United States: Non-Copyright Liability for Web Copying

Since the 1991 decision of the U.S. Supreme Court in Feist, it has been clear that facts themselves cannot be protected under copyright law, no matter how much effort or expense was expended to collect and compile them. The Web, of course, is full of facts, such as concert dates, the prices of items on eBay, individual names and addresses etc., and these facts can often have substantial commercial value. The Web has also given rise to new, automated methods of retrieving and copying facts on a large scale, variously known as bots, crawlers and spiders, and new technical means of protection. In the face of these developments the law has evolved as well, often modifying and expanding traditional causes of action in an attempt to address the copying of uncopyrightable Web material for commercial purposes. This article will survey four of these emerging legal theories, describing their origins as well as their present applications in the Web context, and will highlight several recent court decisions which will likely be important for the future.

I. BREACH OF CONTRACT

Perhaps the most direct way a Web proprietor can protect its factual information is simply to require its users to agree not to copy it. Legally, there are two potential problems with this approach: preemption under §301 of the Copyright Act and enforceability under state contract law. In ProCD v. Zeidenberg, 86 F.3d 1447 (7th Cir. 1996), the Seventh Circuit resolved both of these issues in favor of enforceability, finding that a shrink-wrap "license" packaged with a CD-ROM telephone directory was valid, and that copying and redistribution of the contents in violation of the license was an actionable breach. The defendant purchased plaintiff's CD-ROM and posted the data to his own database, where he charged users an access fee. By the express terms of the shrink-wrap agreement, plaintiff's data was sold for individual consumer use only, and not for commercial resale.

As to preemption Zeidenberg concluded, in extremely broad terms, that because the shrink-wrap agreement only governed the two parties and did not create rights against the world, it was not "equivalent" to copyright protection and thus did not run afoul of §301. If someone simply found the plaintiff's CD-ROM in the street, the court hypothesized, they would not be bound by the license agreement and could do as they chose with the data, therefore the plaintiff's rights under contract were qualitatively different than rights under copyright. As to enforceability, Zeidenberg reversed the district court to find that the shrink-wrap license was a valid and enforceable contract under Wisconsin law. Because the purchaser had to manifest assent to the terms by taking an affirmative act (opening the package), and had an opportunity to return the product for a refund if the terms were unacceptable, a valid and enforceable contract was formed.

Since Zeidenberg, several other courts have extended the analysis to the on-line environment, generally holding that such agreements can survive preemption, but also requiring that the defendant make a clear, affirmative manifestation of assent in order to form a binding contract. Thus, in Caspi v. The Microsoft Network LLC, 323 N.J. Super. 118 (N.J. App. Div. 1999), a forum selection clause in a Microsoft Network "click-wrap" agreement was held enforceable, as was a "query-wrap" agreement in Register.com v. Verio, Inc., 126 F. Supp. 2d 238 (S.D.N.Y. Dec. 2000) (upholding agreement which bound any user submitting query to plaintiff's site) (see also infra at IV). In Pollstar v. Gigmania Ltd., No. CIV-F-005671 REC SMS (E.D. Cal. Oct. 17, 2000), the Eastern District of California even allowed a contract claim to proceed based on a "browse wrap" agreement, where the user did nothing more than visit plaintiff's site.

Under similar circumstances, however, the Southern District of New York recently held in Specht v. Netscape Communications Corp., No. 00 Civ. 4871 (July 3, 2001) that Netscape's "browse wrap" agreement, represented by a single small box of text inviting the user to "please review and agree to the terms of the … license agreement before downloading or using the software," did not give rise to an enforceable contract, no matter what the agreement itself provided. Users were able to download the software in question without viewing the license terms, noted the court, and might not even be aware that a license agreement existed, since the "invitation" box appeared below the screen used to download the work. Further, the court found that downloading itself is hardly an unambiguous manifestation of assent. The primary purpose of downloading is to obtain a product, not to assent to an agreement. In contrast, clicking on an icon stating 'I assent' has no meaning or purpose other than to indicate such assent. Netscape's failure to require users … to indicate assent to its license as a precondition to downloading … is fatal to its argument that a contract has been formed.

Specht thus arguably sets a higher standard for enforceability than the Seventh Circuit did in Zeidenberg, where merely opening a package was sufficient to form a binding contract. Clearly, the degree to which a user makes an informed decision to accept the terms of a proffered license is crucial, and will vary with the facts of each particular case.

In two states, Maryland and Virginia, the whole question of when a binding contract is formed on-line has largely been subsumed under UCITA, a comprehensive UCC-like statute governing electronic commercial transactions in "information." The details of UCITA are far beyond the scope of this article, but suffice it to say that it will likely be many years before the conventional contract analysis of Zeidenberg and its progeny can be set aside. Therefore, an information owner seeking to protect on-line data by means of contract should carefully consider the lessons of Specht v. Netscape and see to it that all users affirmatively and unambiguously indicate agreement to any applicable license terms before gaining access to the protected data.

II. TRESPASS TO CHATTELS

If a prominent "I assent" button and strict license terms do not offer sufficient peace of mind for the protective data owner, the courts have recently recognized a more creative theory for protecting online information against use by competitors: the ancient common law doctrine of trespass to chattels. Defined as intentional and unauthorized interference with plaintiff's "possessory interest" in tangible personal property, such as a computer system accessible through the World Wide Web, the trespass theory has lately provided a basis for enjoining the use of "robot" web-searching technology to retrieve information from the popular eBay auction website, but failed to compel a similar result when competitors made automated copies of concert information from the Ticketmaster site. As with the contract cases above, eBay, Ticketmaster and the other cases below demonstrate that the trespass doctrine must be stretched somewhat to apply in the on-line context, and the courts differ as to how much stretching is warranted under the facts of a given case.

The renewed interest in the trespass to chattels theory did not begin with eBay and Ticketmaster. A 1996 California state court decision, Thrifty-Tel Inc. v. Bezenek, 46 Cal. App. 4th 1559 (1996) appears to have been the first to apply the doctrine to electronic communications, holding that defendant's unauthorized telephone signals "trespassed" on plaintiff's phone system. Thrifty-Tel was soon followed by a number of cases involving commercial "spamming," the sending of unsolicited mass email. In Compuserve Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015 (S.D. Oh. 1997), the harvesting of user addresses from plaintiff's system and spamming of plaintiff's customer's was enjoined as a trespass, with the court offering a particularly thorough discussion of the trespass doctrine. Similarly, the court in Hotmail Corp. v. Van$ Money Pie Inc., 47 U.S.P.Q.2d 1020 (N.D. Cal. 1998) used the trespass theory to enjoin defendant from maintaining an email "drop box" on plaintiff's server to facilitate spamming, and a Virginia district court in AOL, Inc. v. LCGM, Inc., 46 F. Supp. 2d 444 (E.D. Va. 1998) followed Compuserve to enjoin defendant from harvesting addresses and sending spam through plaintiff's system.

In eBay Inc. v. Bidder's Edge, Inc., No. C-99-21200 RMW (N.D. Cal. May 24, 2000), the trespass theory re-emerged as a weapon against so-called "data-mining," whereby the defendant's automated search program repeatedly visited the eBay site, and various other auction sites, to permit potential bidders to locate items without having to visit each site. Defendant's program visited the eBay site approximately 100,000 times per day, and continued doing so even after eBay terminated a temporary license arrangement and demanded that defendant stop using search robots. Further, eBay installed "robot exclusion headers" in its site to deter robot searching, and had a mandatory "click-through" agreement for all visitors which prohibited commercial use of information from the site. The defendant ignored these measures, and took steps to evade detection after being asked to desist.

• Discussing the likelihood of success on the merits, the court said eBay could probably not show "substantial interference" with its possessory interest in the site, but held that such a showing was not necessary. While a claim for conversion requires a "substantial interference," a mere "intermeddling" by defendant is sufficient to support the claim for trespass to chattel, according to California law. As to what constitutes an "intemeddling," however, the court was not entirely clear: "Although the court admits some uncertainty as to the precise level of possessory interference required to constitute an intermeddling, there does not appear to be any dispute that eBay can show that BE's conduct amounts to use of eBay's computer systems. Accordingly, eBay has made a strong showing that it is likely to prevail on the merits of its assertion that [defendant's] use of eBay's computer system was an unauthorized and intentional interference with eBay's possessory interest." (emphasis added).
• Given the novel factual setting, the lack of clarity in the court's formulation of the legal standard is unfortunate. In any event, the use at issue was significant enough for the court to perceive a real threat of irreparable harm. Defendant's 100,000 visits per day, comprising 1.1% to 1.5% of eBay's total load, "is appropriating eBay's property by using valuable bandwidth and capacity, and necessarily compromising eBay's ability to use that capacity for its own purposes." Thus, defendant's activities "diminished the quality or value of eBay's computer system" even though there was no physical damage to the site.
• The court also rejected the defendant's argument that the eBay site was "public," saying that it is instead eBay's personal property and only accessible to invitees under specific terms of use, which defendant violated. Under California law, the court noted, trespass exists where a defendant exceeds the scope of consent given by the owner, so even though the court did not decide the matter on contract grounds—and in its order, refused to bar the defendant from using information gathered manually from the eBay site—the violation of eBay's terms of use established a necessary element of the trespass claim, namely exceeding the scope of consent given to the invitee.

Finally, the Court rejected defendant's argument that the trespass claim was preempted by the Copyright Act. "[Plaintiff] asserts a right not to have [defendant] use its computer system without authorization. The right to exclude others from using physical personal property is not equivalent to any rights protected by copyright and therefore constitutes an extra element that makes trespass qualitatively different from a copyright infringement claim." As to preemption, however, the court noted by citation that another California district court had recently reached a contrary result in Ticketmaster Corp. v. Tickets.com, Inc., 54 U.S.P.Q.2d 1344 (C.D. Cal. 2000).

The Ticketmaster court later revisited the issue and joined eBay in finding no preemption of the trespass claim. Ticketmaster Corp. v. Tickets.com, Inc., 2000 U.S.Dist. LEXIS 12987 (Aug. 11, 2000). Unlike eBay, however, the Ticketmaster court ultimately determined that no injunction was warranted because plaintiff could not show a likelihood of success on the merits of its trespass claim.

In many ways, the facts in Ticketmaster parallel those in eBay. Defendant Tickets.com operates a website for selling entertainment and sports tickets. The site has a separate web page for each event, listing date, time, ticket price, and other factual information. If a user of the site wishes to purchase tickets for an event to which Tickets.com is not authorized to sell tickets, the site instructs the user to "buy this ticket from another on-line ticketing company" and provides a hypertext link to the website of the authorized broker for that event, namely plaintiff Ticketmaster. Upon clicking the link, the user is transferred directly to an internal "event" page of the Ticketmaster website, thus bypassing Ticketmaster's home page. Ticketmaster sued under various theories including trespass and copyright infringement, and the court identified three ways in which the defendant ostensibly copied original Ticketmaster works: (1) by electronically copying entire Ticketmaster event pages as the initial step in extracting the factual data about particular events, (2) by reprinting that factual data on the defendant's own event pages, and (3) by providing hyperlinks to Ticketmaster's event pages.

Tickets.com first moved to dismiss the copyright claim, but the court denied the motion. The second and third types of copying were not infringing, the court held, because the factual data copied from Ticketmaster was not copyrightable and mere hyperlinking did not result in a reproduction of Ticketmaster's pages. Ticketmaster's copyright claim was allowed to proceed, however, despite the court's forgiveness of hyperlinking, because of the allegation that defendant copied Ticketmaster's event pages into defendant's own computers "to facilitate extraction of the facts." "Where [defendant] is alleged to have copied is in the making of thousands of copies taken from Ticketmaster's internal web pages for the purpose of extracting factual data carried thereon." Further proceedings were held to determine whether this claim was sufficiently meritorious to warrant the entry of a preliminary injunction.

In its August 2000 decision, the court denied Ticketmaster's request for a preliminary injunction, both as to the copyright and trespass claims. Relying on Sony Corp. v. Connectix, the court held that the temporary copying of copyrighted Ticketmaster event pages, for the limited purpose of facilitating the extraction of unprotectable factual information from them, was a fair use of the Ticketmaster pages. The copied pages are "not used competitively," found the court, and although other methods of extracting the information clearly exist, Tickets.com's method is the "most efficient" and therefore should be permitted. The court cautioned that a different result might be reached after trial, "depend[ing] on the necessity of downloading the Ticketmaster electronic signals," but because Ticketmaster's odds of prevailing were rather low, in the court's estimation no preliminary injunction was warranted pending trial. The court also clarified that a theory of trespass to chattels might avail Ticketmaster, following the eBay decision, but "there is insufficient proof of its elements in this case to justify a preliminary injunction." The case is now on appeal to the Ninth Circuit.¹

Whatever the eventual fate of the trespass theory, it is ironic that intangible facts, circulating in the ethereal realm of cyberspace, may find their most effective protection in an ancient remedy designed to protect the "right to exclude others from using physical personal property." Cyber-visionary John Perry Barlow remarked in 1993 that intellectual property law was doomed because it governed tangible objects rather than information per se, "the bottles not the wine," to use his analogy; but as eBay demonstrates, the law can still be very useful for those who own the bottles.

III. "HOT NEWS" MISAPPROPRIATION

Arising from the 1918 U.S. Supreme Court decision in International News Service v. Associated Press, 248 U.S. 215, the common law doctrine of misappropriation lived a long and colorful life as an all-purpose legal theory for prohibiting the copying of uncopyrightable material. Wherever a commercial party sought to "reap where it had not sown," as I.N.S. did by publishing paraphrases of A.P.'s news flashes, the courts were glad to enjoin such activity, often rhetorically flogging defendants for "commercial immorality." Misappropriation was thrown into question by §301 of the 1976 Copyright Act, however, since in many cases it simply extended state-law protection to unprotectable material such as raw facts.

In 1997, the Second Circuit definitively held in Nat'l Basketball Assn. v. Motorola, Inc., 105 F.3d 841 (2d Cir. 1997) that the numerous "commercial immorality" cases were "no longer good law," and that a misappropriation claim for unauthorized sale of plaintiff's information could only escape preemption if five elements were established: (1) that the information was gathered at some cost to plaintiff, (2) that the information is time sensitive, (3) that defendant's use is free-riding at plaintiff's expense, (4) that plaintiff and defendant are direct competitors, and (5) that defendant's activity would "substantially threaten" plaintiff's incentive to continue collecting the information. In Motorola, the NBA's attempt to stop defendant from transmitting real-time basketball scores to pager subscribers was held preempted because defendant was not free-riding, but was instead engaged in a separate activity which required its own substantial investment.

In the on-line context, a "hot news" misappropriation claim was recently allowed to proceed in Pollstar v. Gigmania, supra, where plaintiff alleged that defendant's rival website copied rock concert information from plaintiff's site. If concert information can in fact be deemed time sensitive, and plaintiff did actually make some non-trivial investment in gathering the information, there might be a very real basis for imposing liability in such a case notwithstanding the result in Motorola. At the very least, a misappropriation claim can be a possible alternative basis for relief if a plaintiff does not have an effective "click-wrap" agreement in place (as in Specht v. Netscape) or the level of "possessory interference" is so low that a trespass claim would not succeed (as in Ticketmaster). Indeed, it seems to be the rule that cases in this area allege multiple cause of action, perhaps because the odds of success on any single theory are so difficult to predict. No one yet knows what a slam-dunk trespass or "hot news" claim looks like on the Web, nor is the uncertainty likely to diminish any time soon.

IV. COMPUTER FRAUD & ABUSE ACT

Drafted in 1984 chiefly to protect computerized financial and medical information, the Computer Fraud & Abuse Act, 18 U.S.C. §1030 ("CFAA"), recently has been dusted off to address new forms of alleged misconduct on the Web, such as the automated "harvesting" of factual information. In December, the U.S. District Court for the Southern District of New York in Register.com v. Verio Inc., supra, granted an injunction against such conduct, relying in part on the CFAA. If affirmed by the U.S. Court of Appeals for the Second Circuit, where an appeal is now pending, the Register.com case could give on-line businesses a powerful new way to protect their uncopyrightable information.

The CFAA provides that it is a crime to "intentionally access a computer without authorization or exceed authorized access, and thereby obtain … information from any protected computer if the conduct involved an interstate or foreign communication." 18 U.S.C. §1030(a)(2)(C). Under §1030(a)(5)(C), it is also a violation to "intentionally access a protected computer without authorization and as a result of such conduct cause damage." The statute then defines "protected computer" in a way that arguably encompasses every device on the Internet, and defines "damage" as "any impairment to the integrity or availability of data … that causes loss aggregating at least $5000 in value during any one-year period. " 18 U.S.C. §1030(e)(8)(A).

Finally, at §1030(g), the statute provides that "any person who suffers damage or loss by reason of a violation of this section may maintain a civil action … to obtain compensatory damages and injunctive relief or other equitable relief."

In the first several cases to raise the CFAA in the Web context, the courts found that online services were damaged under §1030 (a)(2)(C) when facilities or customer lists were used by third parties to propagate spam email transmissions. See Hotmail Corp. v. Van$ Money Pie Inc., supra; AOL Inc. v. LCGM Inc., supra.² In Register.com v. Verio Inc., however, the Southern District applied the statute more broadly, enjoining Verio from using robots to gather WHOIS information about Register.com's customers even though, as an ICANN-accredited domain name registrar, Register.com is obligated to maintain and provide this information to the public on request. All of the registrar's customer information did not have to be completely accessible to everyone, however; Register.com could charge up to $10,000 per year for bulk electronic access to its customer information. Moreover, the company maintained an "opt-in/opt-out" system whereby subscribers could request that their information not be made available to commercial users.

At the end of 1999, Verio Inc., a company that provides hosting and other Internet services, began to make daily robot copies of plaintiff's WHOIS information, which it used to identify potential customers. Without paying for a bulk-access license or respecting the "opt-in/opt-out" wishes of plaintiff's customers, defendant called, mailed and/or e-mailed plaintiff's customers within days after they registered with Register.com, occasionally making confusing representations about Verio's connection with Register.com. When the plaintiff sued, Verio initially consented to the court's temporary restraint of its robot searching and use of the plaintiff's WHOIS data to contact potential customers.

In granting the subsequent preliminary injunction, the court first determined that the robot searching itself did not violate plaintiff's terms of use because it was an automated collection of data, and not a use of the data to "enable high volume, automated electronic processes that apply to Register.com," as prohibited under the contract. The court further found however that both the collection and use of the information nevertheless qualified as actionable under the CFAA. In a particularly lengthy string of hypothetical consequences, the court concluded that the plaintiff suffered the requisite damage from the robot searching because such searching "has diminished server capacity, however slightly, and could diminish response time, which could impair the availability of data to clients … Moreover, … if the strain on Register.com's resources generated by robotic searches becomes large enough, it could cause Register.com's computer systems to malfunction or crash. Such a crash would satisfy … [the statutory] requirement that a plaintiff demonstrate $5000 in economic damages."

The court further found that, under 18 U.S.C. §1030(a)(2)(C), the defendant "exceeded authorized access" because the manner through which it obtained access to Register.com's customer information—the robotic-search method—was not authorized. The court effectively held that the CFAA precludes obtaining information by automated means that have not been authorized affirmatively, even if such collection does not violate any specific terms of use. The court went on to hold that, even if Verio's access were authorized, the company's use of the data for an improper purpose renders the access unauthorized ab initio. On-line businesses will no doubt be watching closely as the Second Circuit addresses these issues.

CONCLUSION

Although facts may be easier to steal on the Web than in printed form, they may also paradoxically be far more protectable. A printed white-pages telephone directory enjoys no meaningful copyright protection under Feist, but an on-line version of the same directory could conceivably be protected under at least three of the legal theories outlined above; an on-line listing of real-time stock prices might qualify for all four. As the world becomes increasingly wired, those who compile and sell information on the Web may find that the world after Feist is not such a bad place to do business after all.

This article appeared in the November/December 2001 issue of The Licensing Journal, pp. 9-13.

Robert W. Clarida is a partner at the New York firm of Cowan, Liebowitz & Latman.

© 2001 Cowan, Liebowitz & Latman, P.C.