Session
2: Setting UP
Guest
Panelists:
Bret
Fausett, Esq.
Hancock Rothert & Bunshoft, LLP
Los Angeles, California
www.hrblaw.com/atty_bio_248.htm
www.lextext.com
|
John
Palfrey
Co-founder and Vice-President of Operations
Analine.com, Inc.
www.analine.com
|
Michael
Fertik
President and Founder
TruExchange, Inc.
www.truexchange.com/
|
Laraine
Morse Ward
In House Counsel
InfoSpace
|
David
J. Loundy, Esq.
Co-Chair, Intellectual Property & Technology Practice
Group
Masuda, Funai, Eifert & Mitchell, Ltd
Chicago, IL
www.masudafunai.com
www.Loundy.com
|
|
SETTING
UP - TABLE OF CONTENTS
I.
Introduction
II. Registering a Domain Name
III. Hosting
IV. ISP Liability
V. Website Development
VI. Marketing and Advertising
VII. Conclusion
VIII.
References
IX.
Additional Materials
I. Introduction
In today's wired age, it is common knowledge that setting up one's
own web page is not a particularly difficult endeavor. Indeed, anyone
who has run a broad-based search through one of the major search
engines has likely come across myriad "homemade" pages
created by individuals reflecting their personal interests or some
life ambition. To set up a web site, one really only needs an Internet-connected
computer, a web browser equipped with a basic text-editing application
and an Internet service provider (ISP) that offers web hosting for
its users. Such users are unlikely to seek legal advice, and the
legal issues that arise in relation to such sites tend to be limited
to copyright and trademark violations by the site creators.
E-commerce,
however, presents a wholly different challenge for the site creator
and the legal practitioner. The sophisticated nature of the technology
required, the number of players involved in setting up a site and
facilitating transactions, the privacy concerns of customers who
may be giving the site information about themselves, and a host
of other realities of online business make effective legal representation
critical in this arena. In addition, e-commerce set-up often requires
great speed due to the nature of the industry, therefore adding
an additional layer of complexity that calls for even more vigilance
and preparedness on the part of the legal practitioners in structuring
transactions and advising clients. This section of the course will
examine some general steps that most U.S. e-businesses will follow
in establishing an e-commerce site and explore the necessity or
possibility of legal representation at different critical junctures
of the set-up process.
A handy
keyword searchable glossary for e-commerce terminology is Internet.com's
ECommerce
Webopedia.
Back to TOC
II.
Registering a Domain Name
In setting up a website, the first step usually undertaken is registering
a domain name. A domain name is the unique address that guides a
user's browser to the computer on which the website resides. It
usually consists of two elements, the top-level domain (TLD) and
the second-level domain (SLD - which some simply refer to as the
"domain name"). The most recognizable example of a TLD
is the familiar .com found at the end of many web addresses. In
addition, there is another set of TLDs reserved for specific countries.
These are known as the country code TLDs, or ccTLDs and include
domains such as .jp for Japan, .fr for France, and the much-ballyhooed
.tv for Tuvalu. The administration of these sites was given over
to authorities in each nation, some of whom have restricted registration
to residents of that nation while others (most notably Tuvalu) have
opened registration to anyone willing to pay the price. Finally,
ICANN, the Internet Corporation for Assigned Names and Numbers (Website)(ICANN1),
recently selected seven new gTLDs from proposals submitted by private
applicants, including a new .biz TLD for businesses and .pro TLD
for lawyers, physicians, and accountants (Website)(ICANN2).
Registration in the new gTLDs is not expected to begin before the
Fall of 2001.
A. CHOOSING A TOP-LEVEL DOMAIN (TLD)
Choosing
a TLD then is the first step in registering a domain name. There
are many registry services for the three unrestricted gTLDs, with
a variety of prices and service options available. One must closely
review the terms of the registrar service agreement policies. The
domain holder's rights in a gTLD domain name are very tenuous; most
registrars reserve the right to revoke a domain registration at
their own discretion. And courts have only just begun to explore
the boundaries of domain names and property rights. In one of the
few cases addressing domain names as property, a state court in
Virginia ruled that a domain name is a form of intangible intellectual
property subject to post-judgment creditor remedies (Website)(Umbro).
The case was later reversed when the Virginia Supreme Court ruled
that the domain names at issue could not be garnished, but that
court left open the question of whether the domain names themselves
could be considered property (Website)(Umbro
II) However, a subsequent Federal court decision (Website)(Dorer),
cast some doubt on property rights in domain names before the court
ultimately disposed of the case without definitively answering the
question.
In
addition, all of the current open gTLDs (.com, .org and .net) must
abide by a standard Uniform Domain Name Dispute Resolution Agreement
under which the domain holder is subject to a mandatory resolution
procedure if any trademark owner complains about the domain name.
For more details about the UDRP, see the course section on Disputes.
In the end, most commercial concerns usually register the same name
in all three gTLDs just to avoid confusing customers.
B.
CHOOSING A SECOND-LEVEL DOMAIN NAME (SLD)
The next step is to choose a second-level domain (SLD or 2LD), which
is the part of the domain name preceding the TLD. Common examples
of SLDs include the "Amazon" of Amazon.com and the "CNN"
of CNN.com. Choosing an SLD is something particularly important
for those involved in e-commerce as they think about branding and
trademarks. This choice is best made with the advice of trademark
counsel. As most common words and short phrases have already been
registered as second-level domains in the unrestricted gTLDs, a
business may have to look to an unrestricted ccTLD or one of the
new TLDs to register a manageable and easily remembered name. To
find out if a name is available in the gTLDs, an e-business should
use the VeriSign global registry service Whois search (Website)(Whois).
In addition, each ccTLD has its own "whois" database but
many are searchable from Allwhois (Website)(Allwhois)
and Uwhois (Website)(Uwhois).
One
is safest when registering one's own trademark or tradename. If
it has already been registered by another party, consult the UDRP
or local law for possible grounds to force a transfer of the domain
to you. If the other party has superior rights, or if you have not
yet established any legal right in the name you wish to use, an
important first step in registering a second level domain name is
a trademark search. Due to the focus on trademarks in the ICANN
UDRP - under which a domain name registrant may be forced to give
up a domain name to its trademark holder - it is crucial to make
sure the domain name being registered is not a registered trademark
belonging to someone else. For a review of the ICANN dispute procedure,
see Diane Cabell, Using ICANN's UDRP (2000) (Website)(Cabell).
See
Conducting A Trademark Search for more information.
C.
CHOOSING A REGISTRAR
Virtually all domain registrars have a very simple search process
to see whether a name is available and many also have tools to help
users find available domain names containing similar words if the
original choice is unavailable. After finding an available domain
name (top and second-level), most registrars give registrants a
choice of options in terms of pricing and duration. Registrars may
only grant domain names for fixed periods of time (Website)(ICANN3)
- with an option to renew when the period lapses - and most registrars
give options for different registration durations. Choosing a longer
registration period has the advantage of locking the registrant
into a registration at a price that will not rise, and some registrars
offer discounts for registrations of longer duration.
Different
registrars also may offer differing packages of services for additional
fees. Network Solutions (Website)(NSI),
for instance, offers hosting services for registrants. Some registrars
do not offer hosting, instead requiring the registrant to provide
them with domain name server (DNS) information before they will
register the name. The easiest road for those not quite ready to
set up their websites is to choose a registrar that offers free
parking, which basically means that the registrar registers the
name without requiring DNS information and "parks" the
name on its server until the registrant is ready to use the name.
While
many registrants simply choose the first registrar they come to,
the above options considered in light of the user's needs will aid
in choosing the best registrar. An equally important consideration
that is often overlooked, however, is the Terms of Service (TOS)
agreement, or the registration contract. Unfortunately, the registrars
are often the guilty party in this oversight, as TOS agreements
require the registrant to follow an often-subtle link; most registrars
do not even require the TOS agreement page to be accessed before
processing an order.
See
Domain Name Registration Agreements
for more information.
Back to TOC
III.
Hosting
After registering a domain name, most businesses will need to arrange
for hosting services. As hosting is a relatively new industry, the
actual services offered in a web hosting agreement vary from provider
to provider, making it difficult to generalize what, exactly, comprises
hosting. In general, a host basically stores web pages for a client
and operates a giant switchboard of sorts that connects web users'
computers with requested pages from the hosted company. Hosts generally
facilitate such storage and connections by operating hosting centers,
large warehouse spaces that contain the computers on which clients'
web pages are stored and connect them to the Internet via high-bandwidth
fiber-optic lines.
A.
ADVANTAGES OF UTILIZING A HOST
While some companies may have the hardware, office space, and personnel
resources to create their own servers and host their own sites,
utilizing a host and its hosting center provides some distinct advantages
over managing one's own server. For one thing, outsourcing such
services can save considerable money - hosting often runs about
one quarter of the cost of running one's own site (Website)(Wooley)
- in terms of the aforementioned resources. Utilizing a host may
also decrease the chances of problems due to security breaches,
power outages, and the like, if one selects a hosting center with
round-the-clock security, back-up power generators, climate controlled
storage space, and buildings created to withstand natural disasters.
A final advantage of utilizing a host is speed - the proximity of
the server to the user is a major factor in transaction speed, although
other factors affecting speed such as bandwidth speed, server speed,
and number of hops may lead to situations where the closest server
is not necessarily the fastest. (Some European websites with primarily
European visitors actually get faster and cheaper connections by
hosting in the U.S.). As hosting centers give servers direct, high-capacity,
and high-speed access to the Internet backbone, using a host obviates
the need to rewire one's physical place of business for the necessary
level of connectivity. Employing a host gives a client the advantage
of faster connectivity to users/consumers who are located far from
the headquarters of the company. Using a host also allows a business
to set up a number of alternative servers in various locales in
order to bring greater speed to a greater number of people.
B. LEGAL ISSUES IN HOSTING AGREEMENTS
While
registering a domain name can and is often done without legal representation,
the many legal issues arising in the context of a hosting agreement
make the services of a transactional lawyer a necessity. This is
especially important considering the somewhat vague definition of
what is included in hosting, as the practitioner must make certain
that all of the e-commerce client's needs are met when drafting
a hosting agreement or making changes to boilerplate hosting agreements.
There are several major areas that require special attention to
detail when structuring such deals, including: equipment, maintenance,
service stoppages, security, and allocation of risk. Part
3: Consumer Privacy reviews some of the issues concerning collection
of personal data by hosts.
See Website Hosting Checklist for more information.
Back
to TOC
IV. ISP Liability
A major issue in the Internet context is determining who can be
held responsible for wrongful acts on the part of Internet users.
Should only the user who actually commits the act be held liable,
or should the Internet service provider or website operator be held
liable for the wrongful acts of its users? These questions take
on particular significance for an e-business when considering different
options for a website. Offering consumers the ability to post reviews
of products or participate in chat room or bulletin board discussions
raises such issues of liability. When looking at hosting relationships
as well, there is a question whether hosts can or should be held
liable for wrongful acts of the parties it hosts. Courts have taken
different approaches to address these issues, relying on common
law principles, case law precedents, and statutory provisions.
The
first major case to arise in the realm of ISP liability was Cubby
v. CompuServe (Website)(Cubby).
Cubby involved a situation where allegedly defamatory statements
regarding the plaintiffs were published on a CompuServe bulletin
board, resulting in suit against both the content developer and
service provider (CompuServe). In granting summary judgment for
CompuServe, the district court emphasized the fact that CompuServe
had no editorial control over, or even knowledge of the contents
of, the statements published and therefore acted as a mere distributor
of the materials available on its message boards and other online
fora. The court relied on general principles emanating from the
First Amendment (as interpreted in analogous cases dealing with
traditional media) to rule that a distributor cannot be held liable
for distributed publications containing defamatory statements if
it neither knows nor has reason to know of the allegedly defamatory
statements. The rule established in Cubby thus provided an incentive
for ISPs to remain ignorant of the actual contents of the publications
on its network in order to be considered a distributor immune from
liability.
The
next major development in the realm of ISP liability came in the
case of Stratton Oakmont, Inc. v. Prodigy Services Co. (Website)(Stratton).
In that case, the court held that the Internet service provider
Prodigy could be held liable for libelous statements posted on a
bulletin board it operated by anonymous users, even though it was
not aware of the statements. Key to the court's analysis was that
the ISP in this case was more akin to a publisher than a distributor,
and was therefore not entitled to special protection under the defamation
law. The court further reasoned that because the ISP made representations
to the public concerning its regulation and screening of content
on its bulletin boards, it was exposed to greater liability than
an ISP not making such representations. In the court's opinion,
the fact that Prodigy screened only for indecent and obscene content
and not defamation was of no consequence. This case could be reconciled
with Cubby - and indeed, the court relied on Cubby to reach its
outcome - due to the fact that the ISP here attempted to exercise
editorial control. However, the reasoning led to the seemingly perverse
result that service providers who actually made an effort to police
their sites would be judged more harshly than those who chose to
remain totally ignorant.
A.
THE COMMUNICATIONS DECENCY ACT (1996)
Congress attempted to address the issue raised in the Stratton Oakmont
case through the Communications Decency Act (CDA) (Website)(CDA)
of the Telecommunications Act of 1996 (Website)(TelecomAct).
Although the main thrust of the CDA, which attempted to regulate
indecent content on the Internet, was eventually struck down as
violative of the First Amendment (Website)(Reno),
a safe harbor provision dealing with ISP liability was left intact.
That provision, 47 U.S.C. §230(c) [Website)(§230(c)],
was drafted to explicitly overrule decisions such as Stratton Oakmont
by not subjecting those ISPs that made an effort to screen content
to stricter liability than those who made no effort at all (Website)(Record).
The provision, which is also known as the "Good Samaritan"
defense, states: "No provider or user of an interactive computer
service shall be treated as the publisher or speaker of any information
provided by another information content provider" [Website)(§230(c)(1)].
The subsection goes on to preclude civil liability for ISPs attempting
to regulate or block access to offensive content [Website)(§230(c)(2)].
These
surviving provisions of the CDA played a prominent role in the case
of Zeran v. AOL (Website)(Zeran).
In that case, a user pretending to be Mr. Zeran posted comments
on an AOL message board, offering T-shirts with offensive and tasteless
slogans regarding the Oklahoma City bombing, which had occurred
just days earlier. The posting, which included Zeran's phone number,
resulted in a large volume of angry phone calls, including death
threats. While AOL personnel removed this original posting when
Zeran notified them, they refused to publish a retraction, and subsequent
postings offering merchandise with even more offensive slogans soon
followed. The problem was exacerbated when an Oklahoma City radio
station broadcast Zeran's phone number and encouraged listeners
to call him and let him know what they thought about his offer.
Zeran's
suit against AOL claimed that the ISP had failed in its "duty
to remove the defamatory posting promptly, to notify its subscribers
of the message's false nature, and to effectively screen future
defamatory material" (Website)(Zeran,330
). AOL relied on 47 U.S.C. §230 as an affirmative defense,
and the trial court granted its motion to dismiss. In upholding
the district court's ruling, the 4th Circuit explored Congress'
intent in passing this section of the CDA:
The purpose of this statutory immunity is not difficult to discern.
Congress recognized the threat that tort-based lawsuits pose to
freedom of speech in the new and burgeoning Internet medium
Faced with potential liability for each message republished by their
services, interactive computer service providers might choose to
severely restrict the number and type of messages posted. Congress
considered the weight of the speech interests implicated and chose
to immunize service providers to avoid any such restrictive effect.
(Website)(Zeran
330-331)
The
court went on to suggest that §230 of the CDA was drafted to
respond to and overrule Stratton Oakmont, seeking to remove the
disincentives to self-regulation that resulted from that line of
reasoning. Along these lines, the court also rejected Zeran's claim
that the rules applying to a distributor, as opposed to a publisher,
should apply to AOL in this case, arguing that such a conception
would defeat the purpose of the statute. While the Zeran court thus
recognized the broad sweep of ISP immunity under the CDA, it did
stress that the Act allows an injured party to seek redress from
the individual responsible for the injury. Zeran, however, was unable
to identify the defamatory poster and therefore was left without
an easy remedy.
See
Additional CDA Cases for more information.
B.
THE DIGITAL MILLENNIUM COPYRIGHT ACT (1998)
Congress again addressed the issue of ISP liability through legislation
in the Digital Millennium Copyright Act (DMCA) of 1998 (Website)(DMCA),
which revised portions of the existing federal copyright law and
added new provisions. Title II, §202 of the DMCA, which was
incorporated into the copyright code as 17 U.S.C. §512 (Website)(§512),
addresses limitations on liability relating to copyrighted material
online. Specifically, the provision grants an ISP immunity for possible
copyright violations as a result of transitory digital network communications,
system caching, storage of copyrighted materials by users in ISP
storage space, and directing users to particular locations (through
links, directories, or other tools). While the first two of these
provisions attempt to address copyright issues that arise specifically
due to technological processes (such as passively forwarding network
traffic on the way to its ultimate destination), the second two
touch more broadly on traditional issues of contributory or vicarious
liability for copyright infringement that have closer analogues
in the non-digital world.
The
immunities granted in these DMCA provisions are subject to numerous
conditions that make the law somewhat convoluted. The most basic
and important of these conditions are that the ISP have no knowledge
of the infringing conduct of its users (or infringing nature of
its own links) and that, once an infringement is discovered, it
take steps to expeditiously remove infringing material and suspend
service to the infringing party. In this way, the DMCA offers a
safe harbor to ISPs by withholding liability for infringement from
ISPs that have no knowledge of an infringement. When infringement
is discovered, the ISP can remain within the safe harbor and escape
liability by promptly following the specified procedures for removal
or diabling of access once it is notified of the infringement. While
this safe harbor combines with the protections of the CDA to give
a broad immunity to ISPs, the DMCA provisions may have the ancillary
effect of impinging upon free speech by encouraging more stringent
actions to be taken by ISPs against alleged infringers in an effort
to remain within the safe harbor.
See Notice Provisions of the DMCA for more information.
C.
ISP LIABILITY AND THE E-BUSINESS
What does all this mean for the e-business? First of all, an e-business
that does not have its own fully self-sufficient infrastructure
needs an ISP of some sort, and these case law precedents and statutory
provisions will clearly effect e-business-ISP relations. Even the
most self-sufficient e-businesses, usually utilize an upstream service
provider of some sort. Furthermore, to the extent that an e-business
takes on attributes of an ISP, these precedents and provisions may
apply directly to the e-business as a service provider. For most
e-businesses, the host will be the ISP and issues of ISP liability
that arise may be incorporated into a hosting agreement. The default
rule set forth by the CDA and the cases interpreting it in regards
to defamatory or obscene content will immunize the host from liability
for an e-business' wrongdoing in publishing such content. While
a specific hosting agreement certainly may be drafted to reallocate
the liability in these cases, there is little incentive for the
host to do so and the e-business itself is clearly in the best position
to regulate its content. These considerations make it likely that
the default rule will be followed.
The
DMCA safe harbor provision presents an opportunity for a practitioner
to draft specific contractual provisions for a hosting arrangement
to address the execution of the statutory processes. Because the
DMCA safe harbor may give ISPs an incentive to overreact in shutting
down sites that are allegedly infringing, an e-business may wish
to modify a hosting agreement to allow recovery for damages due
to improper termination of service (i.e. termination when there
was no infringing content or other infringing activity). An e-business
may also wish to draft contractual language concerning the processes
by which a host ISP may shut down service. For instance, an agreement
could require notice of pending termination to be given to the e-business
and provide for a specific period of time to cure the allegedly
infringing conduct prior to termination or suspension of service.
Such contractual provisions regarding recovery for improper termination
or the process of termination can be a powerful tool to blunt the
blow upon content providers and other Internet users by the DMCA
and its encouragement of vigilance on the part of ISPs. It should
be noted however, that contractual provisions that work within the
contours of the DMCA and attempt to reach agreement on the ambiguous
interpretive junctions of specific statutory provisions will be
more likely to withstand challenge, as the federal statute may be
found to preempt any explicitly contrary contractual language in
court proceedings. This is particularly important considering the
rights of third parties (copyright holders) are involved in these
types of cases.
The
other main situation in which an e-business may be affected by issues
of ISP liability is that in which the e-business itself takes on
the attributes of an ISP, opening itself up to potential liability
for the acts of its users. This process of an e-business taking
on the characteristics of an ISP is common for those websites that
offer users more interactive services. An e-business may find it
advantageous to give its customers fora, such as chat rooms, to
discuss products and other topics related to the e-business. Or
it may wish to allow its customers to post product reviews that
potential buyers can then access. These chat rooms or review areas
may be used in a manner that injures third parties - ranging from
the posting of defamatory content to copyright infringement (either
direct posting of copyrighted material or contributory infringement
by posting sites where copyrighted material can be illegally obtained).
Assessing
whether an e-business can be held liable for such acts of its users
depends on the construction of the statutes at issue. The courts
have explored the contours of the CDA and DMCA and their applicability
to websites in several major cases.
See Access Provider Liability for more
information.
back to TOC
V.
Website Development
A. IN-HOUSE DEVELOPMENT V. OUTSOURCING
Like
hosting, web design and programming is something that can be developed
by in-house personnel or can be outsourced. While most businesses
take advantage of the benefits of outsourcing the hosting of servers,
web design and, to a lesser extent, programming are often kept in
house for several reasons.
Web design is the most crucial aspect of an e-commerce business.
The website is where customers interact with the business and buy
products; in some instances (as with purely content providers),
the website itself is the product. Another reason many companies
keep web design and programming in-house is because the Internet
economy in general and e-business specifically often calls for rapid
changes - both in the content and design of websites. In terms of
content, it may often be the case that an e-business needs to add
updated products or product information to its website, either as
part of the regular course of business or in response to some particular
event in the market. For design in general, it will often come to
the attention of those running an e-business that a particular new
web design or layout of the site would be more attractive to customers
or make the site easier to use. It may also come to the attention
of those running the business - often in the form of customer complaints
- that there is some sort of problem with the functionality of the
site or its general layout. Keeping an in-house team of programmers/designers
allows the e-business to respond to these stimuli quickly and keep
the business running smoothly, which may not be possible if the
services are outsourced due to lack of personnel, time or urgency
on the part of the contracted designers and programmers.
However,
it is not always feasible for every business to keep a fully equipped
in-house design and programming team. Some small businesses may
not have the budget or the pressing business need to develop their
own programmers. Large businesses may choose to outsource certain
aspects of the design and programming services, such as graphic
design, editing, and backend software development. Many of these
oft-outsourced services have to do with design and programming aspects
that are not site-specific. One reason for this is the idea that
an outside party may not fully understand the vision and purpose
of the e-business, so should work only on the more generic aspects
of design and programming. In other cases, it may not be cost-effective
to develop one's own designers/programmers for things that are not
site-specific. For instance, a site in need of graphics for its
website may hire an outside graphic designer to develop pictures
and icons. Outside programmers are often hired to implement credit
card verification systems, inventory and archiving systems, and
internal search engines. The more mechanical an aspect of website
functioning, the more likely it is to be outsourced. Thus, much
programming outsourcing is geared towards backend functionality
and internal aspects that keep a website running smoothly behind
the scenes.
B. WEBSITE DEVELOPMENT AND INFRINGING CONDUCT/CONTENT
As with hosting, when programming and design services are outsourced,
the e-business and its attorney must undertake an analysis regarding
allocation of risk and responsibility through the services contract.
Two main areas in which there can be problems are liability for
copyright or trademark infringement and service disruptions or other
problems due to malfunctioning programming. In terms of copyright,
an e-business should communicate to a hired designer that all graphics,
photographs, and text used on the website must be original or in
the public domain. As most of the photographs and graphics currently
used on websites and in print media are copyrighted, the e-business
practitioner must diligently attempt to determine whether non-original
graphics/photos used by an outside designer are truly in the public
domain. The attorney should also be aware of the fair use doctrine
(Website)(§107)
as it may be useful in excerpting portions of texts (a favorable
review of the business' website or products, for instance) or other
copyrighted media - although it should be noted that use of copyrighted
materials for commercial purposes enjoys less latitude in fair use
analysis than non-commercial use (Website)(Sony).
While these copyright concerns apply equally to businesses that
design their own websites, it is important to note that contracting
the work out will not save the website publisher itself from escaping
liability for any infringement, due to the basic tort concept of
vicarious liability. One possible way around this is to create a
contract that specifically puts the burden of noninfringement on
the contracted designer and holds it liable for any infringement.
This does not absolve the publisher from copyright infringement,
however, and a business may be limited to seeking post-judgment
contribution from the designer or may be left to satisfy a judgment
if the designer is insolvent or otherwise judgment-proof. While
such contractual language is still better than nothing, perhaps
the best technique to employ is to carefully check a contracted
designer's work or avoid using non-original content at all.
See Prof. William W. Fisher, Linking,
Framing, Meta Tags, and Caching at http://cyber.law.harvard.edu/property00/metatags/main.html
for more information.
C. PROGRAM MALFUNCTIONS
Programming malfunctions and other associated problems can also
be handled through contracts between the e-business and its hired
programmers. To the extent that any such problems adversely affect
customers (as in overcharges on credit cards, failure to register
sales and ship products, etc.), there are similarities to the copyright
context regarding satisfaction of a wronged third party. This is
a particularly grave concern when problems with programs result
in security breaches, which may lead to anything from a hacker putting
offensive material on a business' website to the release of personal
information or credit card numbers. Once again, when drafting a
contract between an e-business and outside programmers, an attorney
should be aware of possible problems that may result from faulty
or otherwise malfunctioning programs. Contracts should consider
a mechanism to address unforeseeable problems should they arise
and arrange for necessary modifications to remedy them, as well
as remedies for substandard or negligent programming. When hiring
outside programmers, e-businesses should inquire into past problems
with the programmers' work and their general service records and
customer satisfaction in order to make an informed judgment about
the likelihood of problems and potential adverse effects on customers.
However, it should be recognized that programming is an ever-changing
field and therefore never free from errors; this should also lead
the e-business to implement contingency plans for problems due to
program malfunctions and have mechanisms in place to remedy such
problems immediately.
See
Security for more information about external
threats to website integrity.
D.
SOFTWARE LICENSING AND WORK-FOR-HIRE CONTRACTS
Another aspect of programming that warrants brief mention for its
legal implications is programmers' use of software and software
licensing. For instance, a website may wish to use automated software
for matching users up with products, but the contracted programmer
is unable to develop a program due to budgetary or technological
constraints. In such a case, the e-business or its programmer may
look into commercial software available to meet this need. As most
software requires a license for each distinct use, an e-business
should make certain to pay for the license for the use of such software
by its hired programmers. While this will increase the cost of programming
services, it is important to ensure the software is being used legally
so as to eliminate any possible cause of action by the software
rights holder. The cost of these licenses may be charged in the
services agreement with the programmers or the e-business can exercise
more caution and arrange to pay the software licensing fees directly
to the software developers. The latter option would prevent the
e-business from assuming any liability in the case of an unscrupulous
programmer who charged for software licensing fees but did not pay
the software developers. Of course, this is may not always be a
concern, as many programmers use their own software and certain
software is in the public domain. In drafting a programming arrangement,
the diligent attorney should inquire into the software to be used
and make sure any needed licenses are obtained.
In
addition to respecting others' rights in their software, it is important
for an e-business to take measures to protect the software and other
materials (including the web page itself, databases, etc.) developed
for the e-business itself. All free-lance and other contract work
should be done on a "work-for-hire" basis which, when
specified in advance by the parties in their written agreement,
allows all copyrights in the contractor's work to vest automatically
in the e-business. If such agreements are not executed in advance,
then the material belongs to the contractor and the e-business must
obtain a written license to use the work on the website, or preferably
an outright assignment of all rights. The work-for-hire rights automatically
accrue to employers when the creation of the website material is
required as part of the employee's job duties.
See Website Development Checklist for
more information.
back to TOC
VI. Marketing and Advertising
In order to be successful, an e-business must engage in advertising
and marketing. These areas have more in common and substantial crossover
with their counterparts in the traditional bricks and mortar business
world than the more technology-specific concerns above. However,
advertising and marketing in the online medium also raise considerable
novel issues of which the e-commerce practitioner should be aware.
This section will highlight some common modes of advertising and
marketing online and examine some legal issues that may arise in
those contexts. (Note: This section will not deal with advertising
and marketing through traditional media such as television and radio,
billboards, mass mailings, etc.).
A. ADVERTISING
Advertising one's e-business online usually takes one of two forms:
1) the purchasing of advertising space on another's website, or
2) swapping advertising space with another business or participating
in an general advertising exchange program. Purchasing advertising
on another website requires an e-business to determine its potential/desired
customers and find an appropriate site through which to reach them.
Advertising and marketing online offer e-businesses the advantage
of reaching a well-defined target audience easily by buying space
on websites whose visitors are in the same demographic as those
sought as e-business customers. Websites are able to gather varying
amounts of information about the types of visitors to their site
(as will be discussed in Part 3: Consumer
Privacy) with sites requiring registration or subscription particularly
adept at gathering detailed information. This offers a distinct
advantage over the types of data that can be gained from other media
such as television and radio - instead of merely determining that
a program is predominantly reaching the 18 to 25 year-old male demographic
(a favorite group of television and movie executives), websites
can give a more detailed breakdown of their audiences. This information
can include age, sex, race, nationality, and other categories that
make targeted advertising and marketing a reality - meaning less
money is wasted going after groups to whom the e-business is not
really catered. (Note: Gathering such information can raise significant
privacy concerns; see the forthcoming course section on Privacy).
Websites also can give potential advertisers information about the
volume of traffic to their sites and therefore the size of the audience
that will be reached by the advertisements.
A preliminary step in finding advertising space is thus determining
what types of websites attract users who would be potential customers
of the e-business. In some cases this may be easy - a golf news
website would be a good fit for an online seller of golf equipment
- while in other cases more research will need to be done to determine
a good fit between advertiser and host. Most large websites have
links to general advertising information and contact information
for their advertising sales departments. Prospective advertisers
can then make appropriate inquiries into the audience they would
reach by advertising on a particular website, the costs of advertising,
etc.. One other option is to go through a large-scale advertising
service, such as DoubleClick (Website)(DoubleClick),
that offers advertisers access to a network of partner websites
in different categories. Such services act as middlemen, bringing
together advertisers and those with advertising space in similar
fields, eliminating many of the transaction costs associated with
searching for individual advertising hosts. Utilizing such a service
also will likely increase the audience the advertisement reaches
by displaying a client's advertisement across a wider array of host
sites, although this may come at the expense of reaching a more
narrowly defined target audience.
Legal issues in renting advertising space mainly involve the agreements
between advertiser and host. An e-business may have different options
in structuring these agreements, such as choosing to pay a fixed
price for advertising for a particular period of time, paying the
host on a sliding scale depending on the amount of traffic to the
host site or actual clicks through to the targeted (advertising)
site, or paying the host a commission on sales made as a result
of the ad. Issues concerning ad placement, number of views, viewership
guarantees, ad tracking, and click-through fraud prevention should
all be spelled out in the advertising agreement. As an e-business'
advertising needs are sure to change over time, an agreement should
also contain provisions regarding changing one's advertisements
during the course of the contract; such a provision also allows
changes to be made in response to consumer complaints/feedback.
The advertising host likely will want to include in the agreement
clauses indemnifying it in certain situations. These situations
- which should also be kept in mind if the e-business itself decides
to sell advertising space - include copyright and trademark infringement
as well as cases involving fraud or misleading advertising.
Copyright
and trademark infringement issues may arise as a result of infringement
directly in the displayed advertisement itself or by linking through
the advertisement to a site that contains infringing works. In the
former case, the infringement itself is posted on the host site
and the host is therefore potentially liable for copyright infringement
(Website)(Fausett).
The case of advertisements linking to a site that contains a copyright
or trademark infringement may give rise to a claim of contributory
or vicarious infringement against the linking party. Contributory
copyright infringement results when "one who, with knowledge
of the infringing activity, induces, causes, or materially contributes
to the infringing conduct of another" (Gershwin).
The U.S. Supreme Court has also acknowledged the doctrine of contributory
copyright infringement (Website)(Sony,
435). To deal with these situations, the parties should agree
upon which party will be held liable for such infringement, as well
as create a plan of action in the case that a possible infringement
is brought to the attention of the host or advertiser.
See Advertising Exchanges and Advertising
Standards for more information.
B.
DIRECT MARKETING
In addition to advertising, many e-businesses also reach potential
customers via email. Contacting customers through email usually
takes two forms: targeted emails directed at past customers or registered
users of an e-business, or mass emails sent to a mailing list usually
compiled by a third party. Many respected e-businesses use the first
form of targeted emails to customers or registered users in order
to keep these consumers apprised of new developments at the e-commerce
site, such as new products, sales/promotions, or a new version of
the website. When registering at a website (usually for the promise
of greater access to information, products, etc.) or when purchasing
a product, most e-businesses usually ask for a customer's email
address and other basic information (more information is usually
required when purchasing a product because of the need for shipping
and credit card information). A common technique of many e-businesses
is to have email offerings included in the options when a visitor
signs up as a member of the website or purchases a product. Visitors
are often given the option to receive regular newsletters from the
e-business, emails regarding sales or promotions at the website,
and a variety of other choices. These options are offered through
a series of boxes that show a preference for the service offered
when checked. A common ploy of websites to get visitors signed up
for the services is to have all the boxes checked as the default,
leaving the visitor to uncheck the boxes representing unwanted services.
This is an example of an opt-out system - the consumer is required
to take active steps to opt out of the plan of services; the passive
consumer receives the emails as the default. The other option would
be an opt-in plan, whereby the consumer who wished to receive emails
would have to take active steps (i.e. checking the boxes) to get
on the mailing list. In such an opt-in scheme, the passive consumer
receives nothing as the default.
The
question of whether to use an opt-in or opt-out scheme for targeted
emails is a sensitive one that brings in questions of consumer expectations
and privacy. An opt-out scheme may seem invasive to some consumers
because they end up receiving emails for which they did not explicitly
sign up. However, the user's feeling of inconvenience is probably
less in this case than it is in the case where the user simply received
unsolicited mail from a website or e-business with which he or she
had no prior contact. This is largely because the consumer has already
taken active steps to develop a relationship with the e-business,
either by signing up as a registered member or by purchasing a product.
Due to this relationship, the consumer has or should have more of
an expectation that the e-business will contact him/her in the future
and should not be put out by receiving emails from the e-business.
Of course, the e-business should use discretion and good business
judgment in sending emails - consumers are a lot less likely to
be rankled by a bi-weekly email than a daily newsletter or other
persistent contact that may lead to annoyance. And an e-business
should always make it clear in the email sent that the consumer
has the option to opt out of the email service by sending a reply
email to unsubscribe from the periodic mailings or by visiting the
website to take an email address off the mailing list. Making it
difficult to opt out of the mailings or not taking people off the
list who wish to be removed may lead to people feeling harassed
or invaded and result in a complaint against the offending website.
Some e-businesses may make the decision that they wish to play it
safe and not offend anyone, and therefore use a strict opt-in sign-up
system for marketing emails. Most, however, will find it is worth
losing a small percentage of upset customers for the ability to
reach more users than they would be able to with an opt-in scheme.
Even if most who receive the marketing emails simply delete them,
it may be worth it to send them to reach those who do read them
and to take a chance that a catchy subject line can get the deleters
to read the messages from time to time. In the end, an opt-out scheme
probably will lead to a greater audience for these marketing emails
and will typically not be considered unduly invasive due to the
consumer's pre-existing relationship with the e-business, but the
business should make certain that recipients who do not wish to
receive emails have a quick and easy method of unsubscribing from
a mailing list or otherwise opting out of the service. An e-business
should not take lightly the potential for a strong negative reaction
on the part of consumers due to the receipt of unwanted email.
The other major type of email marketing involves sending unsolicited
emails to mailing lists compiled by a third party or an e-business
itself. Unsolicited emails such as these raise significant concerns
that do not arise where the parties have a prior connection. This
type of system goes beyond a mere opt-out system in pushing emails
upon potentially unwilling recipients because the recipients have
no pre-existing relationship with the entity sending the emails.
Due to this lack of a relationship, the emails are more likely to
be viewed as an invasion of a consumer's privacy or as a form of
harassment. Such unsolicited emails, also known as spam, are generally
considered a form of junk mail and are typically utilized by and
associated with pornography websites, get-rich-quick schemes, and
generally solicitous and invasive businesses. The annoyance to,
and resulting outrage of, recipients, as well as the stigma of being
associated with a certain type of business entity is enough to steer
many e-businesses away from utilizing spam, but there are legal
considerations that militate against such practices as well.
In
the case of Intel Corp. v. Hamidi (Website)(Hamidi),
a California Court issued an injunction against a former employee
of Intel who was sending unsolicited emails to Intel employees regarding
the company's employment policies. The court based its ruling on
a trespass theory, suggesting that such emails were tying up the
computing resources and time of Intel employees and therefore causing
material loss to the corporation. While this case involved a somewhat
different factual situation than one where an e-business spams a
wide range of potential customers, it does show that certain forms
of abuse will not be tolerated and that spamming can be illegal
in certain circumstances.
While courts have thus relied on existing legal doctrines to find
some spammers guilty of unlawful conduct, recent proposed legislation
in the states and in the U.S. Congress would explicitly make certain
actions involved with spamming illegal. Because many ISPs have anti-spam
measures and take steps to block spam coming from particular addresses
or computers, many spammers jump from account to account to avoid
detection and being shut down. The new proposed bill, the "Anti-Spamming
Act of 2001" (Website)(Anti-Spam
) provides for criminal penalties for Internet users who falsify
their email addresses in this manner in order to send spam. The
bill, whose sponsor views spam as a substantial burden on Internet
users whose connections are adversely affected by the volume of
commercial junk mail received, allows for monetary fines and damages
awards against generators of spam. Several previous efforts to regulate
spam by state lawmakers have been struck down on the theory that
such measures, as state laws affecting interstate commerce, violate
the Commerce Clause of the U.S. Constitution (Website)(Clause),
which gives Congress sole power to regulate interstate commerce
(Website)(Kaplan).
As the new proposed legislation would be passed by the U.S. Congress,
it does not suffer this Constitutional deficiency.
In
addition to legal issues raised by reaching potential customers
through unsolicited emails, there are other measures taken to prevent
Internet users from receiving spam that may adversely affect an
e-business attempting to utilize mass mailings.
See Anti-Spam Groups for more information.
In
the end, the threat of an e-business' emails being blocked by a
private service, triggering penalties under the proposed federal
statute, or causing loss of business due to annoyance to potential
customers leads to the conclusion that mass unsolicited mailings
are an unwise (and potentially illegal) marketing method to be employed
by an enterprise. Furthermore, promoting an e-business via spam
may also constitute a breach of the company's ISP/host agreement
and result in termination of service. The best way to reach customers
therefore is through the aforementioned techniques of advertising
or using targeted email directed at past customers or registered
users of a website.
If an e-business wishes to reach a wider audience via email, the
best way to do so may be to partner with another entity that sends
targeted emails to customers and is willing to add an advertisement
or link to the e-business' website, in exchange for similar concessions
or some other consideration. If such a plan is followed, the businesses
involved should make it clear to customers in the agreement to receive
emails (the box checking form discussed previously) that their emails
may contain information about its partners and affiliates. A decision
to enter such an agreement should account for potential adverse
customer reactions (depending on the level of perceived intrusion)
and any implementation of the agreement should always offer the
recipient to opt out of some or all of the services.
C. SEARCH ENGINES
Perhaps the most effective and cost-efficient means for an e-business
to reach potential customers is through search engines, a method
by which many consumers are matched up with businesses offering
products or services they desire. There are two major types of search
engines: web directories and engines utilizing spiders or web crawlers
to catalog websites. Directories generally work by soliciting websites
for inclusion in a web directory, which is then searched by users.
In this sense, it is an active process that requires affirmative
action on the part of an e-business in order to get listed in the
directory. The most well known web directory is Yahoo! (Website)(Yahoo!),
which accepts submissions from websites to be included in a particular
category under the Yahoo! organization scheme (Website)(Suggest).
Simply suggesting a site does not guarantee immediate inclusion
in the Yahoo! directory, however, as Yahoo! must review the site
prior to its inclusion to determine whether it is in the appropriate
category and whether it is appropriate to include the website at
all.
Search engines that utilize spiders or web crawling technologies
to catalog websites operate in a very different manner than web
directories. These engines use technological means (often called
robots or spiders) to scour the web and then catalog the websites
in their engines to be pulled up when matched with user search terms.
An example of a popular search engine that utilizes such technology
is Google (Website)(Google),
which uses its Googlebot web crawler to explore the vast offering
of web pages available on the Internet and index them for use in
its search engine. This offers an advantage to e-commerce sites
over directory services in the sense that no affirmative action
is necessary to have one's website listed; the web crawlers automatically
add all cataloged sites to the search engine's index. In addition,
some robot-based engines, such as Google, offer submission of URLs
for faster addition to their indexes (Website)(Submit).
See
Search Engines and Directories for more information.
In
contrast to the early days of search engines, the ability to purchase
higher rankings on the top search engines no longer exists. Understanding
the ranking systems of search engines, however, allows an e-business
to take measures in several major areas to ensure higher placement.
These areas include click popularity, stickiness, link popularity,
and page-related factors such as tags and keywords.
Click popularity is a measure of the number of times search engine
users click on a particular site when it is returned as a result
of a search. The greater the number of users who choose a particular
site, the higher ranking it will have. DirectHit (Website)(DirectHit),
a search engine whose technology is used by a number of other major
search engines (including Lycos
at http://www.lycos.com, HotBot
at http://www.hotbot.com, and MSN
at http://www.search.msn.com), utilizes a unique ranking system
that incorporates click popularity to match users up with the most
popular sites in the search field. The DirectHit ranking scheme
also incorporates the related concept of stickiness, which is a
measure of the length of time users spend at a site once they click
through to it from a search engine. The greater the stickiness,
measured by the length of time between clicks on different results
of an original search, the higher the ranking the engine gives the
website. In order to achieve greater click popularity, an e-business
should look to have a good, descriptive title that sets it apart
from other sites. As users of search engines see only a title and
brief description (either based on a submitted description or the
first lines of text on the website) when results of a search are
returned, the title and description should be tailored to entice
viewers or otherwise set one's site apart from others' sites. As
to stickiness, the layout of one's website and the overall design
will be very important to users when determining how much time to
spend at a site. The greater the extent to which an e-business can
further draw users into its website, the greater the stickiness
will be and the higher the ranking. When designing a site or overseeing
the work of outside designers, an e-business should consider factors
influencing stickiness, such as general layout, ease of navigability,
functionality, and frequency of site updates. Self-audits measuring
stickiness can often be performed by hosting services, from which
an e-business can gain valuable information regarding its visitors
and how long they stay, allowing tailoring of a website to increase
stickiness by better meeting its visitors' preferences and computing
needs.
Link
popularity is very important in certain search engines' ranking
schemes, particularly Google's. This metric basically measures the
number of links to a website from other websites, giving higher
rankings to sites with more links to them from other websites. In
addition to measuring sheer numbers, certain ranking schemes (most
notably Google) take into account the origin of the links, weighing
links from more highly rated pages greater than those of lesser-ranked
pages. Thus, a link to one's website from CNN.com is given more
weight than a link from Joe Smith's News of Wichita. The effect
of link popularity on ranking schemes thus may influence marketing
plans when determining affiliate and partnership agreements with
other websites, as well as different advertising strategies.
Page-related
factors deal less with viewer's perceptions of a website and more
with how a search engine reads the internal placement of keywords
in the text of a website and use of meta-tags in web programming.
In this sense, while the above factors more heavily influence the
ranking or placement of a site on a results page, the page-related
factors are the gatekeepers for whether a site is returned as a
result in a search at all. An e-business website thus must reverse-engineer
searches in a way, making a determination of how users will get
to the site through a search engine or how it wishes these users
to get to its site. The main way to ensure that users get to one's
site is to create a set of keywords that describe the content and
product offerings of the website.
See Keywords and Tags for more information.
Practitioners
and e-businesses alike should be aware that a large number of cases
have arisen involving meta-tags and trademark disputes. Many of
these cases have involved situations where, in an effort to drive
traffic to their sites (and away from competitors), web developers
have used the trademarks of competitors in their meta-tags. One
major case involving such a dispute was Playboy Enterprises, Inc.
v. Welles (Website)(Playboy).
The defendant in that case, a former Playboy model, used the plaintiff's
trademarks such as "Playboy" and "Playmate of the
Year" as keywords in her website's meta-tags. Playboy claimed
that the use of these trademarks by her site, which was a competitor
to Playboy's own website due to its adult content, constituted trademark
infringement. The court, however, granted summary judgment for the
defendant, ruling that, as a former Playboy model and Playmate of
the Year, defendant was entitled to use the trademarks to identify
herself as such under the fair use exception to the trademark doctrine
(Website1,
Website2)(§1115(b)(4)
and 1125(c)(4)).
In
other cases where a fair use defense has not been available, however,
the competitor's use has been found to constitute an infringement.
In Brookfield Communications, Inc. v. West Coast Entertainment Corp.
(Website)(Brookfield1),
the defendant used the plaintiff's trademark "MovieBuff"
in both its domain name and meta-tags. The appellate court reversed
the district's court denial of a preliminary injunction for the
plaintiff, ruling that irreparable injury would likely result from
the defendant's continued use of the trademark in the domain name
and meta-tags. On the meta-tag issue, the court stated that while
"West Coast can legitimately use an appropriate descriptive
term in its metatags," plaintiff's trademark MovieBuff was
"not such a descriptive term" (Website)(Brookfield2).
Plaintiffs have prevailed on motions for preliminary injunctions
in similar cases involving the use of plaintiffs' trademarks in
defendant competitors' meta-tags (Website)(Roberts).
These
cases sound a stern warning to e-businesses thinking about using
competitors' trademarks in meta-tags. However, they should not prevent
an e-business from using in its website text terms that may be trademarked
but are used for descriptive purposes in accordance with trademark's
fair use doctrine. To this end, an e-commerce practitioner should
be familiar with the relevant sections of the trademark code dealing
with fair use [Website1,
Website2)(§1115(b)(4)
and 1125(c)(4)] and run a trademark search (Website)(TESS)
on any potential keywords that may be trademarked by a competitor.
And to the extent that these issues will be encountered in website
development, a web development agreement should incorporate an e-business'
policies regarding tagging for search engine placement.
Back to TOC
VII. Conclusion
Like any business venture, developing an e-commerce website involves
contributions by a wide variety of parties and engenders important
legal considerations that have the potential to derail even the
most well-intentioned entrepreneur. The above discussion of domain
name registration, hosting, website development, security, and marketing
and advertising is meant to highlight some of the major issues e-businesses
will face in getting up and running. The list is by no means exhaustive
and every e-business will encounter a different set of circumstances
that may require additional issues to be addressed or the same issues
to be addressed in different ways. The remainder of the course will
take a more in-depth look at particular legal issues in the e-commerce
context, including transactions, consumer privacy, and disputes.
back
to TOC
VIII.
References
ICANN, http://www.icann.org (back to text)
See
ICANN, Seven New TLD Proposals Accepted, available at http://www.icann.org/tlds/
(back to text)
See
Umbro Int'l, Inc. v. 3263851 Canada, Inc., 50 U.S.P.Q.2d (BNA) 1786
(Va. Cir. Ct. 1999), available at http://www.bc.edu/bc_org/avp/law/st_org/iptf/headlines/content/umbroadd.html
(back to text)
See
Network Solutions, Inc. v. Umbro Int'l Inc., 259 Va. 759, 770 (2000)
("[W]e do not believe that it is essential to the outcome of
this case to decide whether the circuit court correctly characterized
a domain name as a 'form of intellectual property.'"), available
at http://www.gigalaw.com/library/nsi-umbro-2000-04-21-p1.html
(back to text)
Dorer
and Forrms, Inc. v. Arel, 60 F. Supp. 2d 558 (E.D. Va. 1999), available
at http://lw.bna.com/lw/98266.htm (back
to text)
Whois,
http://www.crsnic.net/whois/ (back to text)
Allwhois, http://www.allwhois.com/home.html
(back to text)
Uwhois,
http://www.uwhois.com/ (back to text)
Diane Cabell, Using ICANN's UDRP (2000), available
at http://cyber.law.harvard.edu/udrp/ (back
to text)
See ICANN, ICANN Registrar Accreditation
Agreement, available at http://www.icann.org/registrars/ra-agreement-12may99.htm
(back to text)
Network
Solutions, http://www.networksolutions.com (back
to text)
See Scott Wooley, Goldmine or Glut?,
FORBES GLOBAL, June 12, 2000, available at http://www.forbes.com/global/2000/0612/0312054a.html
(back to text)
Cubby
v. CompuServe, 776 F. Supp. 135 (S.D.N.Y. 1991), available at
http://www.loundy.com/CASES/Cubby_v_Compuserve.html (back
to text)
Stratton
Oakmont, Inc. v. Prodigy Services Co., No. 31063/94, 1995 N.Y. Misc.
LEXIS 229 (N.Y. Sup. Ct. May 24, 1995), available at http://www.jmls.edu/cyber/cases/strat1.html
(back to text)
Communications
Decency Act, Pub. L. No. 104-104, 110 Stat. 133 (1996) (codified
as amended in scattered sections of 47 U.S.C.), available at
http://www.epic.org/cda/cda.html (back to text)
Telecommunications Act of 1996, Pub. L. No.
104-104, 110 Stat. 56 (1996) (codified as amended in scattered sections
of 15, 18, and 47 U.S.C.), available at http://thomas.loc.gov/cgi-bin/query/z?c104:S.652.ENR:
(back to text)
See Reno v. ACLU, 521 U.S. 844 (1997),
available at http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=000&invol=96-511
(back to text)
47
U.S.C. §230(c) (Supp. IV 1998), available at http://caselaw.lp.findlaw.com/casecode/uscodes/47/chapters/5/subchapters/i/sections/section_230.html
(back to text)
See
141 CONG. REC. H8469-70 (1995) (statement of Rep. Cox.), available
at http://frwebgate3.access.gpo.gov/cgi-bin/waisgate.cgi?WAISdocID=0554725202+0+0+0&WAISaction=retrieve
(back to text)
47
U.S.C. §230(c)(1) (Supp. IV 1998), available at http://caselaw.lp.findlaw.com/casecode/uscodes/47/chapters/5/subchapters/i/sections/section_230.html
(back to text)
See 47 U.S.C. §230(c)(2) (Supp.
IV 1998), available at http://caselaw.lp.findlaw.com/casecode/uscodes/47/chapters/5/subchapters/i/sections/section_230.html
(back to text)
Zeran v. AOL, 129 F.3d 327 (4th Cir. 1997),
available at http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=4th&navby=case&no=971523P
(back to text)
Zeran
at 330 (back to text)
Zeran
at 330-31 (back to text)
Digital
Millennium Copyright Act, Pub. L. No. 105-304, 112 Stat. 2860 (1998)
(codified as amended in scattered sections of 17 U.S.C.), available
at http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.2281.ENR:
(back to text)
17
U.S.C. §512 (Supp. V 1999), available at http://caselaw.lp.findlaw.com/casecode/uscodes/17/chapters/5/sections/section_512.html
(back to text)
See
17 U.S.C. §107 (1994), available at http://caselaw.lp.findlaw.com/casecode/uscodes/17/chapters/1/sections/section_107.html
(back to text)
See Sony Corp. v. Universal City Studios,
Inc., 464 U.S. 417 (1984) (Discussing the importance of whether
a use of copyrighted material was commercial or non-commercial in
determining whether such use was fair), available at http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=464&invol=417
(back to text)
DoubleClick, http://www.doubleclick.com (back
to text)
Bret
A. Fausett, Linking Legalities, WEBTECHNIQUES (2001), available
at http://www.webtechniques.com/archives/2001/02/legal/ (back
to text)
Gershwin Publ'g. Corp. v. Columbia Artists
Mgt., Inc., 433 F.2d 1159, 1162 (2d. Cir. 1971). (back
to text)
See
Sony at 435 ("[T]he concept of contributory infringement is
merely a species of the broader problem of identifying the circumstances
in which it is just to hold one accountable for the actions of another.")
(back to text)
Intel
Corp. v. Hamidi, 1999 WL 450944 (Cal. Super. Apr. 28, 1999) (unpublished
case), available at http://www.faceintel.com/permanentinjunction.htm#Tentativeruling
(back to text)
Anti-Spamming
Act of 2001, H.R. 1017, 107th Cong. (2001), available at
http://www.spamlaws.com/federal/hr1017.html (back
to text)
See
Carl S. Kaplan, In Spam Case, Another Defeat for State Internet
Laws, NEW YORK TIMES CYBER LAW JOURNAL, Mar. 24, 2000, available
at http://www.nytimes.com/library/tech/00/03/cyber/cyberlaw/24law.html
(back to text)
U.S.
CONST. art. I, §8, cl. 3, available at http://caselaw.lp.findlaw.com/data/constitution/article01/
(back to text)
Yahoo!,
http://www.yahoo.com (back to text)
See
Yahoo!, How to Suggest Your Site, available at http://docs.yahoo.com/info/suggest/
(back to text)
Google,
http://www.google.com (back to text)
See
Google, For Site Owners: Submit Your URL, available at http://www.google.com/addurl.html
(back to text)
DirectHit, http://www.directhit.com (back
to text)
Playboy
Enterprises, Inc. v. Welles, 78 F. Supp. 2d 1066 (S.D. Cal. 1998),
available at http://www.loundy.com/CASES/Playboy_v_Wells.html
(back to text)
15
U.S.C. §§1115(b)(4), 1125(c)(4) (1994), available at
http://caselaw.lp.findlaw.com/casecode/uscodes/15/chapters/22/subchapters/i/sections/section_1115.html,
http://caselaw.lp.findlaw.com/casecode/uscodes/15/chapters/22/subchapters/i/sections/section_1125.html
(back to text)
Brookfield Communications, Inc. v. West
Coast Entertainment Corp., 174 F.3d 1036 (9th Cir. 1999), available
at http://lw.bna.com/lw/19990504/9856918.htm (back
to text)
Brookfield
at 1066 (back to text)
See,
e.g., Ken Roberts Co. v. Go-To.com, No. C99-4775-THE, 2000 U.S.
Dist. LEXIS 6740 (N.D. Cal. May 10, 2000) (Judgment against defendants
who used plaintiff's trademarks in meta-tags on basis of trademark
law regarding false designation of origin and trademark dilution,
as well as state law claims), summary available at http://www.finnegan.com/summ/cases/kenroberts.htm
(back to text)
See 15 U.S.C. §§ 1115(b)(4),
1125(c)(4) (1994), available at http://caselaw.lp.findlaw.com/casecode/uscodes/15/chapters/22/subchapters/i/sections/section_1115.html,
http://caselaw.lp.findlaw.com/casecode/uscodes/15/chapters/22/subchapters/i/sections/section_1125.html
(back to text)
See USPTO, U.S. Trademark Electronic Search
System (TESS), available at http://www.uspto.gov/web/menu/tm.html
(back to text)
Back to TOC
IX. Additional Materials (Optional
Reading)
A.
CONDUCTING A TRADEMARK SEARCH
To
determine whether a potential SLD is free or trademarked by another
entity, one should run a trademark search. If the enterprise intends
to do business on a global basis through its website, then it would
be advisable to search for trademark conflicts on a global basis.
Trademarks registered in Europe can be searched theough the Community
Trademark Consultation Service (available at http://www.oami.eu.int/search/trademark/la/en_tm_search.cfm),
while marks registered in Canada can be searched at the Canadian
Trade-Marks Database (available at http://strategis.ic.gc.ca/cgi-bin/sc_consu/trade-marks/search_e.pl.).
For U.S. federal marks, one can run a search for potential domain
names through the U.S.
Trademark Electronic Search System (TESS) (available at http://www.uspto.gov/web/menu/tm.html)
of the United States
Patent and Trademark Office (USPTO) (available at http://www.uspto.gov).
This can then be supplemented with a quick nationwide business name
search through an online yellow
pages (available at http://www.yellowpages.com). Together, these
searches will give the user a rough idea of any potential conflicts
and exhibit a good faith effort to ferret them out, although
such cursory searches do not guarantee the absence of conflicts
or indemnification of the user. An exhaustive search would
include state trademark registrations, other national registries
and other business registries. For more information on searching,
see Susan E. Gindin, Researching
Trademarks (1998) at http://www.info-law.com/tmsearch.html.
More comprehensive services along these lines are available through
private trademark search services such as Trademark.com at http://www.trademark.com/new_tmdocs/index.shtml,
Thomson & Thomson at http://www.thomson-thomson.com/,
DialogWeb at www.DIALOGweb.com,
Micropatent at http://www.micropatent.com,
and Trademark Register at http://www.trademarkreg.com/.
Selection
of a domain name for an online enterprise is as complex as the process
for choosing a trademark name. Legal advice is strongly recommended
to protect the value of the entrepreneur's investment in the name
from claims of infringement. In the end, those wishing to take the
most effective measures possible against potential conflict can
take steps to register their trademarks through their local government
(in the U.S., the USPTO). The USPTO website, for one, allows users
to make an official
registration filing online at http://www.uspto.gov/teas/index.html.
Back to TOC
B.
DOMAIN NAME REGISTRATION AGREEMENTS
1.
Terms
In
addition to general contractual language concerning payment of fees
and what constitutes breach, provisions concerning the following
are common in gTLD registration terms of service agreements:
-
Dispute resolution under ICANN's UDRP
- Registrar's
rights to terminate or amend the registration
- Conditions
for transfer of name/registration to another registrar
- Registrar's
use of registrant's registration information (name, address, etc.)
and penalties for giving false information
-
Registrant's responsibilities for acts of its agents and licensees
-
Limitation of registrar's liability in certain circumstances
- Indemnification
of registrar for acts of registrant
- Representations
and warranties of registrar and registrant
- Governing
law and forum selection
These
boilerplate contracts/agreements are generally nonnegotiable due
to transaction costs associated with the customization of contracts.
Most registrants take substantially the same positions in their
contracts, although some have additional provisions exceeding those
above. One provision that often differs from registrar to registrar
in its specifics are the governing law and forum selection clauses,
as these tend to be tied to the registrar's place of business. In
the end, very few users will take the time to look through such
provisions and most of the disputes that arise will probably deal
with the UDRP procedure and the cancellation or transfer of a domain
name. Due to the fact that many e-commerce entrepreneurs will seek
legal representation only at a later stage in the set-up process,
practitioners should be aware of these agreements should any disputes
arise at a later date or if the client wishes to modify the registration
in some manner.
An
example from the UDRP context shows the importance of awareness
of the specifics of a TOS. Under the UDRP, a trademark owner who
brings an action agrees to submit to one of two possible jurisdictions
should the domain holder wish to appeal an adverse decision. The
choice is between the jurisdiction of the domain holder or the jurisdiction
of the registrar. The registrar's location may therefore be important
to a domain registrant who has no prior legal rights in the domain
name. The language of the registration agreement is the language
in which the UDRP must be conducted, so this is another factor to
consider in selecting one's registrar. For those registrants with
the foresight to obtain representation prior to registering a domain
name, the practitioner's comparison of the specifics of different
registrars' TOS agreements can be helpful in advising the client
as to which service to use.
2.
Sample Agreements
-
eNic.cc Registration
Agreement at http://www.ccnic.cc/policies/registration_agreement
- Register.com,
Services
Agreement, available at http://www.register.com/service-agreement.cgi?1
- 1stDomain.net,
Terms
+ Conditions, available at https://www.sslsecureservice.net/cgi-bin/registrar/help.cgi?hfid=1stdomain&topic=domainterms
- Network
Solutions Inc, Service
Agreement, available at https://www.networksolutions.com/en_US/legal/service-agreement.jhtml
Back
to TOC
C. WEBSITE DEVELOPMENT
CHECKLIST
For
a good checklist of hosting issues, see Scott Austin, Fifteen Things
You Need to Know to Advise Your Clients About Websites (Website).
The following issues should be addressed in a website development
agreement:
- Scope
of work - initial development, updates, and changes
-
Transfer of work to the website owner's server
-
Functionality - performance standards and technical specifications
for both Internet users and company personnel
- Acceptance
processes - testing, milestones, and final acceptance
-
Fees - fixed fees, sliding fees, and overall budget
-
Warranties - standards and remedies
-
Right of termination or withholding of fees for unacceptable work,
consecutive failures, or failure to meet milestones
-
Training of e-business personnel by website developers
-
Schedule for work to be completed and procedures for changing
schedules
-
Ownership of work - content, graphics, general design, and other
intellectual property used or created
-
Placement of copyright notices on the website
-
Obtaining appropriate licenses, clearances, and permissions to
use others' works and materials
-
Resources to be provided by each party - software, hardware, project
management
-
Indemnities for violations of rights of the parties or third parties
and limitation of liability
-
Confidentiality - e-business and developer confidentiality and
user privacy
-
Standard contractual provisions - dispute resolution, governing
law, and amendment of contract
Back
to TOC
D. WEBSITE HOSTING CHECKLIST
The following issues in these general areas should be taken into
consideration when drafting a hosting agreement:
Equipment:
- Equipment
ownership
- Location
of equipment - division between equipment stored at host facilities
and the e-business offices
-
Equipment management and maintenance - performing back-up, fixing
equipment problems, and updating equipment
-
The e-business' right of access to equipment at hosting facilities
-
Connectivity and performance issues - connection speed, maintenance
of connections, and general standards of performance
-
Ownership/control of data stored in the equipment
Traffic and Maintenance Issues:
-
Uptime guarantees - percentage of time a website will be up
-
Response when the connection is lost and website is down or
otherwise disrupted
-
Response to changes in traffic - necessary upgrades/updates
to deal with greater influx of traffic
-
Maintenance performance and effect on connection
Service
Agreements:
-
Services included in the agreement - standard services and custom
services
- Fee
schedules - fixed costs for standard services and sliding costs
for additional services
-
Warranties regarding level and quality of service
- Acts/omissions
constituting breach
-
Assignment of the services contract - host's and customer's
obligations
Risk
and Indemnification:
-
Responsibility for injuries to third parties resulting from
security breaches and loss of service
-
Responsibility for ensuring compliance with laws of other nations
where users are located
-
Disaster recovery plans and procedures - for both the host and
website owner
-
Circumstances under which a site can be shut down - responsibility
for resulting injuries
-
Actions to be taken upon breach
Back
to TOC
E. ADDITIONAL CDA CASES
Blumenthal v. Drudge, 992 F. Supp. 44 (D.D.C. 1998) available
at http://www.techlawjournal.com/courts/drudge/80423opin.htm
The
defendant in this case had posted some allegedly defamatory statements
regarding the plaintiff on his Internet news site. The plaintiff
sued not only the generator of the content (Drudge), but also AOL,
which had an exclusive agreement with Drudge to distribute his column
to its subscribers. In granting AOL's motion to dismiss the charges
against it, the court made the distinction between an ISP that actually
develops content itself - which is not covered by the 47
U.S.C. §230 immunity - and one that merely posts or distributes
the content of others. The court ruled that AOL fit in the latter
category, which was protected by the statutory immunity. The court
also found unavailing the plaintiffs' argument that this case should
be decided differently than previous cases decided under the CDA
because Drudge was not merely an anonymous poster to a chat room
and AOL maintained a degree of editorial discretion over his content.
While the court recognized that such a distinction seemed logical,
it stressed that "Congress has made a different policy choice
by providing immunity even where the interactive service provider
has an active, even aggressive role in making available content
prepared by others."
Gucci
America, Inc. v. Hall & Assocs., No. 00 Civ. 549 (RMB),
2001 U.S. Dist. LEXIS 2627 (S.D.N.Y. Mar. 14, 2001), available
at http://www.loundy.com/CASES/Gucci_v_Hall.html
Gucci
America represents a departure from the trend towards a wide scope
of immunity for ISPs, suggesting that courts might impose liability
on ISPs in certain circumstances. The court in that case addressed
the issue of ISP liability arising from a claim of trademark infringement
by Gucci against Hall, whose e-commerce site containing allegedly
infringing materials was hosted by Mindspring. Mindspring moved
to dismiss Gucci's claim, arguing that it was immune from liability
under §230(c)(1)
of the CDA. The court rejected this claim, however, relying on §230(e)(2)
of the CDA, which states: "Nothing in this section shall be
construed to limit or expand any law pertaining to intellectual
property." The court reasoned that because, "[u]nder existing
intellectual property law, publishers may, under certain circumstances,
be held liable for infringement," §230(e)(2) unambiguously
constrained it from extending the §230(c)(1) immunity to Mindspring.
The
court rejected Mindspring's argument that because the issues of
trademark infringement had never arisen in the ISP context, there
was no existing intellectual property law to trump the immunity.
Furthermore, the court found unavailing Mindspring's reliance on
Zeran,
distinguishing that case on the basis that it construed the CDA
on the grounds of tort immunity and not immunity from intellectual
property claims. The fact that Congress had chosen to pass the Digital
Millennium Copyright Act to address ISP liability in the area
of intellectual property law further supported the court's interpretation
of the CDA as limited to immunity from tort liability. The ISP was
not entitled to rely on the Digital Millennium Copyright Act, however,
because the court stressed that the Act applied only to copyright
and not trademarks. While the procedural posture of the case and
the novelty of the issue leave its precedential value open to question,
it nevertheless serves as an important indication that there are
limitations to an ISP's immunity under the CDA scheme.
Back to TOC
F.
NOTICE PROVISIONS OF THE DMCA
The
notification procedures of the DMCA have the potential to mute certain
ancillary effects. Under 17
U.S.C §512(c)(3), a copyright holder must follow certain procedures
in notifying a service provider of copyright violations in order
to force the taking down of copyrighted materials. These notice
requirements include, among others: identification of the copyrighted
work claimed to have been infringed (or a representative list of
such works), identification of the material that is claimed to be
infringing and that is to be removed or disabled, and a statement
that the complaining party has a good faith belief that use of the
material in the manner complained of is not authorized by the copyright
owner, its agent, or the law.
In
the recent case of ALS
Scan v. RemarQ Communities, 239 F.3d 619 (4th Cir. 2001), the
court addressed the issue of the level of notice this DMCA provision
required. The plaintiff in that case became aware of the existence
of hundreds of its copyrighted images on the defendant service provider's
newsgroups. When the plaintiff notified the defendant of these violations
by identifying two newsgroups that were devoted to trading in the
copyrighted images, the defendant refused to comply with the request
to take down the images, asking instead for the plaintiff to identify
each individual work being infringed with greater specificity. The
plaintiff filed suit under the copyright code and DMCA, which the
defendant sought to dismiss on the basis that the notice given was
defective in that it did not follow the technical requirements of
the DMCA.
In
reversing the district court's dismissal of the case, the court
of appeals stressed that 17
U.S.C. §512(c)(3)(A) requires only substantial compliance with
its technical requirements and that identifying a representative
list of infringed works was permissible when the identification
of each individual work is impractical. The court responded to RemarQ's
claim that the forced removal of the materials may encompass some
noninfringing content by noting that "[t]o the extent that ALS Scan's
claims about infringing materials prove to be false, RemarQ has
remedies for any injury it suffers as a result of removing or disabling
noninfringing material" (239 F.3d 619, 625) under 17
U.S.C. §512(f), (g). The court's accommodating interpretation
of the DMCA's notification provision in this case suggests that
service providers who attempt to hide behind technicalities will
not be able to escape punishment under the DMCA for harboring infringing
works or users. However, the ruling also has the potential to minimize
some of the built-in safeguards the notification procedure may have
otherwise had in protecting website operators and other users in
borderline cases. (ALS
Scan v. Remarq Communities is available at http:://www.loundy.com/CASES/ALS_v_RemarQ.html).
While
the notice provisions may therefore seem to tip the scales in favor
of the copyright holder, there are several provisions of the DMCA
that allow a noninfringing website/user to take action to restore
its content or recover damages for the removal of its content. The
counter-notice provision, 17
U.S.C. §512(g)(3), allows for a website operator or other person
whose content is removed to file a counter-notice with the service
provider stating that he/she "has a good faith belief that the material
was removed or disabled as a result of mistake or misidentification
of the material to be removed or disabled" [17 U.S.C. §512(g)(3)(C)].
If such a counter-notice is given to the service provider, the service
provider must replace the content or cease disabling access within
14 business days, unless it receives a court order from the original
complainant (copyright holder) restraining the user from continuing
infringement [17 U.S.C. §512(g)(2)(C)]. If the service provider
does not follow these procedures, the provision immunizing the provider
from liability for injuries to its users from removal/disabling
access [17 U.S.C. §512(g)(1)] does not apply, allowing the user
to recover for a wrongful "take-down" [17 U.S.C. §512(g)(2)]. The
other main provision allowing a user to recover is 17 U.S.C. §512(f)
concerning misrepresentations. That provision allows for an adversely
affected user to recover damages (including attorney's fees) from
anyone who "knowingly materially misrepresents … that material or
activity is infringing" [17 U.S.C. §512(f)(1)]. It should be noted
that this provision cuts both ways, however, as there is also a
provision [17 U.S.C. §512(f)(2)] allowing damages to be assessed
against a user for his/her knowing misrepresentations in filing
a counter-notice. To date, no published opinions have explored the
contours and boundaries of the counter-notice and misrepresentation
provisions.
Back to TOC
G. ACCESS PROVIDER LIABILITY
It should be noted that while hosts often play various roles other
than strict access/service provider, courts are likely to grant
them the wide immunity from liability under the CDA unless it can
be clearly shown that the host was acting solely in another capacity
in regards to the alleged wrongdoing. A recent case in which this
issue arose is John
Does v. Franco Productions. In that case, the court granted
the defendant hosts' motion to dismiss, ruling that their "immunity
or status as service providers under the CDA is not vitiated because
of their web hosting activities, whether viewed in combination with
their roles as service providers or in isolation." John
Does v. Franco Productions, No. 99 C 7885, 2000 U.S. Dist. LEXIS
8645, 8645 (N.D. Ill. June 2, 2000), available at http://members.theglobe.com/ericgoldman/DoevFranco.html)
The
CDA "Good Samaritan" provision applies to an "interactive
computer service," which is defined as "any information
service, system, or access software provider that provides or enables
computer access by multiple users to a computer server." [47
U.S.C. §230(f)(2)] While determining whether an e-business
fits into this definition may depend on a court's construction of
terms such as "service," "system," and "server,"
it appears there could be a plausible claim for many e-businesses
to status as an "interactive computer service," depending
on the services offered.
Although
most cases arising under the CDA have involved traditional ISPs,
a recent Ohio case addressed the issue of whether a website operator
offering interactive services fit under the statutory definition.
In Sabbato v. Hardy, No. 2000-CA-00136, 2000 Ohio App. LEXIS 6154
(Ohio Ct. App. Dec. 18, 2000) available at http://legal.web.aol.com/decisions/dldefam/sabbato.html],
the defendant ran a website called "Citizens for a Better Jackson
Township" where users could register and post opinions on the
website. The plaintiff sued when alleged defamatory content was
posted on the site, but the district court dismissed her compliant
on the basis of the CDA's Good Samaritan provision, 47
U.S.C. §230(c). While the appellate court remanded to the
district court for a determination of whether the website operator
himself was a generator of some of the defamatory content, it did
not upset the trial court's ruling that his website qualified for
protection under the CDA in its role as a distributor. Based on
the language of the statute and the Ohio court's interpretation,
it therefore appears that there can be a plausible claim for an
e-business to immunity from liability under the CDA for acts of
its users. Due to the uncertainties in this area, however, it may
be in the best interests of an e-business to remain ignorant of
the content of its chat or other discussion areas in an attempt
to stay within the bounds of Cubby
and Stratton
should the CDA not apply. A policy of simply responding to user
complaints regarding improper content rather than actual periodic
policing of the site contents may stay within the bounds of these
precedents. To this end, it is important to spell out one's policy
in regards to termination of user rights and removal of content
in the Terms of Service agreement, particularly when users are paying
a fee for interactive services.
The
DMCA safe harbor provision applies only to a "service provider,"
which is defined differently for different specific provisions of
the statute. For the purposes of 17
U.S.C. §512(a), regarding transitory digital network communications,
a service provider is defined as "an entity offering the transmission,
routing, or providing of connections for digital online communications,
between or among points specified by a user, of material of the
user's choosing, without modification to the content of the material
as sent or received" [17 U.S.C. §512(k)(1)(A)]. For the
rest of the DMCA's provisions, a "service provider" is
defined as "a provider of online services or network access,
or the operator of facilities therefore, [including] an entity described
in subparagraph (A)" [17 U.S.C. §512(k)(1)(B)]. The definition
for purposes of §512(a) appears to have in mind hosts (and
others) providing network infrastructure and possibly traditional
ISPs, while the second provision seems to have more room for interpretation
and might allow certain e-businesses to fall within the protection
of the safe harbor.
These
issues were addressed in the much-publicized Napster case. In that
case, plaintiff record companies sued the defendant, a peer-to-peer
file-sharing network enabling users to swap music files, for copyright
infringement. In dismissing Napster's motion for summary judgment,
the court rejected the application of the DMCA's safe harbor to
Napster. In its opinion, the district court first addressed the
issue of whether Napster qualified as a service provider under 17
U.S.C. §512(k)(1)(A) or (B). [A&M Records, Inc. v. Napster,
Inc., No.
C 99-05183 MHP, 2000 U.S. Dist. LEXIS 6243 (N.D. Cal. May 5,
2000) available at http://www.gigalaw.com/library/am-napster-2000-05-12.html].
Napster argued that it qualified as a service provider under §512(k)(1)(A),
thus entitling it to protection under the §512(a) safe harbor
for transitory digital network communications. The court expressed
skepticism and opined that it was not entirely clear whether Napster
qualified as such a service provider, but did not have to resolve
the issue as the plaintiff conceded that Napster was a service provider
under §512(k)(1)(A). The plaintiff instead argued that, even
if Napster was a service provider, it failed to meet the other requirements
of the safe harbor provisions. In the end, the court declined to
grant Napster summary adjudication because Napster did not meet
the requirement of the safe harbor in §512(a);
specifically, it did not "transmit, route, or provide connections
through its system" [2000 U.S. Dist. LEXIS 6243, at
*25 (emphasis added)]. On Napster's appeal from the district court's
subsequent injunction, the 9th Circuit Court of Appeals ruled that
the plaintiff had raised significant questions that strongly supported
an injunction, including "whether Napster is an Internet service
provider as defined by [the DMCA]." A&M Records v. Napster,
Inc., 239
F.3d 1004, 1025 (9th Cir. 2001) available at http://cyber.law.harvard.edu/~wseltzer/napster.html.
In
the end, the Napster litigation did not definitively answer the
question of whether a service such as Napster would qualify as a
service provider under the DMCA, but signaled that the courts will
likely construe the statute rather narrowly. Clearly, however, the
§512(k)(1)(B) definition will be construed more broadly and
may allow for certain e-business sites fall into the definition.
See Elizabeth A. McNamara et al., Online
Service Provider Liability Under the Digital Millennium Copyright
Act, 17 Comm. Law. 5, 6 (1999) ("Less obvious is the fact
that the definition is broad enough to potentially include employers
that provide e-mail accounts to their employees and other entities-including
newspapers, magazines, and other media companies-that simply host
informational Web sites."), abbreviated version available at
http://www.dwt.com/related_links/adv_bulletins/CMITFall1999ISPLiab.htm.
Future cases may very well arise testing the statute and its application
to other e-commerce networks that provide interactive services,
such as Amazon and eBay, both of which are "service providers"
with agents listed with the U.S.
Copyright Office for notification of claims of infringement
pursuant to the DMCA. Until there is settled case law on the matter,
the uncertainty in the definitions of service provider should lead
an e-business to take caution and proceed under the assumption that
it will not be protected by the DMCA safe harbor provisions.
Back
to TOC
H. SECURITY
Security
is an area that is critical to the effective functioning of an e-business
and has major implications for both hosting and development agreements.
Breaches of security may lead to service interruptions and corresponding
loss of business or, worse, may lead to the loss of sensitive business
information or even customer information - ranging from email addresses
to credit card numbers. Such dire consequences make it imperative
that security is given high priority in setting up an e-commerce
site and that an e-business make security a priority when arranging
for hosting and programming services. This section will address
some common concerns an e-business should consider when addressing
security, including: access attacks, information theft, and damage
to equipment and systems.
Access
Attacks
Access
attacks, also know as denial of service (DoS) attacks, are a relatively
easy way to disable a website. Basically, those behind such attacks
overwhelm the servers, routers, and other network infrastructure
of a website by inundating the host with a deluge of information
packets, effectively crippling the website and preventing access
by customers. Such attacks have received a lot of attention recently,
as major Internet presences such as Amazon, Yahoo, and CNN have
had service disrupted for long periods of time by DoS attacks, costing
the businesses millions of dollars in lost sales. Compounding the
problem for the affected websites, the attackers in those cases
used a technique that made it difficult to trace the source of the
data flood and ferret out the perpetrators - making it difficult
to both stop the flow as well as potentially seek any remuneration
from or punishment of the attackers. Such episodes exhibit the potential
deleterious effects of DoS attacks on e-businesses, where every
minute of lost service may result in hundreds of lost sales and
corresponding revenue.
As
DoS attacks are not completely preventable and the motivations of
attackers are unclear, every e-business should have an emergency
plan incorporating: 1) countermeasures to be taken when such attacks
occur (such as blocking packets from the originators of the attack
or having a back-up hosting arrangement to switch to in case of
an attack), 2) information-gathering techniques for determining
the source of attacks after the fact, and 3) a public relations
strategy aimed at customers, business partners, and investors addressing
the loss of service and its consequences. If an e-business utilizes
an outside host instead of hosting its own website, the countermeasure
aspect of such an emergency plan is one that can take shape in the
hosting services agreement. While it is impossible for hosts to
fully prevent such attacks without seriously inhibiting the speed
and efficiency of the network backbone, most hosts have some network
security resources available to combat DoS attacks. [For one host's
approach to service attacks and a more in-depth examination of the
mechanics of such attacks, see Bill Hancock, The
Exodus Network Backbone Environment and DoS/DDoS Attacks, Network
Attacks: Denial of Service And Distributed Denial of Service, available
at http://www.exodus.com/press_room/information/ddos/ddos_content.html.]
When arranging for a host, an e-business should inquire into how
the host typically handles DoS attacks and a client's options in
minimizing the impact of or thwarting such attacks. An agreement
between e-business and host can then incorporate a plan in the case
of a DoS attack - what the parties' responsibilities are in handling
the attack, any guarantees a host may make concerning its ability
to reroute traffic and limit the scope/duration of an attack, and
other issues relating to allocation of risk and responsibility (e.g.,
who will be held liable for injuries to third parties, such as customers).
Information
Theft
Information
theft can have even greater negative effects than an access attack.
While DoS attacks may leave customers frustrated and cut into a
day's revenues, the stealing of proprietary information can lead
to loss of sensitive business information ranging from financial
data to long-term corporate strategy. If customer information is
stolen, such theft can also lead to the erosion of customers' trust
in both a specific e-business as well as the general medium of online
business transactions. In addition, such theft may result in a lawsuit
directed at the e-business for not adequately safeguarding such
information. Thus the loss of proprietary information can often
have longer lasting effects than mere denial of service and resulting
loss of sales.
While
DoS attacks work by overwhelming one's network infrastructure, information
theft is achieved by exploiting weaknesses in software and technological
protections. Proprietary information may be stolen by hackers getting
around or through a network's firewall, [FN: For a discussion of
firewalls and their mechanics, see Matt Curtin and Marcus J. Ranum,
What
Is an Internet Firewall?, INTERNET FIREWALLS: FREQUENTLY ASKED
QUESTIONS, available at <http://www.interhack.net/pubs/fwfaq/#SECTION00031000000000000000>]
by unscrupulous programmers who leave a backdoor in software applications
for their access at a later time, or by disgruntled employees with
access to files who wish to personally profit from company information/resources.
Dealing with employees who may have the motive and means to steal
sensitive company information is largely an internal personnel and
security matter for an e-business to address. Problems due to hackers
penetrating a network or programming deficiencies allowing access
to sensitive information, on the other hand, must be addressed when
considering developing in-house programmers or outsourcing programming.
If an e-business determines it is in its interest to outsource such
services, potential partners should be vigorously screened and service
agreements should be carefully drafted to ensure specific security
standards as well as allocate responsibility for security breaches.
Damage
to Equipment, Software or Data
A
third and final type of security threat is damage to equipment,
software, or data. Damage to equipment can be prevented in a relatively
straightforward manner by assuring limited access to equipment and
appropriate physical security. For those e-businesses housing their
hardware at their offices, the nature of the business makes it imperative
that a high priority is given to ensuring the physical security
of system hardware. The level of physical security is also an important
issue to consider when choosing a host, and is a consideration that
should be explicitly addressed in any hosting agreement. Software
and data can be corrupted or damaged by viruses that are permitted
to enter a business' internal network or directly by those who gain
access by penetrating a firewall or exploiting another weakness.
The risk of damage by viruses can be minimized by adopting appropriate
technological measures to screen incoming packets, while damage
resulting from unauthorized access can be combated by taking the
measures to minimize information theft discussed above. Even if
these technological measures fail, an e-business can minimize the
fallout from damage to software and data by periodically backing
up data and applications to utilize in the event of damage or corruption.
While the total loss of information through information theft can
often cause irreparable damage, a well-prepared e-business can seriously
minimize the negative impact of data/software damage through such
periodic backups.
Minimizing
Security Risks Through Audits and Contracts
An
e-business can additionally minimize all these types of security
risks by hiring a third-party security consultant to conduct periodic
audits of the business network and/or physical premises for weaknesses
in security. Such auditors can often detect hidden backdoors in
programs, weaknesses in firewalls, as well as prior undetected security
breaches. Some businesses may also wish to create a position for
a chief security officer or make sure its systems administrator
has expertise in security issues. As discussed above, however, many
security concerns can be effectively dealt with through appropriate
agreements with service providers (hosts, programmers, etc.). To
this end, the e-commerce practitioner should be aware of the following
security issues when drafting agreements for an e-business client:
[Note: While the preceding discussion and following lists separate
hosting and programming services, note that hosts often provide
some programming as part of their package of services, particularly
in areas such as firewalls.]
Hosting
Agreements:
- How
does the host generally handle DoS attacks? (What is its default
position?)
-
What services does it offer to thwart/minimize the impact of DoS
attacks? What security options does it recommend as a core package?
-
How will the proposed security measures affect network performance?
-
Can DoS attacks launched at other businesses hosted in the same
facility affect the client e-business' own website?
-
Does the host have its own network security personnel or is such
security work outsourced?
-
What is the level of physical security (access, alarms, guards,
etc.) at the hosting facility?
-
What security problems/breaches have arisen in the past and what
has been done to prevent their recurrence? (One may choose to
draft an agreement incorporating certain types of risks as being
the responsibility of one or another party; a list of past problems
establishes the foreseeability of particular kinds of breaches.)
-
What guarantees is the host willing to make concerning both physical
and technological security measures? Does it carry liability insurance?
(Due to the great loss of money that may result from loss of service,
an E-business should consider a contracting party's ability to
pay should damages result from a security breach.)
Development
agreements:
-
What level of technological security measures is available? What
level is recommended? (As with most business decisions, choosing
the level of security involves a cost-benefit analysis - the extra
security from a more expensive technological protection may not
be worth the cost.)
-
How do various levels of security affect the performance of software
applications or the website as a whole?
-
Have other clients had security problems with any of the programmer's
services/products? What was done to remedy such problems?
-
What guarantees is the programming service willing to make regarding
the inviolability of its technological security protections? Does
it carry liability insurance?
Back
to TOC
I. ADVERTISING EXCHANGES
Another option for advertising is the use of advertising exchanges,
which match-up websites looking for advertising. Such exchanges,
like Microsoft's
bCentral (available at http://adnetwork.bcentral.com/), work
by trading advertising space on one website for space on another
member's site. The advantage of such services is that they are free
alternatives to seeking out high-priced advertising space on other
websites. On the downside, it is more difficult to target advertising
to a particular audience, and the viewing audience may be much smaller
due to the fact that most high-traffic sites do not participate
in such programs. Furthermore, there may be less control over what
types of sites end up advertising on the websites of participating
members. Some of these problems may be minimized by joining an exchange
that offers a different package of services (often for a fee), such
as more targeted advertising by linking members in similar fields,
better tracking of visitors to advertisers' sites, etc.
Utilizing
an advertising exchange service may pose problems regarding copyright
or trademark infringement through linked advertising due to the
fact that the individual advertisers do not come together to draft
an advertising agreement. Most of the services include indemnification
for the exchange providers themselves in the case of infringement
or other wrongdoing, but this leaves open the possibility of causes
of action against either an advertiser or a host. When signing up
for such a service, an e-business should be aware of the terms and
conditions of the exchange service itself, as well the exchange's
policy regarding its members when instances of infringement or other
wrongdoing arise. Due to potential problems in these areas, an e-business
should be careful in choosing an advertising exchange provider by
inquiring into whether past situations regarding infringement have
arisen and how they were handled.
Back to TOC
J.
ADVERTISING STANDARDS
A good
example of default standards dealing with the legal issues surrounding
online advertising arrangements is the "Standard Terms and
Conditions for Internet Advertising" devised by the American
Association of Advertising Agencies (AAAA) and the Internet Advertising
Bureau (IAB). These standard terms, meant to cover agreements between
an advertiser and advertising host (termed "Media Company"
in the standards), address a variety of issues, including: insertion
orders (orders concerning accounting of data related to advertising
- number of clicks on an advertisement, the costs of the party making
such calculations, etc.), ad placement and positioning, payment
and payment liability, reporting, cancellation, ad materials, indemnification,
and privacy. In regard to the aforementioned issues of copyright
and trademark infringement and consumer loss, the standards set
the default rule of indemnifying the host (media company) for "any
loss relating to or arising out of Advertiser's product or the content
of any Advertisement delivered accurately, including but not limited
to materials that violate the right of a third party; materials
that are defamatory or obscene; or materials that would constitute
a criminal offense." [American Association of Advertising Agencies
and Internet Advertising Bureau, Standard
Terms and Conditions for Internet Advertising, Mar. 19, 2001
at 6, available at http://www.iab.net/news/content/T_CInternetAdv.doc].
Advertisers and hosts looking for a basic set of contractual provisions
may choose to use these terms and conditions, which are totally
voluntary and represent a standard default contract of those wishing
to cut transaction costs. The standards also can be used to the
extent they are practical, with the parties making changes to any
of the provisions in order to tailor a more specific agreement or
one on different terms. While advertising exchanges are not covered,
the drafting organizations plan to meet in the future to discuss
standards for advertisers utilizing third-party advertising servers.
Back to TOC
K. ANTI-SPAM GROUPS
The
practice of ISPs blocking email from generators of unsolicited mail
may prevent an e-business from reaching both unwilling and willing
recipients of marketing emails. They also join in private "vigilante"
groups that act to block email from spammers. One such effort is
the Real-time
Blackhole List (RBL) of the Mail Abuse Prevention System (MAPS)
(accessible at http://mail-abuse.org/rbl/). The RBL works by identifying
generators of spam and then "blackholing" the networks
utilized by the spammers if the ISP used by the offending party
refuses to take measures to prevent access by the spammer. This
process involves rerouting mail sent by offending parties to an
online "blackhole," which prevents all mail (both solicited
and unsolicited) originating from a network on the RBL from being
received by subscribers to the RBL. Another service that operates
to block email generated by spammers is the Open
Relay Behaviour-modification System (ORBS) (accessible at http://www.orbs.org/whatisthis.html)
which operates in a slightly different manner than the MAPS RBL.
These
private spam-blocking services and other similar services have an
advantage over the proposed legislation because they block unsolicited
emails before they are received rather than imposing penalties after
the fact, and they also reach non-U.S. spam-generating entities,
which the legislation may be powerless against. Such private services
have drawn the ire of many bulk emailers, however, and several lawsuits
have been threatened or initiated against such blocking services
for interfering with the business of the email generators. Most
of the cases have been dismissed by the courts, or settled as a
result of the offending party amending its email policy. MAPS webpage
reporting on the litigation at http://mail-abuse.org/pressreleases/.
But see also Christopher Saunders, 24/7
Media Snags Restraining Order Against MAPS, INTERNET.COM (Nov.
17, 2000) available at http://www.internetnews.com/IAR/article/0,,12_514611,00.html.
Some
useful articles about anti-spam groups include:
- Declan
McCullagh, Spam
Oozes Past Border Patrol, WIRED, Feb. 23, 2001, available
at http://www.wired.com/news/politics/0,1283,41860,00.html
-
Associated Press, AOL,
Others Sued for Spam Blacklist, USA TODAY, Aug. 2, 2000, available
at http://www.usatoday.com/life/cyber/tech/cti324.htm
- Dan
Goodin, NSI
Threatens to Sue Blackhole Operator, CNET NEWS.COM, Aug. 2,
1999, available at http://news.cnet.com/news/0-1005-200-345617.html?tag=st.cn.1
- Paul
Vixie and Nick Nicholas, How
to Sue MAPS, MAIL ABUSE PREVENTION SYSTEM, Nov. 2, 2000, available
at http://mail-abuse.org/lawsuit/
Back
to TOC
L. SEARCH ENGINES AND DIRECTORIES
Problems
with Robot-Based Search Engines
One
problem with search engines that utilize web crawling robots, however,
is that they may index portions of websites that an e-business does
not wish users to link to directly from a search engine. For example,
some websites may wish for all traffic to originate at its main
homepage, either to maximize advertising revenues, make sure visitors
are aware of the full range of services and products offered, or
for other similarly compelling reasons. A search engine that links
to internal pages discovered by robots may bypass such a main page
in taking the searcher to the desired target. An additional problem
with robot-utilizing engines is that valuable system resources might
be consumed by robots crawling through and searching an entire website.
For a discussion of legal issues involving the use of robots in
a somewhat different context, see eBay,
Inc. v. Bidder's Edge, Inc., 100 F. Supp. 2d 1058 (N.D. Cal.
2000), available at http://pub.bna.com/lw/21200.htm. These problems
can often be remedied, however, by simply programming a web page
to not accept web crawling robots and therefore exclude such pages
from consideration in a search engine. Google, for one, offers website
administrators tips on how to keep certain parts of its website
off limits to its Googlebot. See How
Do I Request Google to Not Crawl Parts or All of My Site?, GOOGLE
SEARCH FREQUENTLY ASKED QUESTIONS, available at http://www.google.com/help/faq.html#nocrawl.
This may pose a dilemma for e-businesses, though, as users who would
otherwise be directed to a part of their website may not retrieve
information about the website at all, and may even be led to a competitor's
site. These considerations should be taken into account when determining
whether certain portions of a website should remain robot-free.
Regardless of the decision made, search engines utilizing "bots"
are another important (and free) tool directing Internet users to
an e-business website.
Basic
Search Engine Ranking Schemes - Automated v. Human
When
considering using either of the above types of search engines, an
e-business should assess how the different search engines rank search
results. The higher the ranking a search engine gives a website,
the higher it appears on the list of sites returned after a search
is conducted. Google utilizes its PageRank software to rank
websites according to specified criteria, such as the number of
links from other sites, importance of the website, relevance, and
quality. These complex, automated techniques "make human tampering
with [Google's] results extremely difficult" (Integrity,
GOOGLE SEARCH TECHNOLOGY, available at http://www.google.com/technology/index.html)
and Google does not sell placement within the results themselves.
Yahoo! also does not sell higher rankings to those willing to pay,
but does use a more subjective, human-oriented method of determining
rankings than Google's automated approach. See Suggested
Sites Help, YAHOO!, available at http://help.yahoo.com/help/us/url/url-10.html.
Keywords
and Tags
For
ComeStudyAbroad.com, for instance, the keywords "international,"
"study," and "students" would be a good start.
When determining keywords, an e-business should also keep in mind
to add common variations of the words used, such as capitalized
versions and common misspellings or alternate spellings (such as
U.K. English).
After
an e-business determines the keywords to be used, it must go about
the task of incorporating them into both the content of the website
itself as well as the internal programming code used. When incorporating
keywords into site content, the e-business should make sure to consider
keyword prominence, proximity, and frequency. Keyword prominence
is important for search engines that base their descriptions of
websites on the first words found on a page. For such search engines,
it is important to put keywords at the top of a page, so they most
closely reflect what a site is about in the site description returned
in a search. Keyword proximity is a factor used by some search engines
when determining what pages to receive. If a user runs a search
for "international" and "study," for instance,
a page that contains the words in close proximity in its text (such
as "The best international study resource guide
on the Internet" or "Want to study in an international
setting?") is more likely to be returned as a relevant search
result. Keyword frequency simply measures the number of times a
keyword appears in any given text. In theory, the higher the ratio
of keywords to text, the greater likelihood the website will be
returned as a result of a search for those keywords. In practice,
some search engines look out for websites' attempts to manipulate
search results and punish parties guilty of such altering tactics.
Keywords
also play an important role in the source code for a website, which
is generally unseen by the viewer. Some search engines use the tags
found in a site's source code to determine the relevance of a particular
site to a searcher's request. There are different types of tags
used in web programming and read by search engines, including meta
keyword tags, meta description tags, ALT tags, and comment tags.
Keyword tags are basically lists of a website's keywords in the
source code. As some search engines use meta keyword tags to determine
whether a cataloged website is relevant to a particular search,
utilizing the keyword tag in programming source code is an easy
way to make sure a website is matched up with an appropriate target
audience. The meta description tag is a description of a website's
content in the source code. The meta description tag is used by
some search engines as the basis for determining the relevance of
a website to a search, the description of a site to be listed under
search results, or both. Because some search engines use the meta
description tag to determine the relevance of a website to a search,
it is important to include appropriate keywords in this source code
description as well. To the extent that some search engines will
also use this tag as the description for search results, it is also
important for the purposes of click frequency to make sure the tag
entices the searcher to enter the site. ALT tags are used in source
code to describe an image that appears on a page, while comment
tags are internal notes used by source code programmers. While these
do not have the importance of the keyword and description tags,
some search engines that use spiders scan these tags, and adding
keywords to them will increase keyword frequency and can therefore
potentially increase the relevance of a website to a search. For
more information on the use of tags and general tips for optimizing
search engine results, see the guides at SearchEngines.com
(available at http://www.searchengines.com/intro_optimize.html)
and SearchEngineWatch.com
(available at http://searchenginewatch.com/webmasters/index.html).
For
legal issues surrounding use of keywords and meta tags, see Prof.
William W. Fisher, Linking,
Framing, Meta Tags, and Caching at http://cyber.law.harvard.edu/property00/metatags/main.html.
Back
to TOC
|