August 2011

Facebook’s Motion to Dismiss Denied
A federal court in Texas denied Facebook’s motion to dismiss or transfer to California a declaratory judgment suit filed by Lamebook, a self-described parody website that Facebook asserts is infringing its trademarks.

New Jersey Supreme Court on Defamatory Comments
The New Jersey Supreme court held recently that a person who posted allegedly defamatory comments on an Internet message board cannot invoke the protections of New Jersey’s news media shield statute.

Myspace Threats
According to the Virginia Court of Appeals, a defendant’s posting of threatening lyrics on his ex girlfriend’s MySpace page constituted communication of a written threat within the meaning of Virginia Code § 18.2-60(a)(1).

Privacy Policies Survey
In a recent survey, 31% of respondents claimed to have read all of the privacy policies of the websites they used.  Even though we draft website privacy policies for a living, and would like to believe that such policies are widely read, the 31% figure seems high to us.

Google Buzz Class Action
As Google rolls out its new Google+ social networking service, a federal judge issued final approval of the $8.5 million settlement in a class action suit brought by Gmail users who alleged that Google exposed their personal information without authorization through “Google Buzz,” the search giant’s previous foray into social networking.

Facebook Facial Recognition Violates German Law?
Facebook’s new facial recognition feature has sparked objections from a German data protection agency, which claims that it violates German data protection laws.

New Lawyers in Facebook Suit
Paul Ceglia, the man suing for a 50% stake in Facebook, apparently needs new lawyers.

Twitter Co-founders Solving Big Problems
Reports are that Twitter co-founders Biz Stone and Evan Williams have stepped back their involvement in the microblogging service and will be starting a new venture.  The Obvious Corp. has set itself an ambitious program of “solving big problems” and helping develop systems that “improve the world,” according to Stone’s blog.

Reward Points for For Facebook Ads
American Express cardholders can now use their rewards points to buy ads on Facebook.

Justin Timberlake buys MySpace
Remember when you switched from Friendster to MySpace because MySpace was the hot new thing in social networking? Well, Rupert Murdoch’s News Corp. recently sold the former hot new thing to a group formed by Justin Timberlake and a California-based digital advertising agency for $35 million, just 6% of the $580 million that News Corp. paid for the company in 2005.

LinkedIn Take Number Two Spot
In what may be a related development, it has been reported that LinkedIn has overtaken MySpace to become the second most visited social networking site in the U.S. after Facebook (and Twitter is not far behind).

Facebook Declining Traffic
Of course, even the mighty Facebook may not be completely immune from declining traffic:  a number of media outlets reported that Facebook lost users in the U.S. and Canada in May 2011.  Facebook issued a statement that the reports are inaccurate.

Isn’t It Ironic
Apparently Facebook CEO Mark Zuckerberg is the most followed user on Google’s new “Google+” social networking service.  Google bigwigs Larry Page and Sergey Brin are a relatively distant second and fourth, respectively.

Don’t Post Facebook Threats in Minnesota
The Minnesota Court of Appeals has held that a college student’s threatening Facebook posts substantially disrupted activities at the school and, therefore, the school’s imposition of disciplinary sanctions did not violate the student’s First Amendment rights.

350 Billion Tweets Each Day
Twitter, founded just five years ago, reached a new milestone:  the micro-blogging service reports that it now delivers 350 billion tweets each day.  Twitter also announced that a new tweets per second (or “TPS” as we say in the biz) record had been set, with 7,196 TPS at the end of the Women’s World Cup soccer game.

Google + Users
Not to be outdone in the social media statistic game, Google’s recently-launched Google+ service reportedly hit the 25 million user mark just a month after its launch, and may be on track to sign up 22 percent of online adults in the U.S. within a year, which would make Google+ the second- most-used social networking site after Facebook.

Don’t Violate Google +’s Terms of Use
In other Google+ news, some outlets are reporting that users who violate the Google+ terms of use may find themselves barred not only from Google+ itself, but also from other Google services such as the search giant’s Gmail email service.

Nirvana and Facebook’s Rules on Nudity
Speaking of terms of use violations, the rock band Nirvana recently had images of its classic album “Nevermind” (which, incidentally, is celebrating its 20th anniversary this fall—feel old yet?) yanked by Facebook because the iconic cover image of a naked baby boy floating in the pool ran afoul of Facebook’s rules regarding photos that include nudity.

Shatner Shut Down on Google+
Actor William Shatner, however, had better luck with his Google+ account, despite being temporarily shut down for “violating standards.” Shatner tweeted that he did not know what rules he had violated, writing, “Saying hello to everyone apparently is against the rules.”  His Google+ account was up and running later that same day.

Earlier this year, U.S. Senators John Kerry (D-Mass.) and John McCain (R-Ariz.) introduced S. 799, the “Commercial Privacy Bill of Rights Act of 2011,” which would establish, for the first time in the United States, a comprehensive framework for the collection, use, storage, and transfer of covered information.  If passed as currently drafted, the bill would impose generally applicable notice, choice, security, access, and other obligations on companies that collect information about individuals, both online and offline, requiring fundamental changes to how they do business and interact with their customers.

The bill would be enforced by the Federal Trade Commission (“FTC”) and state Attorneys General.  There would be no private right of action.  It would apply to nonprofits and certain common carriers that are not traditionally subject to FTC jurisdiction.  The bill would preempt state privacy laws governing the collection, use, or disclosure of “covered information,” except those laws relating to health or financial information, fraud, and data breach notification.

We expect the legislative process with respect to this bill to be somewhat protracted, as other stakeholders, such as privacy advocates, have already complained that it should provide greater restrictions on companies’ collection, use, and disclosure of data.  Below is a short high-level summary of the bill’s scope and application.

TO WHOM AND WHAT WOULD IT APPLY?

The bill would generally regulate “Covered Entities,” defined as those that collect, use, transfer, or store the “Covered Information” of more than 5,000 individuals during any consecutive 12-month period.

“Covered Information” is defined broadly and obscures the traditional distinction between “Personally Identifiable Information” (“PII”) and non-PII.  It does this by including both traditional PII (name, address, phone, and so forth) as well as “Unique Identifier Information” (“UII”), which means a unique persistent identifier associated with an individual or a networked device—which could be anything from a customer number held in a cookie to a user ID.  Covered Information also encompasses any information stored in connection with either PII or UII that may be used to identify an individual.

More restrictive conditions are imposed on “Sensitive PII,” which means information related to a medical condition, health record, or religious affiliation, as well as PII which, if lost, compromised, or disclosed without authorization, carries a significant risk of economic or physical harm.  Neither “significant risk” nor “harm” is defined, leaving open the possibility of a broad reading.

WHAT WOULD IT REQUIRE?

The bill would:

•  Impose a notice and choice regime – The bill directs the FTC to promulgate rules to require a Covered Entity to:

•  Provide clear, concise, and timely notice of its Covered Information collection, use, transfer, and storage practices;

•  Offer a clear and conspicuous opt-out mechanism for any Unauthorized Use of Covered Information (except for any use requiring opt-in consent).  “Unauthorized Use” means use for any purpose “not authorized by the individual.” It does not include certain commonly accepted uses, including first party marketing and analytics, as long as the information used was collected directly by the Covered Entity or its service provider;

•  Offer a robust, clear, and conspicuous opt-out mechanism for the use by a third party of Covered Information for behavioral advertising or marketing;

•  Offer a clear and conspicuous mechanism for opt-in consent for the collection, use, or transfer of Sensitive PII, with a few limited exceptions; and

•  Offer a clear and conspicuous mechanism for opt-in consent for a new material use or transfer of previously collected Covered Information if the new use or transfer creates a risk of economic or physical harm.  Note that this standard is far less stringent than that currently espoused by the FTC, which requires notice and opt-in consent to any material retroactively-applied change, regardless of whether the change presents a risk of harm.

•  Restrict the transfer of Covered information to third parties – A Covered Entity would have to ensure the third party is legitimate (by doing due diligence), contractually restrict its use of the Covered Information, and notify the FTC of a material violation of the contract.  This last provision in particular is likely to be subject to significant negotiation, as it would impose a novel requirement under U.S. law.

•  Make “privacy by design a legal requirement – This provision echoes a similar recommendation made by the FTC in the preliminary privacy report that it issued in December 2010, and it would require Covered Entities to implement a comprehensive information privacy program.

•  Codify the requirement that businesses maintain reasonable security for PII – By way of enforcement actions, the FTC has effectively imposed the requirement that businesses have reasonable security measures in place in order to protect personal information.  The bill would direct the FTC to promulgate rules that are technologically neutral and consistent with current FTC guidance and industry practices.

•  Impose accountability, access and correction, anonymization, data minimization, as well as data integrity standards – These requirements are grounded in the Fair Information Practice Principles stressed in the Green Paper released last year by the Department of Commerce.

WOULD THERE BE ANY SAFE HARBORS?

The bill directs the FTC to issue rules to establish safe harbor programs to be administered by non-governmental organizations.  The programs would establish mechanisms for participants to implement the law’s requirements with regard to (1)   online behavioral advertising, (2)   location-based advertising, and (3)   other Unauthorized Uses.  Participating and compliant Covered Entities would be exempt only from the provisions of Title II (notice, choice, access, and anonymization) and Title III (data minimization, constraints on distribution, and data integrity).

Twitpic, a user-generated content service that simplifies the process of sharing photographs and other media through Twitter, came under fire earlier this year for changes to its Terms of Service that appeared to dramatically expand the rights granted to Twitpic by its users— and that were described by some media outlets as a “copyright grab.”

Twitpic’s original Terms of Service stated that “all images uploaded are copyright their respective owners,” and that by uploading photos to Twitpic, users gave Twitpic “permission to use or distribute” such photos on Twitpic.com and affiliated sites.  As highlighted in Eric Goldman’s Technology & Marketing Law Blog, Twitpic revised its Terms of Service without notice on May 4, 2011, to state that users who share content via Twitpic “may not grant permission to photographic agencies, photographic libraries, media organizations, news organizations, entertainment organizations, media libraries, or media agencies to retrieve from Twitpic for distribution, license, or any other use, content [users] have uploaded to Twitpic.” Goldman’s blog notes that this language suggested that, if a user posted content through Twitpic, the user could not then license that content to other third parties, even though the license grant to Twitpic was putatively nonexclusive.  That said, the prohibition only applied to retrieval of the uploaded content “from Twitpic” for further use.  Whatever its intent, the offending language was deleted in Twitpic’s next revision to its Terms of Service, which came six days later along with a clarification from Twitpic regarding its revised terms.

Despite the various changes to Facebook’s Guidelines, one fundamental principle remains the same:  The Guidelines continue to govern both communication about, and administration of, promotions on Facebook.

The further-revised (and currently governing) version of Twitpic’s Terms of Service states that “all content uploaded to Twitpic is copyright the respective owners,” and clearly specifies the licenses that Twitpic users are granting.  The first licenses are to Twitpic, including both a broad license similar to the one found in Twitpic’s original Terms of Service (“permission to use or distribute [the user’s] content on Twitpic.com or affiliated sites”), along with a more detailed nonexclusive, sublicensable license that permits Twitpic to use, reproduce, distribute, prepare derivative works of, display and perform a user’s uploaded content in connection with the Twitpic service and Twitpic’s, its affiliates’ and successors’ businesses, including for “promoting and redistributing” Twitpic’s service and derivative works of the service, in any format and through any channel.

The second license is a grant to other users of Twitpic, giving them an express right to use, distribute, display and perform a user’s uploaded content “through the functionality of [Twitpic] and under these Terms of Service.” (These licenses terminate within a commercially reasonable time after a user removes or deletes his or her content from Twitpic, however, any sublicense granted prior to such termination “may be perpetual and irrevocable.”)

The licenses to Twitpic itself are very similar to the ones demanded by most services built around user-generated content—and the inclusion of a license-back of each user’s content to the general user population, albeit restricted to Twitpic’s own functionality, addresses an issue that is not often raised in website terms and conditions.  Still, other language in Twitpic’s Terms of Service, when combined with these broad grants, has stirred concerns among Twitpic users.  Although “it is not acceptable to copy or save another user’s content from Twitpic and upload it to other sites for redistribution and dissemination,” the terms also state that in order “to publish another Twitpic user’s content for any commercial purposes [other than simple ‘Retweets’] … whether online, in print publication, television, or any other format, you are required to obtain permission from Twitpic in advance of said usage and attribute credit to Twitpic as the source where you have obtained the content” (emphasis added).  So it appears that the Terms of Service both prohibit users’ commercial use of other user’s content, and expressly contemplate such use so long as that use is controlled by Twitpic (rather than the uploading user) in terms of both approval and functionality.

More recently, it was reported that World Entertainment News Network (“WENN”) and Twitpic had reached an agreement making WENN Twitpic’s exclusive photo agency, which, according to executives, was intended to facilitate legitimate, authorized use of Twitpic images as part of breaking news and entertainment stories.  Some users are reportedly worried that they will not be able to opt out of the WENN/Twitpic arrangement, even though WENN’s CEO has stated that only a very small number of celebrities’ images will be distributed via WENN—and according to The New York Times, certain celebrities whose pictures were to be distributed by WENN have stopped using Twitpic.  Still, despite much sound and fury from the blogosphere, no mass exodus from the popular content-sharing service has materialized as a result of these developments.

In our February 2011 issue of Socially Aware, we reported that, at the end of 2010, Facebook had revamped its Promotions Guidelines (the “Guidelines”) to eliminate the requirement that approval be obtained from Facebook prior to offering sweepstakes, contests or similar promotions in connection with one’s Facebook page.  More recently, Facebook substantially streamlined its Guidelines, which now focus less on specific points of legal compliance and more on how Facebook features and functionality may and may not be used in connection with promotions.  Here are some highlights from the revised Guidelines:

Legal Compliance – Attorneys who advise clients on contests and sweepstakes are well aware of the difficulties in navigating the labyrinth of state, federal and foreign laws that govern such promotions.  Earlier versions of the Guidelines took a proactive approach to ensuring that sweepstakes, contests and similar promotions appearing on Facebook pages complied with applicable laws, by including long lists of prohibitions and restrictions against matters such as making sweepstakes available to individuals in specific jurisdictions (e.g., Belgium, Norway, Sweden or India), making promotions available to those under 18 years of age, and offering types of prizes (such as alcohol, tobacco, dairy, firearms and prescription drugs) that could raise general or promotion-specific legal issues.  The revised Guidelines have eliminated most of these specific restrictions, and now provide that promotion operators themselves are “responsible for the lawful operation of [their promotions], including the official rules, offer terms and eligibility requirements (e.g., age and residency restrictions), and compliance with regulations governing the promotion and all prizes offered in connection with the promotion (e.g., registration and obtaining necessary regulatory approvals).” The Guidelines also clarify that compliance with the terms and conditions of the Guidelines does not, in itself, make a promotion lawful.  Facebook’s new approach is a valuable reminder for promotion operators to seek legal guidance when designing, drafting official rules for, and administering sweepstakes, contests and promotion, whether on social media platforms or otherwise.

Use of Facebook Features and Functionality – In contrast to their new approach to legal compliance, the revised Guidelines now provide more detail on how promotion operators may and may not use Facebook features and functionality in connection with their promotions.  (Some of this detail had been included in “examples” in the prior version of the Guidelines, but may not have been clear from the body of the Guidelines.) A few key examples:

Voting – For years, Internet-based contests have relied on public judging/voting on participants’ entries to determine finalists and winners.  Section 5 of Facebook’s revised Guidelines provide that promotion operators “must not use Facebook features or functionality, such as the Like button, as a voting mechanism for a promotion.” This shifts the burden of supplying a usable and accurate voting mechanism onto promotion operators themselves.  We note that Section 1 of the Guidelines requires that all promotions on Facebook “must be administered with Apps on Facebook.com”, so it is unclear whether a voting mechanism within a custom app may be used notwithstanding this blanket prohibition.

•  Means of entry vs. conditions for entry – The revised Guidelines make a subtle but important distinction between, on one hand, using Facebook features as a mechanism for registering for or entering a promotion, and on the other hand, conditioning registration or entry on taking a particular Facebook action.  Per Section 3 of the revised Guidelines, promotion operators are flatly prohibited from using Facebook features or functionalities (e.g., “liking” a Page, posting an item of content or joining a group) as the actual means of entry for a promotion, without exception.  On the other hand, per Section 4 of the revised Guidelines, promotion operators are prohibited from “condition[ing]” registration for or entry in a promotion on taking actions using Facebook features or functions, but with an important exception—registration or entry may be conditioned on a user “liking a Page, checking in to a Place, or connecting to [the promotion operator’s] app.” So, for example, liking a Page can serve as a requirement for participation in a promotion, but it cannot be the way for a participant to enter the promotion.

•   Notifying winners – A promotion’s official rules typically state how and when winners will be notified.  Section 6 of the revised Guidelines now prohibits promotion operators from notifying winners “through Facebook, such as through Facebook messages, chat, or posts on profiles or Pages.”  (Again, it is unclear whether winners may be notified through a promotion’s app on the Facebook platform.)

Despite the various changes to Facebook’s Guidelines, one fundamental principle remains the same:  The Guidelines continue to govern both communication about, and administration of, promotions on Facebook.  And these two terms are sweeping in scope.  “Communication” includes “promoting, advertising or referencing a promotion in any way on Facebook, e.g., in ads, on a Page, or in a Wall post,” and “administration” includes “the operation of any element of the promotion, such as collecting entries, conducting a drawing, judging entries, or notifying winners.” This means that even mentioning your promotion on Facebook is subject to the Guidelines.  So, before launching your next promotion involving Facebook—whether you are actively operating the promotion on Facebook, or merely referencing an independently run promotion—remember to review the current Guidelines to ensure compliance.

Although common law generally holds publishers responsible for the content that they publish, the Communications Decency Act (“CDA”) gives website operators broad protection from liability for content posted by users.  Courts have applied the CDA in favor of website owners in nearly 200 cases, including cases involving Google, Facebook, MySpace, and even bloggers for content posted by their co-bloggers.  Commentators hail the CDA as the legal framework that made possible the rise of social media.  CDA immunity, however, is not limitless.  For example, as the Ninth Circuit explained in Fair Housing Council  of San Fernando Valley v. Roommates.com, where “a website helps to develop unlawful content,” it loses CDA immunity “if it contributes materially to the alleged illegality of the conduct.”  Two recent cases illustrate how websites can lose CDA immunity as a result of contributing to offending content.

The district court in Levitt v. Yelp considered business owners’ claims that Yelp manipulated Yelp pages, rankings, and reviews in an extortionate manner that violated California’s unfair business practices law.  Plaintiffs alleged that Yelp threatened to, and did, take down positive reviews if plaintiffs did not buy ads, and that Yelp’s salespeople manipulated rankings on Yelp.  The court first rejected Yelp’s jurisdictional argument that the CDA prevented the court from hearing the claims.  Second, the court held the CDA did not immunize Yelp because some of the claims focused on Yelp’s sales practices, and not merely Yelp’s editing or selective display of user reviews.  The court dismissed the plaintiffs’ claims anyway— finding that they had not pleaded sufficient facts to show extortion by Yelp—but it gave the plaintiffs leave to amend.

In Hill v. StubHub a North Carolina state court considered claims that StubHub violated state anti-scalping statutes.  The court rejected StubHub’s CDA defense because StubHub’s service suggested that users input particular prices for Miley Cyrus concert tickets, and profited when they did.  That StubHub suggested the illegal prices, monitored its inventory for particular events, and only made money if sufficient tickets were sold, and even then made a percentage of the ticket price, all meant StubHub “developed” the unlawful content:  a system where users scalped tickets.  The court explained that StubHub “encouraged, materially contributed to, and made aggressive use” of the pricing content posted by users, so StubHub could not avoid liability for it.

Together, the Yelp and StubHub cases show that CDA immunity, although critical for social media operators’ use of user-generated content, is not boundless.  Sites can lose CDA immunity by directing or contributing to offending content or as a result of the actions of their salespeople.

Section 512(f) of the Digital Millennium Copyright Act (“DMCA”) imposes liability on those who abuse the DMCA’s notice and take-down procedures by making knowingly false claims of copyright infringement.  Courts have issued sanctions on overly zealous copyright owners based on this provision, such as in the case of a voting technology firm that knowingly issued meritless notices of infringement to ISPs. Courts tend to apply Section 512(f) fairly narrowly, however, as illustrated in a recent Central District of California case, Rock River Communications, Inc. v. Universal Music Group, Inc.

Plaintiff Rock River is a producer and distributor of music records.  In 2006, Rock River remixed recordings of reggae music by Bob Marley and the Wailers, purportedly under license from a company called San Juan Music.  Defendant Universal Music Group (“UMG”) is the owner of Island Records and controls the rights to a number of Bob Marley’s records.  In October 2007, UMG sent cease and desist letters to various Internet music distributors, including Apple, asserting that it had exclusive rights to the Bob Marley recordings and threatening copyright infringement actions.  As a result, the distributors stopped distributing Rock River’s remixes.  Rock River then sued, asserting a number of claims, including that UMG violated Section 512(f) of the DMCA by sending a cease and desist letter to Apple that contained knowing and material misrepresentations that Rock River’s remixes infringed UMG’s copyright.

The court held that Section 512(f) of the DMCA did not apply because the “notification” at issue—the cease and desist letter to Apple—was not a notification pursuant to the DMCA.  Section 512(c)(1) of the DMCA provides a safe harbor for online service providers with respect to liability “for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider.” UMG’s cease and desist letter was found not to be a take-down letter as described in Section 512(c) because it did not address infringement by reason of the storage at the direction of a user.  Rather, the alleged infringing conduct at issue concerned Apple’s own actions with respect to the selection and distribution of music through its iTunes services, not the performance of the user-directed functions contemplated by the DMCA.  Therefore, the court held that UMG’s cease and desist letter was not the functional equivalent of a Section 512(c)(3) takedown notice and, accordingly, was not subject to sanctions under Section 512(f) of the DMCA.

Consumers often turn to the Internet for reviews before purchasing products or services, and companies are increasingly interested in ensuring that such reviews reflect positively and accurately on their businesses.  When patients post negative or allegedly inaccurate reviews about their doctors on the Internet, however, doctors are often prevented from responding due to ethical obligations such as patient confidentiality.  Moreover, even if such reviews were to constitute defamation, under U.S. law, Section 230 of the Communications Decency Act (“CDA”) would prevent doctors from holding the website operators liable for hosting defamatory statements posted by others, such as reviews posted by site visitors.  Doctors would thus be left with the undesirable option of pursuing action against the patients directly, which often involves additional legal proceedings to determine the authors of anonymous reviews.  As a way to obtain greater control under such circumstances, an organization known as Medical Justice has created controversy by recommending that doctors require patients to sign contracts limiting their rights to publish reviews.

Over time, these contracts have reflected different approaches.  In an earlier version, the patient agreed to “refrain from directly or indirectly publishing or airing commentary regarding Physician and his practice, expertise and/or treatment.” The doctor would presumably be able to seek an injunction against the patient for breaches of the contract, such as the publication of reviews.  The patient’s agreement to such restrictions was described as consideration for the doctor’s treatment and for the doctor’s agreement not to exploit “legal privacy loopholes” that the contract claimed would otherwise be permissible under federal privacy law.

While this initial approach would have imposed liability on the patient for publishing reviews, it would still have allowed websites to continue hosting such reviews under the protection of Section 230 of the CDA.  More recent contracts—possibly revised in response to this problem—do not directly restrain patients from posting reviews, but instead require the patient to prospectively assign to the doctor the copyright in any such reviews.  “[I]f Patient prepares such commentary for publication on web pages, blogs, and/or mass correspondence about Physician, the Patient exclusively assigns all Intellectual Property rights, including copyrights . . . ” to the physician.  If valid, such an assignment would allow doctors to send “take-down” notices under the Digital Millennium Copyright Act (“DMCA”) to websites hosting the patient reviews, thus requiring such websites to remove such reviews or face liability for copyright infringement.  Section 230 of the CDA would not protect websites that receive such DMCA take-down notices, because Section 230 expressly does not provide any defense to infringement of copyright or other intellectual property rights.

As a novel use of copyright law, the Medical Justice approach may raise more problems for doctors than it solves.  The website DoctoredReviews has identified several issues facing doctors who wish to enforce such contracts against patients or to serve take-down notices to websites hosting patient reviews.  For example, such contracts may be unconscionable under state law and thus unenforceable, given the nature of the terms and the superior bargaining power of the doctor.  Doctors may even face liability for attempting to exercise their rights under the DMCA.  For example, if a doctor knows that he has not actually received a copyright assignment from the author of the review, then the doctor is potentially liable under the DMCA for submitting a take-down notice based on misrepresented information.  Because many reviews are published anonymously, some doctors require all patients to sign the contracts, in hopes of establishing that any patient publishing a review must necessarily have assigned the copyright to the doctor.  Even if a doctor does hold copyright assignments from all of her patients, the doctor may still know or suspect that a review had been fictitiously authored by a non-patient, who would not have signed any agreement.  The publication of patient reviews may also constitute noninfringing fair use, and at least one court has found that copyright owners must consider whether fair use applies before sending DMCA take-down notices.

In addition to potential liability under the DMCA, doctors may face problems arising from the legal consideration that they offer to patients in exchange for the copyright assignments.  In certain instances, the U.S. Department of Health & Human Services has prohibited doctors from representing that a patient’s agreement is in consideration for “providing greater privacy protection than required by law” when the law does, in fact, require such greater privacy protection.  Beyond the legal issues, the use of such contracts may also violate a doctor’s ethical obligation to put the patient’s interests before the doctor’s own financial interests.

Other industries have also explored the use of prospective copyright assignments, although with different— and less ambitious—approaches than Medical Justice recommends.  The Burning Man festival, for example obtains a joint ownership interest, together with attendees, in the copyright to any photographs taken at the event.  Attendees also agree to make only “personal use” of such photographs.  The agreement clarifies that, with respect to social networks, a use is only deemed “personal” if the attendee does not upload the images “with the intent to publicly display them beyond one’s immediate network, and if one’s immediate network is not inordinately large.”  The festival’s representatives have stated that these terms are intended to protect the event from commercialization, and to protect the privacy of the attendees.  In another example, the pop singer Lady Gaga reportedly requires a copyright assignment of photographs taken at concerts as a condition to obtaining press credentials.  The photographers receive a limited license to use the photographs in connection with a specific website for a four-month period.

As user-generated review websites such as Yelp continue to grow in popularity, one can anticipate increasingly clever uses of intellectual property law by businesses intent on exercising greater control over their online personae.  Yet, as the Medical Justice situation shows, too clever by half may not be clever enough.  In the end, while social media may provide a company with the world’s largest, most cost-effective platform for promoting its goods and services, that same platform is also available to the company’s detractors.

“Crowdfunding” or “crowdsourced funding” is a new outgrowth of social media that provides an emerging source of funding for a variety of ventures.  Crowdfunding works based on the ability to pool money from individuals who have a common interest and are willing to provide small contributions toward the venture, which potentially collectively add up to a critical mass of capital.  Crowdfunding can be used for accomplishing a variety of goals (e.g., raising money for a charity or other causes of interest to the participants), but when the goal is of a commercial nature and there is an opportunity for crowdfunding participants to participate in the venture’s profits, federal and state securities laws will likely apply.

Crowdfunding advocates have called on the U.S. Securities and Exchange Commission (“SEC”) to consider implementing a new exemption from registration under the federal securities laws for crowdfunding efforts.  For example, it has been suggested that the SEC exempt crowdfunding offerings of up to $100,000, with a cap on individual investments not to exceed $100.  The SEC is considering whether to implement an exemption for crowdfunding, in addition to a variety of other measures to encourage capital formation.

Absent an exemption from registration with the SEC (or actually registering the offering with the SEC), crowdfunding efforts that involve the sale of securities are in all likelihood illegal.  In addition to SEC requirements, those seeking capital through crowdfunding need to be cognizant of state securities laws, which include varying requirements and exemptions.  By crowdfunding through the Internet, a person or venture can be exposed to potential liability at the federal level, in all fifty states, and potentially in foreign jurisdictions.

The perils of crowdfunding were recently highlighted in an action, In the matter of Michael Migliozzi II and Brian William Flatow, that the SEC brought against two individuals in connection with their efforts to allegedly raise small contributions using the Internet in order to purchase Pabst Brewing Company for $300 million.  Migliozzi and Flatow settled the proceeding, consenting to a cease and desist order relating to the alleged violation of the registration provisions of the Securities Act.  The order indicates that Migliozzi and Flatow established the BuyaBeerCompany.com website, and then used Facebook and Twitter to advertise the website.  They sought pledges from participants in the crowdfunding effort, and in return participants were told that if the $300 million necessary to purchase Pabst was raised, the participants would receive a “crowdsourced certificate of ownership” as well as an amount of beer of a value equal to the money invested.

While no monies were ever collected from the crowdfunding participants that solicited pledges, the SEC alleged that Migliozzi and Flatow nonetheless violated the registration provisions of the federal securities laws by offering the security (in this case, the crowdsourced certificate of ownership) without registering the offer with the SEC or having an exemption, such as the private placement exemption, available for the offer.

Going forward, the SEC must carefully weigh concerns about the potential for abuse and fraud in connection with crowdfunded offerings as it considers whether to establish crowdfunding-specific exemption.  While amounts contributed by each individual in a crowdfunding scenario may be small, the potential to raise large amounts of capital exists given the power of social media (BuyaBeerCompany.com purportedly received over $200 million in pledges).  Given all of these factors, we are likely to see more crowdfunding cases come out of the SEC before the SEC comes forward with any proposals for exemptive relief.

In the end, crowdfunding is subject to what now seems like an old rule of thumb:  Just because you are raising money over the Internet or through social media does not mean that the same “old” rules as to the offer and sale of securities no longer apply.