Articles Posted in Internet Law

What kind of expense amounts to a “loss” under the Computer Fraud and Abuse Act (CFAA), and did a Virginia litigation-support company incur the required minimum of $5,000 in losses when it investigated an alleged breach of its computer systems, retaining the services of both an attorney and a computer forensics company to aid with the investigation? That was the issue recently before Judge T.S. Ellis III of the Eastern District of Virginia, who held that the investigative activities could support a CFAA claim, even if the expenses were not paid in cash.

The issue was particularly important to the plaintiff, Animators at Law, a graphics and technology litigation support company, because of the 13 claims it brought against two former employees and a competitor, all but the CFAA claim were based on state law, meaning that without it, there would be no basis for federal-court jurisdiction.

The CFAA provides for a civil action against anyone who intentionally gains access to a computer without authorization and obtains information from it. The CFAA has a minimum jurisdictional requirement of $5,000 in losses. Animators at Law claimed screen.jpgthat its former employees conspired with a competitor to leave Animators’ employment and join the competitor, taking with them confidential and proprietary information about Animators’ services, projects, and clients.

Lawyers around the country have come to learn of the Eastern District of Virginia’s legendary “rocket docket.” With divisions located in Alexandria, Norfolk, Richmond, and Newport News, Virginia’s federal court is known as the most efficient in the country for handling intellectual property cases and complex business litigation. Also known for being friendly to business, trademark owners around the country often look for ways to establish venue in Virginia instead of a location closer to home where cases move at a slower pace. In the context of protecting trademark rights, one such opportunity can be found in the Anticybersquatting Consumer Protection Act.

The ACPA provides for a cause of action against those who register or use a domain name confusingly similar to, or dilutive of, the trademark of another. Enacted in 1999, the ACPA was designed to address the practice of “cybersquatting,” which generally involves the practice of registering a domain name containing somebody else’s name or trademark with the intention of either profiting from the resulting confusion or of selling the domain name to the less-Internet-savvy trademark owner. You could sue the individual in the jurisdiction of his residence, but what if that person lives in the District of Minnesota, one of the slowest federal courts in the country? Or what if the registrant took steps to shield his identity when registering the domain name and you can’t determine whom to sue?

One option available to you is to sue the domain name itself. And because VeriSign–the world’s largest registry and operator of the .com and .net top-level domains–is located in Dulles, Virginia, which falls within the jurisdiction of the Eastern District of Virginia, there is a good chance you can bring that action in the Rocket Docket, regardless of where the actual registrant resides. 49702_holding_a_dot_com_iii.jpg

Too often, disgruntled departing employees will abuse their employer’s computer system on their way out, snooping into coworkers’ email accounts, erasing important files, downloading trade secrets or other confidential commercial information, or intentionally infecting computers with viruses. In recent years, the Computer Fraud and Abuse Act (CFAA) has become an important weapon in an employer’s arsenal for combating such computer crimes. Civil remedies are available under the CFAA for damage to any “protected computer,” which includes any “computer used in interstate or foreign commerce or communication.” However, a Virginia court recently clarified that the CFAA will not provide a remedy absent an actual “loss” as defined by the statute.

In Global Policy Partners, LLC, v. Yessin, a plaintiff brought claims against her husband and business partner under the CFAA and the Stored Communications Act (SCA), claiming that he had accessed her work email account in order to review her confidential communications with her divorce lawyer. The court rejected the husband’s initial attempts to dismiss the case on the ground that his access to his wife’s email was authorized in that he was a co-manager of the couple’s business. The court reasoned that because there was no legitimate business reason for the snooping, the access was unauthorized. At the summary judgment stage, however, the court granted summary judgment in his favor because the wife did not introduce sufficient evidence to show she had incurred a $5,000 “loss.”

To prevail on a claim brought under the CFAA, a plaintiff must demonstrate that the alleged violation “caused … loss … aggregating at least $5,000 in value.” 18 U.S.C. Section 1030(c)(4)(A)(i). The CFAA specifically defines four categories of potential loss: laptop.jpg“[i] the cost of responding to an offense, [ii] [costs of] conducting a damage assessment, and [iii] [costs of] restoring the data, program, system, or information to its condition prior to the offense, and [iv] any revenue lost, cost incurred, or other consequential damages incurred because of the interruption of service.” 18 U.S.C. § 1030(e)(11). According to the Fourth Circuit Court of Appeals, this list “plainly contemplates … costs incurred as part of the response to a CFAA violation, including the investigation of an offense.” A.V. ex rel. Vanderhye v. iParadigms, LLC, 562 F.3d 630, 646 (4th Cir. 2009).

The discovery process, the primary fact-finding tool available to litigants, has always been contentious. Parties are loathe to hand over potentially embarrassing or incriminating documents, and the costs involved can be staggering. The information age has only served to make things more complicated. As the Northern District of Illinois observed in the 2002 case of Byers v. Illinois State Police, “[m]any informal messages that were previously relayed by telephone or at the water cooler are now sent via e-mail.” Now that so many casual conversations are documented in e-mail and are, therefore, potentially subject to discovery, the discovery costs in the typical case have skyrocketed . Two recent United States District Court Cases, one out of Minnesota, Kay Beer Distributing, Inc. v. Energy Brands, Inc., and the other out of Florida, Kilpatrick v. Breg, Inc., provide a window into just how daunting electronic discovery can be, how judges are adapting traditional discovery rules to deal with these new problems, and how parties can do their part to avoid potential problems.

Information is generally discoverable if it is non-privileged and either directly relevant to a party’s claim or reasonably calculated to lead to the discovery of evidence that is directly relevant. In the Kay Beer case, Kay alleged that an oral contract gave it the email.jpgexclusive right of distribution for Energy Brands’ products. Energy Brands claimed that by its understanding of the agreement, Kay’s distribution rights were limited. This was essentially a run-of-the-mill contract dispute. What made the case unique, however, was the plaintiff’s demand that the defendant hand over five DVDs containing nearly 13 gigabytes (between 650,000 and 975,000 pages) of e-mails and other documents. Each of the documents had been identified as referencing “Kay Beer”, “Kay Distributing”, or simply “Kay” by a keyword search of Energy Brands’ archives. Kay Beer argued that the documents might contain discoverable evidence showing that Energy Brands originally shared Kay’s understanding of their agreement.

The court’s approach to the discovery contest was to weigh Kay Beer’s interest in obtaining the documents against the burden Energy Brands would experience in turning them over. The court found that just because a document references a party does not support the conclusion that it contains relevant evidence. It further reasoned that in contract litigation, the only relevant statements are those made between the representatives of the companies involved; statements made by lower-level employees not empowered to speak for the company are not relevant to the official understanding of the contract. The court concluded that Kay Beer’s interest in the documents was relatively minor.

To file a lawsuit in Virginia’s state or federal courts against a non-resident of Virginia or an out-of-state corporation, it is necessary to establish “personal jurisdiction” over the defendant. A court has no power over parties to a lawsuit absent such jurisdiction. Personal jurisdiction will exist only if (1) Virginia’s “long-arm” statute authorizes it; and (2) the defendant has certain “minimum contacts” with Virginia “such that the maintenance of the suit does not offend traditional notions of fair play and substantial justice,” which is required by constitutional due process. In a recent case from the Eastern District of Virginia, Judge Trenga held that a passive website not purposefully targeted at Virginians was not sufficient to create a basis for personal jurisdiction and he dismissed the case.

The case, which contains counts for actual fraud, constructive fraud, negligence, and breach of fiduciary duty, was filed by Dr. Olimpia Rosario, a Virginia psychiatrist, against professional psychic Jeffrey Wands, who operates Psychic Eye Media in New York. Dr. Rosario became impressed with Mr. Wands several years ago when he correctly predicted that she would obtain a residency in a New York-based hospital. Ever since, Dr. Rosario has sought counseling and guidance from Mr. Wands on a wide range of issues, including spiritual issues and substance abuse problems, despite the fact he held no degree or license to practice any type of healing art, medicine, counseling, or social work in either Virginia or New York.

Eventually, Mr. Wands became concerned about certain of Dr. Rosario’s behavior and reported it to both the New York Police Department and the Virginia Board of Medicine. Dr. Rosario sued, claiming Mr. Wands caused her condition to worsen and denying abuse of prescription drugs. Mr. Wands, a resident of New York, moved to dismiss the case for lack of personal jurisdiction.

Apparently there are still some people who think they are being clever by registering domain names confusingly similar to trademarks or domains used by existing companies, hoping to capitalize on the confusion.  And what better target than Citibank, a giant company with an easily misspelled name!  Judge Hilton of the Eastern District of Virginia, who is well versed in intellectual property issues, decided to teach a lesson to such a schemer in the case of Citigroup, Inc. v. Shui, Civil Action No. 08-0727, on February 24, 2009.

The Defendant, Chen Bao Shui, thought it would be a good idea to register CITYBANK.ORG and use it to market financial services.  When visitors would go to his site, they would see links to, among other things, “Citibank Student” and “Citibank Visa.”  Clicking on such an option would not take the visitor to Citigroup, of course, but to another page or to a third-party vendor who would pay the Defendant for each click-through.  In other words, the Defendant’s plan was to earn money by confusing customers into believing they were dealing with Citigroup when they were dealing with an unrelated, unaffiliated entity.

This is exactly the sort of activity prohibited by the Anticybersquatting Consumer Protection Act, found at 15 U.S.C. 1125(d) (the “ACPA”).  A violation of the ACPA exists where (1) a49702_holding_a_dot_com_iii.jpg defendant has a “bad-faith intent” to profit from using the domain name; and (2) the domain name at issue is identical or confusingly similar to the plaintiff’s distinctive or famous trademark.

Trademark owners take note: whether or not you participate in Google’s Adwords program to advertise your business, your competitors may be using your trademark as a keyword in promoting their competing business.  Google not only allows this potentially infringing practice, it encourages it!  The company actively and openly sells competitors’ trademarks to advertisers seeking to divert potential customers to the advertisers’ websites.

It remains to be seen, however, how long the courts will permit this practice to continue.  On April 3, 2009, a federal appeals court sitting in New York decided to allow a case to go forward in which a computer-repair company called Rescuecom sued Google for trademark infringement.  The case is Rescuecom Corp. v. Google, Inc., Case No. 06-4881 (2d Cir.).

The complaint involves two of Google’s programs used in Internet advertising: AdWords and Keyword Suggestion Tool.  With AdWords, advertisers purchase keywords relevant to their business.  When a purchased keyword is used in a Google search, the advertiser’s ad and link appear on the search results page, either in the right margin or in a horizontal band immediately above the relevance-based (i.e., non-sponsored) search results.  The Keyword Suggestion Tool recommends keywords to advertisers.  Among its recommendations might be the trademark owned by the advertiser’s competitor.

Contact Us
Virginia: (703) 722-0588
Washington, D.C.: (202) 449-8555
Contact Information