In Tiffany v. eBay, decided today, the Southern District of New York gives helpful bounds to secondary liability for trademark infringement, saying eBay is not liable for its use of the term “Tiffany” nor for its sellers’ sales of counterfeit goods. Judge Sullivan’s careful analysis leaves the path clear for online marketplaces to flourish, putting enforcement burdens, where they belong, on trademark claimants.

First, the court finds eBay’s advertisement, through “Tiffany”-keyed adwords on Google and Yahoo! searches, to be “nominative fair use.” Some eBay sellers are offering genuine Tiffany merchandise, as trademark law recognizes is legitimate, and eBay has the right to use the brand name to identify them, rather than “absurd circumlocutions … [such as] ’silver jewelry from a prestigious New York company where Audrey Hepburn once liked to breakfast.’” Even if search keywords are “use in commerce,” therefore, the court finds them non-infringing.

Second, the court holds eBay not liable for the infringements of its users, under either direct or secondary liability theories. Instead, its contributory liability test looks much like the notice-and-takedown regime that the DMCA sets up for copyright: only specific knowledge of infringement can trigger liability, a “showing that a defendant knew or had reason to know of specific instances of actual infringement”; not the “generalized” knowledge of counterfeiting Tiffany would like to attribute to eBay. The court does not impose any prior monitoring obligation, implying only that a defendant must take appropriate steps after being notified of claimed infringement. (The court helpfully notes several times that Tiffany’s “Notices of Claimed Infringement” are just claims, not proof, and that some listings have even been reinstated after incorrect claims.)

“[T]he fact remains that rights holders bear the principal responsibility to police their trademarks.” Trademark holders are best situated to assess the provenance of their branded goods and to weigh the costs and benefits of enforcement. The marketplace benefits from a rule that leaves lawsuits to the endpoints, keeping intermediaries relatively safe and clear.

Finally, the ruling suggests that trademark law continues to function effectively in the Internet era. While trademark holders might like greater control, and (some) sellers might like greater leeway, trademarks serve as indications of origin even without enlisting intermediaries in the fight. Yet further reason why ACTA’s proposed “update” to anti-counterfeiting trade law should not put liability on Internet intermediaries.

Thanks for the link, Ray.

Remember ACTA, the draft proposed “harmonization” of copyright found on Wikileaks? In keeping with the view that harmonization is a one-way ratchet up, RIAA has some suggestions for the US Trade Representative.

J. Online Infringing Activities

Parties shall:
1. Provide exclusive rights under copyright to unambiguously cover Internet use.
2. Establish appropriate rules regarding liability of service/content providers:
(a) Establishing primary liability where a party is involved in direct infringement; and ensure the application of principles of secondary liability, including contributory liability and vicarious civil liability, as well as criminal liability and abetting if appropriate.
(b) Establishing liability for actions which, taken as a whole, encourage infringement by third parties, in particular with respect to products, components and/or services whose predominant application is the facilitation of infringement.
3. Provide remedies and injunctive relief against any entity that:
(a) Creates or otherwise maintains directories of infringing materials;
(b) Provides “deeplinks” to infringing files;
(c) Commits any act, practice or service that has little or no purpose or effect other than to facilitate infringement, or that intentionally induces others to infringe (specifically allowing proof of “intent” by reference to objective standards–i.e. a reasonable person would surmise such an intent);
4. Require internet service providers and other intermediaries to employ readily available measures to inhibit infringement in instances where both legitimate and illegitimate uses were facilitated by their services, including filtering out infringing materials, provided that such measures are not unduly burdensome and do not materially affect the cost or efficiency of delivering legitimate services;
5. Require Internet service providers or other intermediaries to restrict or terminate access to their systems with respect to repeat infringers.
6. Establish liability against internet service providers who, upon receiving notices of infringement from content provides via e­mail, or by telephone in cases of pre-release materials or in other exigent circumstances, fail to remove the infringing content, or access to such content, in an expeditious manner, and in no case more than 24 hours; or
Provide that, in the absence of proof to the contrary, an internet service provider shall be considered as knowing that the content it stores is infringing or illegal, and thus subject to liability for copyright infringement, after receiving notification from the right holder or its representative, normally in writing, including by email or by telephone in the case of pre-release materials or in other exigent circumstances.
7. Establish, adequately fund and provide training for a computer crimes investigatory unit.
8. Provide injunctive relief against intermediaries whose services are used for infringing activities regardless of whether damages are available.
9. Establish policies against the use of government networks and computers, as well as those networks and computers of companies that have government contracts, to prevent the use of such computers and networks for the transmission of infringing materials, including a ban on the installation of p2p applications except, and to the extent to which, some particular government use requires such installation.
10. Consideration to be given to the following: possible rules on data retention, the right to information giving right holders access to data held by ISPs in the preparation and course of proceedings including in civil proceedings, and availability of complete and accurate WHOIS data

RIAA’s proposal is a compendium of everything they dislike about rulings that have gone against them: the lack of a “making available” right (Atlantic v. Howell); the requirement of knowledge before non-volitional actors such as ISPs can be held liable (RTC v. Netcom); the provisions of safe-harbor that let ISPs avoid liability (17 USC 512); the limitation of vicarious liability to situations where the proprietor has a right and ability to control; the possibility that non-infringing use could save a technology with infringing uses (Betamax); the status of hyperlinks (Perfect 10 v. Amazon).

Add in codification of stronger versions of rulings they like such as Grokster, and you’ve got a prescription for utterly insane copyright law! As the LA Times’ Jon Healy puts it, the RIAA’s ACTA would turn ISPs into enforcers, when they should be simple conduits.

Let’s hope enough ISPs, tech companies, public interest groups, libraries, educators, and friends can keep this RIAA wishlist from becoming our nightmare. We should start a corresponding wish-list, extravagant but alternate-universe plausible, would include on the other side. I’d start with:

What could be bad about free wireless Internet access? How about censorship by federally mandated filters that make it no longer “Internet.” That’s the effect of the FCC’s proposed service rules for Advanced Wireless Service spectrum in the 2155-2180 MHz band, as set out in a July 20 Notice of Proposed Rulemaking.

Acting on a request of M2Z Networks, which wants to provide “free, family-friendly wireless broadband,” the FCC proposes to require licensees of this spectrum band to offer free two-way wireless broadband Internet service to the public, with least 25% of their network capacity. So far so good, but on the next page, the agency guts the meaning of “broadband Internet” with a content filtering requirement. Licensees must keep their users from accessing porn:

§ 27.1193 Content Network Filtering Requirement.
(a) The licensee of the 2155-2188 MH band (AWS-3 licensee) must provide as part of its free broadband service a network-based mechanism:

(1) That filters or blocks images and text that constitute obscenity or pornography and, in context, as measured by contemporary community standards and existing law, any images or text that otherwise would be harmful to teens and adolescents. For purposes of this rule, teens and adolescents are children 5 through 17 years of age;

(2) That must be active at all times on any type of free broadband service offered to customers or consumers through an AWS-3 network. In complying with this requirement, the AWS-3 licensee must use viewpoint-neutral means in instituting the filtering mechanism and must otherwise subject its own content—including carrier-generated advertising—to the filtering mechanism.

(b) The AWS-3 licensee must:

(1) inform new customers that the filtering is in place and must otherwise provide on-screen notice to users. It may also choose additional means to keep the public informed of the filtering, such as storefront or website notices;

(2) use best efforts to employ filtering to protect children from exposure to inappropriate material as defined in paragraph (a)(1). Should any commercially-available network filters installed not be capable of reviewing certain types of communications, such as peer-to-peer file sharing, the licensee may use other means, such as limiting access to those types of communications as part of the AWS-3 free broadband service, to ensure that inappropriate content as defined in paragraph (a)(1) not be accessible as part of the service.

There are clear First Amendment problems with government-mandated filtering of lawful speech. The Supreme Court reminded us that a decade ago, striking the Communications Decency Act, the first unconstitutional effort to censor the Net. It’s still lawful for adults to view and share non-obscene pornography, and still unlawful for the government to restrict adults from doing so. But this rule digs deeper architectural problems too.

Like or hate lawful pornography, we should be disturbed by the narrow vision of “Internet” the filtering rule presupposes, because you can’t filter “Internet,” you can only filter “Internet-as-content-carriage.” This filtering requirement constrains “Internet” to a limited subset of known, filterable applications, ruining the platform’s general-purpose generativity. No Skype or Joost or Slingbox; no room for individual users to set up their own services and servers; no way for engineers and entrepreneurs to develop new, unanticipated uses.

Why? To block naked pictures among the 1s and 0s of Internet data, you need first to know that a given 11010110 is part of a picture, not a voice conversation or text document. So to have any hope of filtering effectively, you have to constrain network traffic to protocols you know, and know how to filter. Web browsing OK, peer-to-peer browsing out. You’d have to block anything you didn’t understand: new protocols, encrypted traffic, even texts in other languages. (The kids might learn French to read “L’Histoire d’O,” quelle horreur!) “Should any commercially-available network filters installed not be capable of reviewing certain types of communications, such as peer-to-peer file sharing, the licensee may use other means, such as limiting access to those types of communications as part of the AWS-3 free broadband service, to ensure that inappropriate content … not be accessible as part of the service.”

The Internet isn’t just cable television with a few more channels. It’s a platform where anyone can be a broadcaster – or a game devleoper, entrepreneur, activist, purchaser and seller, or inventor of the next killer app. Mandated filtering is the antithesis of dumb-pipe Internet, forcing design choices that limit our inventive and communicative opportunity.

Edit M2Z’s prepared text to just say no to filterband.

See also Scott Bradner, David Weinberger, Persephone Miel.

The Scientology critic known as “Wise Beard Man” returned to YouTube this week after successfully filing counter-notifications to copyright claims that had earlier been made against his account. The takedown and delayed return illuminate another of the lesser-known shoals of the DMCA safe harbor, the 512(i)(1)(A) “repeat infringers” consideration.

As Mark Bunker, the critic, describes it, he had initially set up a YouTube account under the name XenuTV, where he posted clips including commentary on Scientology. Some of these clips came from other sources, and two of them attracted DMCA takedown requests from Viacom, for “Colbert Report” clips in which Stephen talked about Scientology. These might well have been fair use, or he might have chosen to remove them, but as Bunker says, “Before I could act on the takedown notices and remove the offending clips, the accounts were canceled.”

Bunker began using a second YouTube account, XenuTV1, posting only clips of entirely his own material. His advice to the “Anonymous” critics made him a sort of elder statesman to the movement, and his account attracted over 10,000 subscribed viewers.

In April, however, this second account was abruptly canceled. Apparently, YouTube had discovered that it was Mr. Bunker’s second, after a canceled first, and interpreted the DMCA to compel termination of this second account.

The provision they were invoking was 512(i)(1)(A), which sets some conditions for service provider eligibility for shelter in the DMCA safe harbor:

“The limitations on liability established by this section shall apply to a service provider only if the service provider—
(A) has adopted and reasonably implemented, and informs subscribers and account holders of the service provider’s system or network of, a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers”

Now the DMCA does not define “repeat infringers,” and no cases have yet done so, so it’s left to ISPs to determine how to do so. Copyright claimants urge that two takedown notices make someone a “repeat infringer” whose account must be terminated (let’s hope it’s just the account, and not the subscriber himself!). In contrast, noted copyright scholar and attorney David Nimmer suggests that the provision should be construed strictly, to require “repeat infringer” sanctions only against those who have more than once been found liable for copyright infringement after legal proceedings. Nimmer, Repeat Infringers, 52 J. Copyright Soc’y 167 (2005). Nimmer also notes that unless “repeat” is limited to the service at issue, all the major motion picture studios would be ineligible for online posting accounts, since all have had multiple copyright infringement judgments rendered against them.

Nor does the DMCA define “appropriate circumstances” for account termination, so mitigating factors might well be raised against the termination of any particular account. The DMCA pre-condition is open to interpretation.

It appears, however, that YouTube determined that the two Viacom notices (Feb. 2, 2007, and Jan. 15, 2008) levied against Mr. Bunker’s XenuTV account marked him as a “repeat infringer.” Therefore, to maintain safe-harbor eligibility, YouTube felt compelled to terminate the second account, XenuTV1, upon recognizing that it was the same individual. Notwithstanding a complete absence of copyright claims against the XenuTV1 account, YouTube apparently concluded the risks of continuing to host the marked “repeat infringer” were too great.

Notably, 512(i) is a general precondition to the safe-harbor. Failure to “adopt[] and reasonably implement[]” a repeat infringers policy in one instance could be used against a provider as an argument to deny it the benefits of safe-harbor protection in an entirely unrelated case. YouTube’s risk calculation in responding to Mr. Bunker’s accounts, therefore, was not merely whether Viacom would sue over the Colbert clips Mr. Bunker had posted and YouTube removed, but whether entirely different copyright holders, complaining about other accounts’ postings, would invoke a failure to remove Mr. Bunker’s account as non-compliance with the DMCA’s eligibility requirements and seek to hold YouTube liable for other users’ infringements.

Mr. Bunker’s story concludes successfully, however, thanks in part to Viacom’s good sense. YouTube invited Mr. Bunker to file counter-notifications for the Viacom clips, and he did so in mid-May, asserting that the “mistake or misidentification of the material” was in not recognizing its use as fair. Viacom’s acceptance of the counter-notifications allowed YouTube to remove the “infringer” stain from Mr. Bunker’s account. For his part, Mr. Bunker says he was supported in his counter-notifications by the public messages of support and group effort to contact YouTube and Viacom to lay the groundwork, including those of VictoireFlamel and The Masked Analyst, who has a series of videos explaining the DMCA and counter-notification. Bunker reports that Viacom’s attorneys said they “wouldn’t be hard-nosed about fair use clips.”

Ten to 14 days after the counter-notification, therefore, when Viacom did not go to court to press its original copyright infringement claims, YouTube allowed the XenuTV accounts’ reinstatement.

While Mr. Bunker’s story ends happily for fair use, another story this week illustrates the danger of taking DMCA notifications as the mark of “repeat infringement”: University of Washington researchers reported getting DMCA takedowns against their laser printers, allegedly for sharing copies of “Iron Man” and “Indiana Jones.” MPAA agents sent DMCA notices without any verification that material was available from the accused IP addresses, much less that the materials infringed copyright. Meanwhile, universities report that they get DMCA takedowns alleging infringement by “shared folders” even when filters such Audible Magic make sharing impossible by blocking any transmission of files.

If the DMCA as a whole is to have any coherence, providers shouldn’t lose DMCA protection or subscribers lose their hosting based on such flimsy allegations.

The New York Times has a nice editorial today on the Supreme Court’s denial of cert to the MLB’s claims to own fantasy baseball. That leaves the case where the Eighth Circuit did, saying that fantasy leagues created around major-league baseball facts are fair game, not the property of MLB. Great to see a major new outlet weighing in against the expansionary claims:

In recent years, corporations have been aggressively pushing the bounds of intellectual property — extending the length of copyrights to unreasonable lengths, for example, and patenting seeds. In the case of fantasy baseball, the courts have rightly cried foul.

The biggest fantasy in this case was Major League Baseball’s claim that its fans should pay to talk about the game.

In another editorial closer to home, Professor and Berkman Fellow Harry Lewis criticizes copyright’s encroachment on education and culture in the Harvard Crimson.

We talk a lot about the ways intellectual property stifles innovation once it attaches — the patent thickets created when dozens of companies claim rights to parts of the same widget-process, the hindrance to free expression and commentary posed by copyright clams to political imagery or culture — but lately, I’ve been wondering about the burdens of incipient intellectual property: when the vague promise of some potential future IP right causes people to share less and develop less value than optimal.

Incipient intellectual property is the false promise that “you might be the next big star,” that keeps some artists from appreciating the intermediate audience-building possibilities of Creative Commons licenses. It’s the remote prospect of patent that keeps scientists from publishing early-stage findings or sharing with potential collaborators lest they statutorily bar themselves from patenting later.

Does the possibility of outsize exclusive benefits from the IP lottery blind people to the much greater shared benefits of openness?

Berkman@10 was wonderfully Twittered, Flickrd, and blogged, with technology enhancing the in-person connections.

Next stop, CFP.

As one of those who knew the Berkman Center before it was “Berkman,” I’m particularly pleased to be helping to celebrate its 10th Anniversary season.

When we launched “The Berkman Center for Internet & Society” in 1998, some wondered whether we were just talking about the “law of the horse,” but the intervening 10 years have shown us that horse has legs. The Internet’s distributed communication systems have taught us something new about speech, creativity, and culture — showing the economic flourishing of all these in a distributed, open network.

Berkman’s founding visionary, Charlie Nesson, recognized openness as a core principle early, and others have gradually caught on: freedom at the core means more opportunities to generate value elsewhere in the network. Free software supports better-specialized hardware, user-optimized development, and electronic commerce. Open-access non-discriminatory networks support both commerce and communities.

The challenge for the next 10 years will be to preserve that openness. Join us in person or online as we work to meet that challenge!

The New York Times reports that RealNetworks has introduced an “authorized” version of “Scrabble by Mattel” to Facebook, in an effort to compete with the enormously popular Scrabulous. CNet is puzzled, in part because the “official” app is unavailable in the United States or Canada.

For those not yet hooked, Scrabulous has been providing a Facebook application that lets Facebook friends play the game of Scrabble online. If the game numbers increment sequentially, it has served more than 2 and a half million games, and claims 629,256 daily active users.

In January, BBC and others reported that the Scrabulous team and Facebook had received takedown demands from Hasbro and Mattel (the two companies divide worldwide rights to the Scrabble trademark). Months later, however, Scrabulous remains online, probably because the threats’ legal merits are murky: there are few rights to “a game” as such.

Three kinds of intellectual property might protect aspects of a game — patent, trademark, and copyright — but each has limits that leave plenty of room for imitators and emulators.

Berkman’s Stop Badware project just released a new study, in which they report the “paradox” that most users feel safe online, despite a rash of malefactors and potential mishaps:

CAMBRIDGE, Mass., March 31, 2008 - Nearly 90 percent of Americans say they feel safe online despite the rising tide of spyware, phishing and other badware threatening Internet users, according to a new poll sponsored by StopBadware.org, the consumer protection initiative aimed at combating dangerous software.

…

“What we have here is an Internet security paradox,” said Maxim Weinstein, who manages the StopBadware.org team at Harvard Law School’s Berkman Center for Internet & Society. “Americans see themselves as safe online, even as we see an ongoing trend of organized criminal elements using the Internet to target unsuspecting users.” Weinstein will testify at the Federal Trade Commission on April 1 about how to better educate users about the dangers of phishing, a deceptive practice responsible for $2.1 billion in identity theft damages last year, according to Consumer Reports.

I wonder, though, do we think that mistaken feeling of safety is a bad thing? I don’t — I think it’s great that we have enough of a safety net that people who don’t have the technical competence to deal with PC security threats nonetheless are being generative and participatory. I don’t think we’d gain by scaring those Internet users, even through education. While malware problems are often compared to public health, we don’t have a solution that’s as easy and effective as one-time vaccination to make computer users safer.

I’d suggest instead that social insurance and systematic efforts to prosecute criminal use of malware are better responses than demanding that individual Internet users pay attention, educate themselves, and stay vigilant against ever-mutating threats.