Topic: Legal

Legal side of Reputation Management

Social Networking Site Isn’t Liable for User’s Overdose of Drugs He Bought Via the Site–Dyroff v. Ultimate Software 0

[It’s impossible to blog about Section 230 without reminding you that it remains highly imperiled.]

This opinion is a contender for the most interesting Section 230 ruling of 2017. It deals with the troubling situation of user-to-user online drug sales; it discusses the thorny language of what it means to “develop in part” content; it decisively rejects the latest anti-Section 230 theory that data mining and targeted content recommendations somehow foreclose the immunity; it emphatically rejects a “failure to warn” workaround to Section 230; and the judge embraces Internet exceptionalism. My apologies for the length of this blog post, but there is a lot to unpack in this opinion. If you’re a Section 230 enthusiast, this case deserves your careful attention.


This case relates to a now-defunct service called “Experience Project,” run by Ultimate Software. The service allowed users to share their first-hand experiences anonymously “with the least amount of inhibition possible. The greater the anonymity, the more ‘honest’ the post….” The experiences were topically threaded, so a user could create an “I love heroin” thread and other users could post messages in the thread. As of May 2016, it had over 67 million “experiences shared.”

The victim, Wesley Greer, became addicted to opioids after suffering a knee injury. (These facts are recited by the court based on the complaint). He went to rehab 5 times. In August 2015, he searched Google to find heroin, and the search results led him to the Experience Project. He paid money to buy the right to post on the site, then posted to a group “where can i score heroin in jacksonville, fl.”

A dealer, under the username “Potheadjuice,” allegedly repeatedly offered to sell heroin in Experience Project groups such as “I love Heroin” and “heroin in Orlando.” Law enforcement knew about the dealer’s Project Experience activities. They arrested him twice in stings via the site. The dealer replied to Greer’s post, and the Experience Project emailed Greer a notification of the reply. Through communications on the site, Greer got the dealer’s phone number. They met in person, and Greer bought fentanyl-laced heroin. Greer died the next day due to fentanyl toxicity.

The plaintiff is Greer’s mom. The complaint alleges that the Experience Project:

(1) allowed its Experience Project users to anonymously traffic in illegal deadly narcotics;

(2) allowed users to create groups dedicated to the sale and use of such illegal narcotics;

(3) steered users to “additional” groups dedicated to the sale of such narcotics (through the use of its advanced data-mining algorithms to manipulate and funnel vulnerable individual users to harmful drug trafficking groups on Experience Project’s website);

(4) sent users emails and other push notifications of new posts in those groups related to the sale of deadly narcotics;

(5) allowed Experience Project users to remain active account holders despite (a) the users’ open drug trafficking on Experience Project’s website, (b) Ultimate Software’s knowledge of this (including knowledge acquired through its proprietary datamining technology, which allowed it to analyze and understand its users’ drug-trafficking posts) and (c) multiple law-enforcement actions against users related to their drug dealing on the Experience Project website;

(6) exhibited general and explicit antipathy towards law enforcement’s efforts to curb illegal activity on Experience Project’s website; and

(7) received numerous information requests, subpoenas, and warrants from law enforcement and should have known about drug trafficking on its site by its users, including — by the time of her son’s death — [the dealer’s] sales of fentanyl-laced heroin.

The Experience Project moved to dismiss the complaint on Section 230 grounds, except for the failure-to-warn claim, which it moved to dismiss on its elements. The court grants the entire motion to dismiss.

Section 230 Immunity

The court runs through the standard three-element test for Section 230:

Provider/User of an Interactive Computer Service. This was undisputed.

Publisher/Speaker Claims. The court’s discussion here is a little confusing, but the court says “courts have rejected plaintiffs’ attempts to plead around immunity by basing liability on a website’s tools” (cites to Gonzalez and Fields) before summarily concluding “Ms. Dyroff’s claims at their core seek liability for publishing third-party content.”

Based on Third Party Content. The plaintiff alleged the Experience Project developed the dealer’s content because “(1) its tools, design, and functionality abetted the content, at least in part, by recommending heroin-related discussions and steering Mr. Greer to [the dealer’s] posts; and (2) Ultimate Software is not merely a passive conduit for its users’ posts because it knew that Experience Project was an online market for drug dealers and users, and it shielded the bad actors through its anonymity policies and antipathy to law enforcement.”

The plaintiff continued that development occurs when the site “materially manipulates that content, including by passively directing its creation or by improperly using the content, after the fact.” [Huh? What does it mean to “passively direct” content creation, and how is that a “material manipulation” of the content? Doesn’t every UGC website do this? What does it mean to “improperly” use content? I’m not sure any of these allegations are grammatical, but I am sure none of it makes any sense.]

The plaintiff further explained that the Experience Project:

used “data mining” techniques and “machine learning” algorithms and tools to collect, analyze, and “learn[ ] the meaning and intent behind posts” in order to “recommend” and “steer” vulnerable users, like her son, to forums frequented by drug users and dealers. By identifying interested users and using its “recommendation functionality” to steer them to drug-related “groups” or “online communities,” Ultimate Software kept the users “engaged on the site” for Ultimate Software’s financial gain (through online ad revenues, gathering more valuable user data, and other means). This system — combined with Experience Project’s anonymous registration and its email-notification functionality that alerted users when groups received a new post or reply — “created an environment where vulnerable addicts were subjected to a feedback loop of continual entreaties to connect with drug dealers.”

None of these arguments work. The court responds flatly: “Ultimate Software is not an ‘information content provider’ merely because its content-neutral tools (such as its algorithms and push notifications) steer users to unlawful content.”

The court explains: “making recommendations to website users and alerting them to posts are ordinary, neutral functions of social-network websites” (citing, Gonzalez, Cohen and Fields). Furthermore, “it is the users’ voluntary inputs that create the content on Experience Project,” not the proprietary algorithms. So “even if a tool facilitates the expression of [harmful or unlawful] information, it is considered neutral so long as users ultimately determine what content to post, such that the tool merely provides a framework that could be utilized for proper or improper purposes” (cites to Goddard, Carafano, Klayman v. Zuckerberg). This “result holds even when a website collects information about users and classifies user characteristics.”

The court summarizes: “the Experience Project website’s alleged functionalities — including its user anonymity, algorithmic recommendations of related groups, and the ‘push’ email notification of posts and responses — are content-neutral tools.” Therefore, Section 230 protects the Experience Project from all of the plaintiff’s claims except the failure-to-warn claim.

Section 230 also applies despite allegations that: the Experience Project knew/should have known that users were selling drugs onsite; it shielded drug dealers from law enforcement (an allegation partially belied by the dealer’s repeated arrests due to onsite stings); and it had an onsite statement about the interaction between anonymity and law enforcement. The court says that the Experience Project’s “policy about anonymity may have allowed illegal conduct, and the neutral tools facilitated user communications, but these website functionalities do not ‘create’ or ‘develop’ information, even in part.”

Failure  to Warn

Two relatively recent Ninth Circuit rulings—Doe No. 14 v. Internet Brands (the ModelMayhem case) and Beckman v.—held that Section 230 didn’t immunize failure-to-warn claims. Those rulings were troublesome on multiple fronts. First, the “risk” that allegedly triggered an obligation to warn was third party content or actions—exactly what Section 230 should immunize. Second, it seemed unlikely that online services have any positive duty to warn their users of potential harms, so the failure-to-warn workaround meant plaintiffs would still lose, just after higher litigation costs for everyone. Third, it’s unclear how online services would satisfy any obligation to warn. Either they would use broad, general, and unenlightening warnings, or they may have to issue warnings every time they hear from law enforcement or a private citizen that a member has engaged in malfeasance online or off, which for a site like Facebook would result in many, many warnings per hour (and lots of potential defamation claims by the warned-about users).

Fortunately (?), between this ruling and the denouement in the ModelMayhem and Beckman cases, it’s emerging that the failure-to-warn claims against UGC sites in fact aren’t tenable, so indeed they impose extra costs for no extra benefit.

Lack of Special Relationship. The court summarizes the legal standard: The Experience Project “can be responsible for its nonfeasance (its failure to act) if (1) it had a special relationship with a third-party actor and thus had a duty to control that actor, or (2) it had a special relationship with Mr. Greer and thus owed him a duty to protect him. The plaintiff argues that like any business, Ultimate Software has a ‘special relationship’ with its customers that creates a duty to warn them of known risks.”

The court considers the ModelMayhem and Beckman cases on remand. I don’t believe I blogged either remand ruling, and my apologies for missing them. In both cases, the district courts on remand held that the online services didn’t have a special relationship with their customers and therefore no duty to warn. The court says the cases “support the conclusion that a website has no ‘special relationship’ with its users.”

The plaintiff argued that online services are the 21st century equivalent of offline businesses with physical premises, which owe a duty to invitees. The court rejects the offline analogy:

If the court followed this approach, it would render all social-network websites potentially liable whenever they connect their members by algorithm, merely because the member is a member. This makes no sense practically. Imposing a duty at best would result in a weak and ineffective general warning to all users. It also “likely [would] have a ‘chilling effect’ on the [I]nternet by opening the floodgates of litigation.” Also, the court is not convinced that a bricks-and-mortar business (such as a bar where people meet more obviously) is a good analogue to a social-network website that fosters connections online. For one, allocating risk is (in part) about foreseeability of harm and the burdens of allocating risk to the defendant or the plaintiff. Risk can be more apparent in the real world than in the virtual social-network world. That seems relevant here, when the claim is that a social-network website ought to perceive risks — through its automatic algorithms and other inputs —about a drug dealer on its site.

Even if Experience Project knew about the dealer’s onsite activities, the court says: “that knowledge does not create a special relationship absent dependency or detrimental reliance by its users, including Mr. Greer,” and the plaintiff didn’t allege that. The plaintiff will likely allege “dependency” and “detrimental reliance” in an amended complaint.

Malfeasance. The prior discussion dealt with the Experience Project’s “nonfeasance.” With respect to the Experience Project’s alleged malfeasance:

use of the neutral tools and functionalities on its website did not create a risk of harm that imposes an ordinary duty of care. A contrary holding would impose liability on a social-network website for using the ordinary tools of recommendations and alerts. The result does not change merely because Experience Project permitted anonymous users.

Assumption of Risk. The assumption of risk defense is unnecessary after the court’s held that the Experience Project has no duty to warn. The court nevertheless tries to discourage the plaintiff further:

If it were to reach the issue, it would likely hold that the doctrine operates as a complete bar to his claim because Mr. Greer — who initiated the contact with [the dealer] by his posts on Experience Project and then bought drugs from him — assumed the obviously dangerous risk of buying drugs from an anonymous Internet drug dealer.

The court’s dismissal is without prejudice, so the plaintiff will likely try again. However, I don’t see how the plaintiff can allege better facts to overcome Section 230. And even if the plaintiff alleges better facts on the failure-to-warn claim, the court’s skepticism about the assumption of risk suggests a win isn’t likely there either. Maybe the plaintiff will find more receptivity on appeal, but this well-constructed opinion will pose a major hurdle.


What Does It Mean to “Develop in Part” Content?

Section 230 defines an “information content provider” as anyone who “creates” or “develops” content “in whole or in part.” The develop-in-part language is vexing. What does it mean to “develop-in-part” content, especially as something different from “create-in-part”? We don’t know. Read literally, the statutory language could mean that any defendant that “developed” 0.1% (or less!) of allegedly tortious/criminal content should not get Section 230 protection. Because we aren’t sure what it means to “develop” content, this 0.1% standard potentially means that lots of defendants could unexpectedly find themselves without Section 230 immunity. Thus, the “develop-in-part” provision could be the bomb that blows up Section 230.

Since the statute’s passage, courts have had the ability to read “develop-in-part” quite broadly. However, until the case, we saw very little attention paid to this provision. The case raised the visibility of this drafting trap, but it hasn’t changed the results in most cases. That may be in part because the opinion indicates that the defendant loses Section 230 protection only if it “develops-in-part” the alleged illegality of the content. If it just developed-in-part other aspects of the content, but not the illegal part, arguably the opinion steers the case towards a defense ruling.

Sorta consistent with this line of reasoning, this case seems to treat content “neutrality” as a complete defense to allegations that the defendant “developed-in-part” the content. (More on “neutrality” below).

In the statutory debates over SESTA and the Wagner bill, some folks—including people I consider to be Friends of Section 230 (FOS230)—have been encouraging Congress and courts to pay more attention to the develop-in-part provision. Because of the powerful implications of “develop-in-part,” I think this is a dangerous idea. Inviting courts to interpret “develop-in-part” more broadly has a real risk of backfiring. Instead, I think rulings like this get it right.

“Data Mining” Doesn’t Defeat Section 230.

In the last year or so, I’ve seen a new anti-Section 230 argument swirling (e.g., 1-800-LAW-FIRM’s suits over social media sites allegedly providing material support to terrorists and works by Profs. Julie Cohen and Olivier Sylvain). The argument basically goes like this: Section 230 was enacted at a time when websites were dumb. As websites have gotten smarter, including collecting and analyzing user data and deploying personalization algorithms, Section 230 no longer protects them because the services are doing something Congress never expected. If this argument doesn’t make sense to you, it’s perhaps because I did a bad job retelling it; but more likely, it’s because the argument doesn’t make any sense at all.

The 1-800-LAW-FIRM complaints have teed up the data mining issue, but it hasn’t made a difference in those cases. Indeed, those opinions didn’t really engage with the argument. In contrast, this ruling squarely and unambiguously rejects it—in such a persuasive way that I expect other courts will follow it. This attempted Section 230 workaround has heated up quickly, but it will quickly and quietly fade away as soon as the next anti-Section 230 meme-fad emerges.

Success of “Neutrality” Defense.

The term “neutral” or a variant appears in the opinion 17 times. However, like the opinion that launched its usage in Section 230 jurisprudence, the court never defines “neutrality.” That omission is unsurprising because the “neutrality” construct is nonsensical. As I’ve explained repeatedly, online service and their tools are never neutral and are always biased. Even an attempt to be “balanced” is a form of bias. That means that any legal test predicated on a tool’s “neutrality” is stacked against defendants.

Not surprisingly, when courts have explored a defendant’s neutrality, it creates the preconditions for bad results. For example, in JS v. Village Voice, the court transmogrified the test to say “Backpage did more than simply maintain neutral policies prohibiting or limiting certain content.” Huh? “Neutral policies” are an oxymoron, so every online service would fail that legal standard.

In contrast, this case is a refreshingly defendant-favorable application of the “neutral tools” principle from Were the Experience Project’s tools “neutral”? Of course not. For example, the site was built on a normative bias in favor of anonymity, and that normative bias laid the foundation for mischief that contributed to Greer’s death. Still, the court held that its tools were neutral.

Perhaps “neutrality” in this context really means something more like “not biased toward illegal content or actions.” Reframing the “neutrality” doctrine to say that would actually improve the doctrine’s clarity quite a bit.

The “Failure to Warn” Exception to Section 230 Doesn’t Work.

The ModelMayhem case sparked a failure-to-warn boomlet of cases. As this ruling lays out clearly, online services don’t have an inherent “special relationship” with their customers, so they won’t have a duty to warn, and the Section 230 workaround doesn’t work. If the appellate courts affirm these rulings, as I expect they will, the failure-to-warn fad should wane.

Embrace of Internet Exceptionalism.

The court says “Risk can be more apparent in the real world than in the virtual social-network world.” There are many circumstances where this is true. A bartender can easily do a visual, aural and olfactory check of a customer’s sobriety. A retailer’s checkout clerk can easily do a visual inspection of a customer’s age and demand a form of ID in borderline cases.

But are there circumstances where the opposite is true? A drug dealer could peddle drugs in obscure corners of a Walmart premise where employees and security guards aren’t watching, whereas an online service could set up a dumb word filter for the word “heroin” (or all Schedule 1 drugs) that would automatically flag any heroin discussions taking place in the virtual premises.

Perhaps the court means that a dumb word filter lacks the context that might be apparent in physical space. The filter could flag the instances of the word “heroin,” but the exchange of messages won’t provide all of the context about whether a drug deal is about to go down (especially if the users exchange phone numbers and take the conversation beyond the online service’s premises). And, of course, dumb word filters are easily circumvented with codewords, new slang and deliberate misspellings, while it’s harder to cloak activity in the physical world.

So, I think the court is right to embrace the Internet exceptionalism between the lack of duty in virtual premises despite the offline duty to invitees, but this aspect could have benefited from more exposition.

What Should the Experience Project Have Done Differently?

This case is extremely similar to an (uncited) case involving Topix, Witkoff v. Topix, also involving the online matching of a buyer and seller of illicit drugs that led to an overdose. Section 230 protected Topix as well, so the opinions reach the same legal result.

Yet, the fact that these tragedies keep occurring make me wonder what, if any, steps sites like Topix and the Experience Project should take to reduce the number of victims. In particular, any site encouraging site-wide anonymity should know that its “more honest” posts will also come with illegal behavior. Section 230 may allow these services to avoid liability, but it doesn’t eliminate their responsibilities to their community and to society generally. It’s probably time for our community to have a public conversation about what steps online services like Topix and the Experience Project should take regarding the online sale of illegal drugs.

Case citation: Dyroff v. The Ultimate Software Group, Inc., 2017 WL 5665670 (N.D. Cal. Nov. 26, 2017). The complaint.

Source: Eric Goldman Legal

Interesting Tidbits From FTC’s Antitrust Win Against 1-800 Contacts’ Keyword Ad Restrictions 0

Over the course of about a decade starting in 2004, 1-800 Contacts entered into over a dozen settlement agreements with competitors, most of which mutually restricted both parties from buying keyword ads triggered to their competitor’s trademarks and sometimes requiring the use of negative keywords. The FTC challenged this practice as anti-competitive via the FTC’s administrative adjudication process. In a behemoth 215 page opinion peppered with annoying redactions, the ALJ agrees with the FTC. The opinion’s summary:

Complaint Counsel has met its burden of proving that the Challenged Agreements unreasonably restrain trade in violation of Section 5 of the FTC Act. Contrary to Respondent’s argument, FTC v. Actavis, 133 S. Ct. 2223 (2013), is not authority for the proposition that trademark settlement agreements are immune from antitrust scrutiny.

The evidence in this case demonstrates that the advertising restraints imposed by the Challenged Agreements cause harm to consumers and competition in the market for the sale of contact lenses online. This is sufficient to establish Complaint Counsel’s prima facie case that the agreements are anticompetitive. The evidence fails to prove that the Challenged Agreements have countervailing procompetitive benefits that outweigh or justify the demonstrated anticompetitive effects of the Challenged Agreements. Accordingly, the Challenged Agreements violate Section 5 of the FTC Act.

This opinion is chock-full of goodies. Normally I’d recommend reading the whole thing. However, at a hefty 215 pages, it would take you a long time to do so. Here are some of the highlights I saw.

Expensive Litigation. The ALJ summarizes the scope of this case:

Over 1,250 exhibits were admitted into evidence, 43 witnesses testified, either live or by deposition, and there are 4,554 pages of trial transcript. The Parties’ post-trial briefs, proposed findings of fact and conclusions of law, reply briefs and replies to proposed findings of fact and conclusions of law total 3,514 pages.

When I see numbers like this, I think $$$$$$$$$$$$$$$ legal fees and expensive family vacations in Hawaii for the lawyers (and the experts).

Advertisers [Heart] Search Advertising. Keyword advertising is rampant among contact lens retailers. “Walmart, for instance, bids on somewhere under 5,000 keywords related to contact lenses.”

The opinion says, many times and in many ways, how 1-800 Contacts’ competitors love search advertising and want to do more of it. Google should get many good testimonials out of this. These quotes from AC Lens are typical of the opinion:

* “The reason AC Lens spends a large portion of its advertising budget on pay-per-click search advertising is that pay-per-click search advertising is ‘consistently the channel that [AC Lens] ha[s] found productive in terms of bringing in customers at an acquisition cost that [the company has determined] is consistent with [its] financial goals.’”

* “In the view of AC Lens, pay-per-click search advertising is the most effective and important marketing channel that AC Lens uses to grow its business. (Clarkson, Tr. 230 (pay-per-click “has been historically the lifeblood of [AC Lens’] growth.”); CX9039 (Clarkson, Dep. at 175-76 (search advertising has played a “tremendous role” in AC Lens’ success); CX9018 (Drumm, Dep. at 124-25); CX9018 (Drumm, Dep. at 124-25 (search advertising is particularly effective because it is high volume, in that it presents AC Lens with a high “[t]otal number of potential impressions.” The “volume from search is massive, so that’s why it’s the most important probably.”)).”

* “To AC Lens, search advertising is a particularly valuable type of advertising because it can be used to target customers who are specifically looking to purchase contact lenses. (CX9039 (Clarkson, Dep. at 173-75) (“[B]road-based marketing that does not target is inherently far less efficient in reaching a target audience. Search is beautiful in the sense that you get right in front of the customer who’s looking to buy your product, and you don’t pay unless they click on your ad. It’s a wonderful thing.”)). ”

grumpy cat search

Brand Value from Unclicked Search Ads

More testimonials come from retailers endorsing the brand value of running keyword ads even if they aren’t clicked:

* Walmart: “Walmart considered it useful to show its contact lens advertisements in search advertising results even when users did not click on the ads because showing ad impressions builds brand awareness and awareness that Walmart sells contact lenses.”

* LensDirect: “For LensDirect, having advertisements appear in responses to a search for 1-800 Contacts, even if the consumer does not click on the LensDirect ad, can improve LensDirect’s brand visibility. This helps LensDirect because “the more times people see LensDirect, the better chance there is of them becoming a customer one day.””

* Lens Discounters: “Bidding on 1-800 Contacts’ terms enabled Lens Discounters to generate ad impressions, so that even if consumers did not purchase from Lens Discounters, Lens Discounters was “able to get the Lens Discounters’ name in front of a large audience of potential customers.””

* Memorial Eye: “Memorial Eye believes it benefitted from having ads appear in response to searches for 1-800 Contacts, even if the consumer intended to navigate to 1-800 Contacts’ website, because doing so improved Memorial Eye’s brand recognition. ”

1-800 Contacts’ Keyword Bids on Its Own Trademarks

Trademark owners hate bidding on their own trademarks because they feel like they pay search engines for actual or prospective customers they already “bought” through other forms of advertising. Still, these bids are highly successful for 1-800 Contacts. Some of the details we learn:

* “About 75% of all paid search orders come through our trademark terms.”

* “In 2015, between 20 and 31% of 1-800 Contacts’ initial web orders came from users searching for 1-800 Contacts’ trademark terms…20% of initial orders came from “Paid Search on 1-800 CONTACTS Trademark” and 11% of initial orders came from “Natural Search.””

Not surprisingly, competition for bids on its branded keywords literally cost 1-800 Contacts money: “An August 7, 2007 analysis by Mr. Craven estimated that 1-800 Contacts may have lost around $426,000 in revenue to, year to date, as a result of ads appearing in response to searches for 1-800 Contacts’ trademarks….During the week ending September 22, 2007, 1-800 Contacts noted a 6% week over week drop in trademark paid search orders, relating this in part to competition from Vision Direct, which had been “advertising in the 2nd position on many of [1-800 Contacts’] branded terms in Google.””

Competitors’ Keyword Bids on 1-800 Contacts’ Trademarks

1-800 Contacts’ competitors definitely want a piece of the action 1-800 Contacts gets from its branded keywords:

* AC Lens:

AC Lens believes it could benefit from showing its advertisements to a person who entered a search query for “1-800 Contacts,” “[b]ecause we sell the same products and we sell them at a lower price.” (Clarkson, Tr. 378; CX9018 (Drumm, Dep. at 152) (“Bidding on their terms would provide us an opportunity to show those people that there’s an alternative.”); id. at 197 (“There are a lot of people that search for ‘1-800 Contacts’ from what we can tell via the keyword tool and other sources. Those are people who are most likely looking for contact lenses to purchase, and it would be definitely relevant and helpful to advertise our sites in that location.”)).

To AC Lens, it would be more valuable to show advertisements in response to search queries for 1-800 Contacts’ brand name terms than in response to search queries for the brand names of other online contact lens retailers because of “the price advantage that [AC Lens] enjoy[s]” relative to 1-800 Contacts. (CX9039 (Clarkson, Dep. at 156); see also Clarkson, Tr. 253 (“Also, there’s less value in advertising on, say a Vision Direct term because they’re in roughly the same price point, so there isn’t quite the same incentive for consumers to switch.”))….

AC Lens believes that some portion of people who search for 1-800 Contacts “would be interested in an offer [from AC Lens] that said, ‘[w]e’re 20 percent cheaper’” and that such message “would be a compelling proposition to consumers.”

* LensDirect: “During Mr. Alovis’ time as CEO of LensDirect, LensDirect’s bidding on 1-800 Contacts terms “absolutely” drove a significant amount of business for LensDirect.”

* Memorial Eye:

between January 2010 and December 2011, clicks on Memorial Eye ads appearing on search results pages following queries that included 1-800 Contacts’ branded queries accounted for 46% of Memorial Eye’s search-advertising related sales… Based on Google data analyzed by Dr. Evans, Memorial Eye had a higher click-through rate on ads displayed for 1-800 Contacts brand queries than for other queries. People who clicked also were more likely to buy from Memorial Eye than people who reached its website by entering other queries. Memorial Eye converted, or made an initial sale on, 11.25% of the clicks on matched ads, which was “almost twice as high a rate of conversions on 1-800 queries than on non-1-800 queries.”…Memorial Eye believes that implementing the negative keywords for 1-800 Contacts terms that 1-800 Contacts was asking Memorial Eye to implement “would destroy” its business because Memorial Eye obtained a large amount of sales from searches that included 1-800 Contacts related terms.

The opinion provides some interesting comparative detail about the keyword ad costs and performance for Memorial Eye and LensDirect:

Memorial Eye













Overall, LensDirect’s cost per conversion is noticeably higher, and conversion rate is noticeably lower, than Memorial Eye’s. The opinion doesn’t explain why. Two hypotheses that came immediately to mind: (1) the LensDirect data is later in time than the Memorial Eye data. This could mean that keyword ads got more competitive. It could also mean that retailers were willing to pay more because their profits soared due to manufacturers’ resale price maintenance (discussed below). (2) Perhaps there are differences in the two websites that makes it harder for LensDirect to convert.

LensDirect’s performance with the “1800contacts coupons” keywords also stands out because their performance is noticeably better than the other cited keywords–in the case of the exact match, less than 25% of the conversion costs of other listed keywords. Unfortunately for LensDirect, I suspect the traffic volume for this search term is tiny compared to the other terms.

1-800 Contacts’ Customers Are Overpaying

A reminder that 1-800 Contacts’ customers are probably overpaying. The opinion says succinctly: “1-800 Contacts on average has retail prices for contact lenses below independent ECPs and retail optical chains, but higher than mass merchants, club stores, and other online retailers.” Some more detail:

* “Online retailers generally offer lower prices than 1-800 Contacts. (Bethers, Tr. 3544-45; Murphy, Tr. 4119 (“There was a brand premium in this case; that is, typically we saw  1-800’s prices higher than many of the pure-play online sellers.”); CX0439 at 036 (“1-800 [Contacts] is the most expensive online retailer . . . .”); Alovis, Tr. 989 (“sometimes [1-800 Contacts is] selling something 20 percent over what [LensDirect is] selling, sometimes even more. It’s usually a wow factor when people look at our price point versus 1-800 Contacts’”); Holbrook, Tr. 1901 (“[Memorial Eye’s] prices were typically quite a bit less” than 1-800 Contacts’ prices); CX8003 (Mitha, Decl. at 001 ¶ 4) (“In general, 1-800 Contacts’ prices are higher than Lens Discounters’ by a significant amount. In the past, we have found that 1-800 Contacts’ prices were almost double Lens Discounters’ prices for some products.”)). Many consumers are not aware of the price discrepancy between 1-800 Contacts and its online competitors.”

* “In conducting its due diligence regarding its potential acquisition of 1-800 Contacts in 2012, Berkshire Partners’ investment analysis team concluded that “a sizeable segment” of consumers were uninformed about lower-priced options for purchasing contact lenses online.”

Worse, it appears that resale price maintenance has hurt consumers. Due to resale price maintenance imposed by manufacturers starting in 2014, “discount sellers (online retailers and club stores) had to increase their prices substantially, by roughly 20 to 25%, on many of the affected products.” I wonder if the FTC is going to look into this issue too?

What’s Next for This Case?

This ALJ opinion is comprehensive, exhaustively cited, and thoughtful. As painful as it was to read a 215 page opinion, this opinion was well-crafted and surprisingly readable. The factual findings are well-presented and not favorable to 1-800 Contacts, something that will likely dog 1-800 Contacts throughout the rest of the case.

1-800 Contacts has already indicated it will appeal the decision. The appeal goes to the FTC Commissioners, of which there are only two out of the normal five. I don’t know what to expect at that stage. Regardless of the commissioners’ decision, the case will surely proceed to federal court.

Case citation: In the Matter of 1-800 Contacts, Inc., Docket No. 9372 (FTC Off. of Admin. L. Judges Oct. 27, 2017)

Case library: The FTC maintains a page with all of the public filings in this case. Here’s a selected library of materials:

* ALJ opinion

* Some expert reports and related material: Howard HoganDr. William LandesProf. Rebecca Tushnet SlidesDr. Evans’ Slides. Dr. Susan Athey’s slides (see the exhibit).

* Respondent’s Second Corrected Pretrial BriefBlog post: 1-800 Contacts Charges Higher Prices Than Its Online Competitors, But They Are OK With That–FTC v. 1-800 Contacts

* Complaint Counsel’s Corrected Pre-Trial Brief and Exhibits. Blog post: FTC Explains Why It Thinks 1-800 Contacts’ Keyword Ad Settlements Were Anti-Competitive–FTC v. 1-800 Contacts

* FTC Complaint from Aug. 2016. Blog post: FTC Sues 1-800 Contacts For Restricting Competitive Keyword Advertising


Source: Eric Goldman Legal

Zazzle Loses Copyright Jury Verdict, and That’s Bad News for Print-on-Demand Publishers–Greg Young Publishing v. Zazzle 0

Greg Young Publishing licenses images for posters, many of which are beach- or surfing-themed. Zazzle users posted item listings that included the copyrighted images. Greg Young Publishing sued Zazzle. In a prior ruling, the court held that Section 512(c) applied to the photos in the online product listings, but not to the manufacture of goods bearing the image. Without Section 512 protection for the latter, the case proceeded to a jury trial.

The trial did not go well for Zazzle. It lost on all 35 counts of copyright infringement, and the jury awarded over $460,000 in statutory damages in amounts ranging from $200 to $66,800 per work. Five of the statutory damage awards were more than $30,000 per work, which is allowed only for willful infringement. In post-trial motions, Zazzle moved to limit those 5 statutory damages awards to $30,000 each because the plaintiff didn’t prove willfulness. The judge agreed, knocking those 5 awards down to $30,000 each.

What is Willfulness? Normally, willfulness is a rigorous scienter requirement. However, the Ninth Circuit has relaxed it substantially. The court recaps:

a copyright defendant may be liable for willful infringement if it fails to make any “attempt to check or inquire into” the copyright status of a design when it “has a general awareness” that the design might be unauthorized, or if the defendant uses “an approval process that never explicitly asks about copyrights at all,” or if the defendant deliberately sells infringing products after receiving a cease-and-desist notice.

Adapting this rule to UGC services, the court says:

receiving a takedown request for a specific unauthorized copy of a copyrighted work does not, without more, impute an objective suspicion that other instances of that same work exist on the service and are likewise unauthorized…Absent a takedown notice from a copyright owner identifying specific infringing copy, the service provider cannot know whether every particular copy is authorized or not

Zazzle Lacks Willfulness. The court observed that “Zazzle (1) adopted a policy against copyright infringement, (2) required its users to contractually warrant that each design’s use was authorized, (3) employed a large team to help enforce its policy, (4) responded to every one of Plaintiff’s takedown requests, and (5) made an effort to try to locate and remove additional infringements from Plaintiff’s catalogue.” Thus,

Drawing reasonable inferences in Planitiff’s favor, Zazzle’s conduct cannot be considered reckless or willfully blind. Whenever Plaintiff gave Zazzle notice of infringement, Zazzle responded. Planitiff’s closing arguments acknowledged Zazzle had a working anti-infringement system. Dkt. 147 at 116:8-11 (“[GYPI is] asking you to get Zazzle to do a better job.”) While that system admittedly could not address future infringement, it did have the ability to remove infringing material upon receipt of a takedown notice. And the Ninth Circuit does not set the willfulness bar so low that it requires active monitoring for infringement in the online platform context.

Even in the light most favorable to Planitiff, the undisputed facts do not show recklessness. Zazzle indisputably reviewed product orders and employed dozens of people to combat infringement. Nor was there evidence to support “willful blindness.” Plaintiff elicited no testimony that Zazzle “believed that there is a high probability” of infringement of Plaintiff’s copyrights, and Plaintiff showed no “deliberate actions” by Zazzle “to avoid learning” about infringement. Both elements are required; Plaintiff showed neither at trial.

No caselaw supports a willfulness standard so low that a company with an active anti-infringement policy that took action against any alleged infringement—albeit upon receiving notice—is deemed to have acted recklessly or been willfully blind. This Court enters judgment as a matter of law that any infringement found by the jury was not “willful.”

The Injunction. Separately, the court issued a permanent injunction against further infringement of any copyrighted works enumerated on the joint trial exhibit list. Like I recently pondered in the context of a similar injunction against Sunfrog, a T-shirt print-on-demand publisher, how exactly will Zazzle operationally implement the injunction?

Because the copyrighted works are identified on the exhibit list, Zazzle can use the works to train image filters. Perhaps image-filtering technology has gotten good enough that it will find all subsequent instances of the works. Certainly filters are more likely to work here than in the Sunfrog case, where the injunction extended to “substantially similar” variations of the trademarked logos and phrases.

If the image filters can’t solve this problem, Zazzle will have to deploy humans against this problem, and they will have to prescreen Zazzle’s entire corpus of images, not some subset related only to the Greg Young Publishing images. Even so, throwing bodies at the problem does not ensure 100% compliance, no matter how much money Zazzle spends.

The injunction explicitly says Zazzle doesn’t need to be perfect. Quoting other cases, it says “absolutely perfect compliance is unattainable” and “If a violating party has taken ‘all reasonable steps’ to comply with the court order, technical or inadvert[e]nt violations of the order will not support a finding of civil contempt.” That’s nice, but what are “all reasonable steps” here, and how many “technical or inadvertent” mulligans will Zazzle be allowed before it’s in contempt? These are questions that Zazzle hopes it won’t have to answer, and certainly not in the context of a “show cause” hearing.

By way of comparison, the DMCA online safe harbor (17 USC 512(j)) explicitly limits the possible injunctions for user-generated content. However, 512 only protects Zazzle’s online listings, not its offline printing, so it doesn’t help Zazzle. Eventually, the print-on-demand industry may require its own legislative solution.

Implications. While the no-willfulness ruling nominally is good news for Zazzle, this case has produced both tactical and strategic losses for Zazzle. Zazzle must pay over $350,000 in damages plus attorneys’ fees and costs (the plaintiff is asking for $700k+ more). Implementing the injunction could be even more costly. Zazzle may need to buy new (or better) image filtering software and hire many new employees/contractors.

It bears reiterating that Zazzle must incur these costs and obligations despite all of the efforts it was already taking. The court recaps:

  • “Plaintiff did not argue that Zazzle had actual knowledge that it was infringing the works at issue.”
  • “Nor did Plaintiff present any evidence to show that ignored any infringement”
  • “Zazzle had an express policy against infringing activity.”
  • “Plaintiff presented no evidence of deviation from that policy.”
  • “Zazzle also required its users to contractually warrant and verify that they had the right to use each individual image.”
  • “Zazzle also employed 30 and 50 people to help Zazzle enforce its policy.”
  • “Plaintiff agreed that every time it brought potential infringements to Zazzle’s attention, Zazzle swiftly removed the alleged infringements.”
  • “Zazzle made a specific effort to try to remove all products that might potentially infringe Plaintiff’s copyrights by using keyword searches to try to find those products and remove them.”

These multitudinous efforts were not enough to defeat this lawsuit. So exactly what steps must Zazzle take to avoid future copyright lawsuits based on this plaintiff’s other works or other plaintiffs’ works? This ruling suggests that Zazzle must bat 1.000 or write substantial checks. That means the issues underlying this case are not only operational; they are potentially existential. Zazzle will probably figure something out, but I’m glad I’m not a Zazzle stockholder.

The docket activity suggests Zazzle plans to appeal. Given how bad this loss is, an appeal makes sense. But I sure hope they have some great arguments on appeal, or the appeal could lock in some really bad doctrines for the entire print-on-demand industry.

Reminder: we’ll be discussing operational issues related to this case at the Content Moderation and Removal at Scale Conference, Feb. 2, 2018, at Santa Clara University. We expect to run out of tickets, so if you plan to come, make sure to register ASAP.

Case citationGreg Young Publishing, Inc. v. Zazzle, Inc., 2017 WL 5004719 (N.D. Cal. Oct. 27, 2017)

Related posts:

Trademark Injunction Issued Against Print-on-Demand Website–Harley Davidson v. SunFrog
DMCA Safe Harbor Doesn’t Protect Zazzle’s Printing of Physical Items–Greg Young Publishing v. Zazzle
CafePress May Not Qualify For 512 Safe Harbor – Gardner v. CafePress
Cafepress Suffers Potentially Significant Trademark Loss for Users’ Uploaded Designs
Life May Be “Rad,” But This Trademark Lawsuit Isn’t–Williams v.
Print-on-Demand “Publisher” Isn’t Liable for Book Contents–Sandler v. Calcagni
Griper Selling Anti-Walmart Items Through CafePress Doesn’t Infringe or Dilute–Smith v. Wal-Mart
CaféPress Denied 230 Motion to Dismiss–Curran v. Amazon

Case library:

* Plaintiff’s request for attorneys’ fees
* October 2017 post-jury verdict injunction
* October 2017 ruling following jury verdict
* Jury verdict
* May 2017 ruling on DMCA safe harbor. My blog post.

Source: Eric Goldman Legal

‘Blacklist’ of ModelMayhem Members Defeats Legal Liability–Brenner v. Hill 0

ModelMayhem facilitates matches between models and employers, such as photographers. We’ve blogged before about the risk that putative ModelMayhem employers are sexual predators, which led to a key 9th Circuit ruling that Section 230 doesn’t immunize “failure to warn” claims. I’m amazed ModelMayhem has survived despite such disquieting news about safety on its site.

In partial response to the risks, defendant Hill posted a “blacklist” of potential ModelMaybem employers to her Tumblr account. The blacklist included the entry “GPS Studios | Allan Brenner. Inappropriate. CA.” Defendant Prescott “reblogged” Hill’s Tumblr post, including the Brenner listing.

Brenner sued both Hill and Prescott for defamation, IIED and conspiracy. The trial court granted the defendants’ anti-SLAPP motion. The appeals court affirms because:

1) The blacklist relates to a matter of public interest–specifically “sexual harassment in the workplace (broadly construed to include the workplaces of independent contractors as well as employees).” Indeed, the blacklist is a microcosm of the recent widespread disclosures about dozens of men in power positions engaging in sexual harassment and abuse. This issue has emerged as one of the top headlines of 2017.

The court implies that the blacklist’s virality (it was liked and reblogged many times) might also indicate public interest, but the decision doesn’t turn on that.

2) Thus, the burden shifted to Brenner to demonstrate his case. Effectively, Brenner must show that he had never acted “inappropriately” with the models he photographed–in other words, prove a negative. The court provides Brenner with an easy escape hatches: to overcome the anti-SLAPP motion, he simply had to submit a declaration unambiguously denying the conduct. For reasons I don’t understand, Brenner failed to make this declaration, so the anti-SLAPP motion succeeds.

I’m not sure how often other courts will provide plaintiffs with this easy escape hatch to anti-SLAPP motions. I hope it’s infrequently. Otherwise, anti-SLAPP motions will rarely succeed.

Brenner’s non-declaration allows the court to sidestep the thornier question of whether characterizing Brenner’s behavior as “inappropriate” can be defamatory. Though the term “inappropriate” surely can’t be defamatory in isolation, the blacklist gave specific examples of what constituted inappropriate behavior, and those details may have made the term capable of being false. So even though the anti-SLAPP motion worked here, “blacklists” remain a legally precarious endeavor.

Case citation: Brenner v. Hill, 2017 WL 5589175 (Cal. App. Ct. Nov. 21, 2017)

Source: Eric Goldman Legal

Privacy Plaintiffs Lack Standing Against NBA 2K15’s Face-Scanning Technology 0

This is a putative class action lawsuit against Take-Two, the video game publisher. Plaintiffs allege that the “MyPlayer” feature on NBA 2K15 violated Illinois’ biometric information privacy statute. The feature allowed players to upload a face-scan and then use a version of that scan as their avatar in certain multiplayer games. Specifically, plaintiffs allege that Take-Two (1) failed to obtain consent; (2) disseminated biometric data without consent; (3) failed to provide details regarding the purpose or term of storage or use of the information, or an applicable retention schedule; and (4) failed to comply with appropriate security measures by transmitting the scans via standard wireless connections.

The district court dismissed on Article III standing grounds. The Second Circuit affirms.

Citing Spokeo, the Second Circuit looks at circumstances where plaintiffs have standing for “procedural violations” of a privacy law. In order to establish standing based on procedural violations, the plaintiffs must establish that (1) the legislature created the procedural right to protect plaintiff’s “concrete interests” as to the harms in question, and (2) the procedural violation presents a real risk of harm to this interest.

The parties agreed that the decisive issue was the second one. So the court assumes without deciding that the Illinois statute seeks to prevent the unauthorized collection, use, or disclosure of a person’s biometric data. The court says that none of the procedural violations raise a “material risk of harm” to this interest.

As for the lack of consent, the court says plaintiffs voluntarily participated: “[n]o reasonable person . . . would believe that the MyPlayer feature was conducting anything other than a scan.” Plaintiffs do not “plausibly” assert that if they were more directly advised, they would have withheld consent (or declined the feature).

The court says the same is true of Take-Two’s failure to disclose the duration of the scan’s storage or guidelines for its destruction. Plaintiffs merely argued they were not advised of this but didn’t actually take issue with Take-Two’s policies. Interestingly, the court says this also presents a consent issue.

The court says Take-Two’s violation of the statute’s data-security provisions presents a tougher question. The statute says covered entities have to store and transmit biometric data in a way that is “protective” and commensurate with their handling of other “confidential and sensitive information.” Plaintiffs argued Take-Two’s transmission of the information via the “open, commercial internet” violated the statute. However, the court says that plaintiffs’ allegation even failed to allege an increased material risk. The injury plaintiffs point to was that they would be deterred from using similar technologies and fearful of such transactions in the future. The court says this is not the risk of harm that would qualify (even assuming that the risk of harm alone would be sufficient).

Finally, the court says dismissal should be without prejudice. Where a court dismisses for lack of Article III standing, the court actually lacks subject matter jurisdiction.


We’ve seen a flurry of lawsuits based on the Illinois statute relied on by plaintiffs here. The Shutterfly lawsuit linked below was brought by a non-user and survived a motion to dismiss. (It looks like it’s in the middle of discovery.) This case was brought by a user and is a much tougher one to make. It’s tough to argue subterfuge as to the process of the face-scan itself. As the court notes, when undergoing the scan, participants must:

hold their faces within 6 to 12 inches of the camera and slowly turn their heads 30 degrees to the left and to the right during the scanning process .The process . . . takes about 15 minutes.

Once consent is removed from the mix and there’s no misuse outside the entity that took the scan, plaintiffs are left to argue “bare procedural violations”. As the Supreme Court helpfully explained in Spokeo, bare procedural violations are often not actionable, and the court concludes that is the case here. Plaintiffs complaints regarding purging and storage are reminiscent of the arguments Video Privacy Protection Act plaintiffs raised regarding the treatment of their viewing records. A failure to purge in that context is tough to turn into something actionable.

The court’s closing statement about the data security practices of Take-Two are worth noting. It’s unclear whether the court was referring to the process that occurs at the player’s location or at Take-Two internally. But with the increasing prevalence of data breaches and theft, companies would be wise to pay heed to their security practices when dealing with this type of information.

Case citation: Santana v. Take-Two Interactive Software, Inc.2017 WL 5592589 (2d Cir. No. 21, 2018)

Related posts:

Face Scanning Lawsuit Against Shutterfly Survives Motion to Dismiss

Facebook Gets Bad Ruling In Face-Scanning Privacy Case–In re Facebook Biometric Information Privacy Litigation

Shutterfly Can’t Shake Face-Scanning Privacy Lawsuit

Court Says Plaintiff Lacks Standing to Pursue Failure-to-Purge Claim Under the VPPA – Sterk v. Best Buy

Seventh Circuit: No Private Cause of Action Under the Video Privacy Protection Act for Failure to Purge Information–Sterk v. Redbox

Redbox Can be Liable Under the Video Privacy Protection Act for Failure to Purge Video Rental Records — Sterk v. Redbox

Disney Not Liable For Disclosing Device IDs And Viewing Habits

App Users Aren’t “Subscribers” Under the VPPA–Ellis v. Cartoon Network

Ninth Circuit Rejects Video Privacy Protection Act Claims Against Sony

AARP Defeats Lawsuit for Sharing Information With Facebook and Adobe

9th Circuit Rejects VPPA Claims Against Netflix For Intra-Household Disclosures

Lawsuit Fails Over Ridesharing Service’s Disclosures To Its Analytics Service–Garcia v. Zimride

Minors’ Privacy Claims Against Viacom and Google Over Disclosure of Video Viewing Habits Dismissed

Is Sacramento The World’s Capital of Internet Privacy Regulation? (Forbes Cross-Post)

Hulu Unable to Shake Video Privacy Protection Act Claims

California Assembly Hearing, “Balancing Privacy and Opportunity in the Internet Age,” SCU, Dec. 12

It’s Illegal For Offline Retailers To Collect Email Addresses–Capp v. Nordstrom

California Supreme Court: Retail Privacy Statute Doesn’t Apply to Download Transactions – Apple v Superior Court (Krescent)

CA Court Confirms that Pineda v Williams-Sonoma (the Zip-Code-as-PII Case) Applies Retrospectively — Dardarian v. OfficeMax

California Supreme Court Rules That a ZIP Code is Personal Identification Information — Pineda v. Williams-Sonoma

Source: Eric Goldman Legal