

The third issue simply clarifies that the requirement of a valid physical address in the body of the commercial email may include an accurately registered P.O. Box or private mail box (doesn’t necessarily have to be a street address).  Obviously, the address must still be valid.

The fourth issue simply clarified that when the Act mentions "person" it also means corporations, LLC’s, and other valid legal entities (no hiding behind your corporate veil).

These updates and clarifications are very useful to legitimate emailers because it removes some of the doubt that existed previously.  Be sure to review your email practices from time to time to be sure you are in compliance with all of the requirements of CAN-SPAM.

Evan Brown over at InternetCases.com has a good overview of the recent happenings in a year old case against YouTube over whether YouTube deserves DMCA safe harbor protection from claims of copyright infringement.   As Evan describes, the Court found seven different requirements that a web site needs to meet to be able to claim safe harbor. 

Court interpretation like this are important.  Illumination of the requirements of the DMCA for web sites that allow users to upload content are necessary to better help us Internet attorneys advise these web sites on ways to minimize their legal exposure. 

As InfoWorld reports, two individuals were convicted a couple of days ago for sending out mass spam with pornographic images in them.  And, in what is being reported as a first, these individuals were convicted of criminal violations of the CAN-SPAM Act, which has normally been enforced through civil proceedings. They may have generated $2 million from these activities but I bet the thought of the potential thirty year sentences facing them make them wish they made a different choice. 

Just another reason why you want to be sure that you comply with CAN-SPAM requirements. And, of course, don’t include pornographic images in mass emails - the government (and most recipients) hates that…

Do I need to worry about complying with the Children’s Online Privacy Protection Act ("COPPA")?  It’s a question I get from time to time from website owners and is commonly misunderstood.  The COPPA was enacted to protect the privacy and personal information of children, those under the age of 13, online. 

The initial analysis of whether you have to consider the COPPA with your website is an analysis of your website itself.  The COPPA applies to operators of websites in two major instances:

1. when the website is directed to children (or partially directed to children).  I would guess most people know whether their site is directed or targeted to children but if you don’t, look at the site - does it have cartoons? animation?  is the subject matter such that children would be interested in it? are ads on the site directed towards children? If the answer is "Yes," you need to comply with the COPPA.
2. when you know that you are collecting information from children.  If you do, you need to comply with the COPPA.

If you answered "no" to the questions above, you still may want to restrict access to your site, in your terms of use agreement and privacy policy, to those over the age of 13 (or 18 or above if you have no interest in serving kids). Or, to play it safe, you may choose to comply with the COPPA requirements anyway.

If you answered "yes" or think there is a chance you might be subject to the COPPA, then you should take steps to comply with the specific rules of the COPPA.  There is a long list of what you must disclose, and how you must disclose it, to visitors of your site and what you may and may not do with the information but its not very complicated.  You can find a handy checklist at COPPA.org to help you navigate the requirements.

If you want a review of your privacy policy or website for potential COPPA implications, I provide that as part of my website audit process .  If you would like to discuss this, please contact me for more information.

I don’t usually write about spam business opportunities that float around the web, hoping that all of my readers would automatically be skeptical and realize they are scams intended to part you of your money. However, I feel compelled to address one type of spam that is circulating just because of the volumes of email that I have been receiving asking me “is this legitimate???”

The emails I’m talking about purport to come from many different places - China, the UK, Germany - but they all make the same type of offer. Basically, they want to offer you a job. An easy job. All you have to do is cash checks from their customers and send them the money (after taking a nice percentage for yourself, of course). They usually say you must transfer the money to them via Western Union because cashing checks drawn on U.S. banks is “too difficult” or “too expensive” or “impossible!”

The reality is that if you sign up for this “job,” you will receive checks, money orders, cashiers checks, etc that will look real. They’ll look so real that your bank will initially accept them for deposit. But they’re not real. They’re fake. Any when your bank submits them “up the line” to collect the money, they will quickly realize this and deduct the provisional credit, if any, from your bank account. Of course, by this time you will have wired the money to your “employer” and won’t have any chance of getting that money back. You - not the bank, not the fake employer - will be left holding the loss.

This is one of those “if it’s too good to be true…” opportunities that you should just ignore and delete.

The DMCA, or Digital Millenium Copyright Act, is a law that, in part, protects websites from liability for claims that third party provided content infringes the rights of the content’s owner. Under the DMCA, a copyright owner can send a “take down notice” to a website hosting content that the copyright owner believes infringes its rights. In order to preserve its immunity under the DMCA, the hosting website must take specific actions, including taking down the content and notifying the party that provided the content of the take down demand. For an example, check out how Comcast handled it in one case.

Anyway, there has been criticism in the past that take down notices have been improperly used to have content removed that is not actually infringing. In my experience, most websites or web hosts would rather not spend the time intervening or reviewing the validity of the claims they receive, so they automatically remove the content when notified whether it’s a valid claim or not. For the sender of the take down notice, however, there are risks in sending a bogus take notice.

Viacom, the owner of Comedy Central, recently was on the receiving end of a complaint that a take down notice allegedly sent by Viacom to YouTube was a misue of the DMCA. Apparently, Viacom and EFF, the group that sued Viacom, have come to an agreement to withdraw the lawsuit and Viacom has admitted they goofed.

Before sending out a take down notice, take a hard look at your claim to be sure it would withstand a claim of fair or other proper use. Otherwise, the tables may be turned on you.

It’s Spring and the venue cases keep coming. I saw this recent decision involving the website DontDateHimGirl.com and a claim of defamation by someone featured on the website. The case was filed in state court in Pennsylvania although the site is run from Florida.

Without addressing the merits of the case, the judge dismissed it ruling that he did not have jurisdiction over the matter. I don’t have a copy of the decision so I don’t know how much of a factor it played in the judge’s decision, but it is interesting to note that the terms of use on DontDateHimGirl.com calls for exclusive venue in Miami, Florida for litigation of any disputes involving the site. Couldn’t have hurt, though…

A recent case (link opens in pdf), Feldman v. Google, Inc., involving Google and a claim of click fraud in the Google Adwords program provides an interesting view into the way a court considers the enforceability of “click wrap” agreements and, specifically, choice of law and venue provisions. “Click wrap” agreements are those online agreements you often must accept before downloading software or signing up for an online service (such as AdWords). Most, if not all, of those agreements provide for a location (venue) in which any disputes must be heard. The Google Adwords agreement specifices Santa Clara County, California, for example.

Google won this argument that the case, originally brought in Pennsylvania, should be transferred to California. If you have a click wrap agreement, you may want to read the Court’s analysis to see whether your agreement matches up to the enforceable one in this case.

If you send a lot of commercial email, it is obviously important that you comply with the Federal Can-Spam law but it may be less obvious that there are state laws that apply, too. I came across this site - http://www.spamlaws.com/state/index.shtml - that provides a good summary of state spam laws. It also has a worldwide listing of spam laws - http://www.spamlaws.com.

As you create your own compliance program for your company, this site is a good starting point for research…

The Court of Appeals of Maryland, the highest court in the state (and of which I am a member), will begin webcasting its oral arguments on Thursday, according to this article in the Baltimore Sun. While most cases would probably be too boring for most people to watch, this new accessibility will be nice to have for high profile cases such as the gay marriage case that is scheduled to be argued before the court on Dec. 4th.

The court plans on archiving these webcasts on its site. For appellate lawyers, this could be extremely helpful to see how the judges handle certain issues live. And it seems like there would be a valuable business in indexing these issues so that they could be found quickly… just an idea…

If you’re interested in the Court’s schedule, it can be found here.

CAN-SPAM is the federal law that punishes senders of spam that falsify their email headers, fail to identify the sender accurately, and engage in other bad acts that we all see on a regular basis in our in-boxes. The 4th Circuit Court of Appeals issued an interesting decision on November 17th that discusses the relationship of the federal act and state acts covering spam as well as the meaning of “material” in the Can-SPAM Act. The case is Omega World Travel v. Mummagraphics.

The Court has an informative discussion of why the CAN-SPAM Act necessarily preempts state anti-spam laws. And it has an equally informative discussion of what the terms “material falsity” and “materially misleading” mean when analyzing a commercial email, finding in the end that when there are numerous accurate contact pieces in the email in question with a working opt-out mechanism, small and inadvertent inaccuracies are not enough to support a claim of violation of CAN-SPAM.

This case is an interesting read for anyone concerned about commercial emails and the potential for liability for messages sent. While businesses that send commercial emails should understand the law and work hard to comply with all of the requirements, it is nice to know that a simple mistake will not always result in a large liability (although the attorneys fees for handling all of this litigation surely was not cheap…)

For a very thorough review of this case, check out the blog Spam Note’s post covering the decision.

Are you hiring a web developer or website designer to get your new internet business started? If you are, then I have the following piece of advice for you to avoid problems that I see on a regular basis: register your domain yourself.

Often, web developers or Internet site designers will offer to register your desired domain name for you as part of their package of services. Two problems arise from this: (1) the designer may register the domain in his or her own name (so you don’t own it) and (2) if they register the domain in your name, you may not have the access information (username and password) to manage the domain (so effectively you can’t control it). In the event that during the design process you have a dispute with your developer, you are now in a bind because you potentially have a fight over control of the domain.

So, my advice is to register your own domain. It’s easy to do and only takes a few minutes. If it’s too late, then immediately make sure you have the username and password for the registrar (and change them if the developer has the same information). This can help you avoid big (and, ufortunately, common) problems in the future.

This post on the blog Techcrunch discusses a cease and desist letter that was delivered to the blog owner by an attorney for YouTube.com. If you have never been on the receiving end of a cease and desist letter from a large Silicon Valley law firm, you can check out the actual letter after the blog post.

The C&D letter covers both trademark law issues and website terms and conditions contractual issues. As the blog author states, the terms and conditions on the website may have been different when he initially reviewed them and may be changed now (which most good T&C’s allow a site owner to do, with continued use after the change signifiying acceptance). However, my quick read through the current YouTube T&C’s shows a lot of inconsistent provisions, which is usually seen in user agreements that are prepared by someone other than an attorney…

Most of you probably know that Google’s Adwords program operates off of keywords that are selected by the advertiser to trigger the display of the advertiser’s ads. Some of these keywords can be the trademark of a competitor. Obviously, companies whose trademarks are used in keywords by their competitors aren’t too happy with Google allowing this practice.

Recently, a federal court in New York dismissed a case against Google brought by Rescuecom in which Rescuecom claimed that Google’s sale of Rescuecom trademarks as keywords to its competitors amounted to trademark infringement. The judge held that it was not infringement because the use of the trademark was not “visible to the public.” The entire decision can be found here.

This is still a fairly unsettled issue and courts have decided differently around the country (when Google hasn’t privately settled the cases, like it did with Geico here in Virginia). This is obviously a big issue for Google’s business model and worth keeping an eye on as other cases proceed around the U.S. and around the world.

Many Internet entrepreneurs launching their new, commercial websites don’t spend much time thinking about the importance of their posted privacy policy. Many simply copy the policy of another site, without giving a thought to the significant risks involved in promising something they can’t or won’t deliver. And most probably feel like any complaints would come from a user, which could probably be dealt with amicably.
A recent case I came across demonstrates the risk of not fully appreciating a policy and points out other potential complainants, some of whom may have an ulterior motive. A lawsuit filed in Oregon by CollegeNET againsts its competitor, XAP Corp., is working its way through the U.S. District Court for the District of Oregon. Both CollegeNET, Inc. and XAP Corp. provide college-bound students with the ability to file college applications online. Neither charges students a fee for providing this service. However, these companies generate revenue differently. CollegeNET earns its money through fees it collects from colleges. XAP earns its money from selling personal data about prospective college students to banks and other financial institutions seeking to compete for the student’s loan business. This difference in revenue models is the root of the lawsuit.

CollegeNET is suing XAP Corp. for violating the XAP Corp. posted privacy policy which has the typical “we will not disclose your confidential information without your express consent” in it. Apparently CollegeNET feels that XAP Corp. doesn’t follow its own policy and that these violations give XAP Corp. an unfair advantage in the college application market. In reply, XAP Corp. argues that its question to its users (”"Are you interested in receiving information about student loans or financial aid?”) allows it to sell the information of those users that answer “yes.” A court will eventually decide whether that is enough to properly inform users of what may happen to their personal information.

My advice - check your privacy policy and make sure it clearly fits with your practices (now and planned for the future). You never know who may be reading it closely and who may have an ulterior motive for calling you on it.