A sad day for Philadelphia, to be sure, but what makes it noteworthy for purposes of this blog is that the city is threatening to sue Facebook, MySpace and Twitter for failing to monitor the postings that, according to police, arranged for the mob to convene in the Gallery (the indoor shopping mall at 11th and Market Streets) for a fight. This raises the same website immunity issue under 47 U.S.C. § 230 in the Communications Decency Act (CDA) that I blogged about in connection with last summer’s lawsuit against Domelights.com.

The CDA immunizes a provider of an “interactive computer service” from liability for most state and federal claims arising from objectionable content posted by third parties: “No provider … of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” See 47 U.S.C. § 230(c)(1)). Websites fall within the statutory definition of an “interactive computer service.”

The CDA immunity was enacted to promote robust and unfettered free speech on the Internet by insulating website operators and ISPs from defamation claims and other actions which are triggered by objectionable content originating with third parties and for which the site operator or ISP merely provides a forum or conduit. It would be difficult or impossible for the operator of a website with thousands of users to pre-screen all posts for tortious or other unlawful content, and the law does not require this. Courts have held the CDA immunity to preclude a wide variety of claims against websites relating to offensive, tortious and even dangerous activities of their users, including, in a recent decision involving MySpace, an alleged failure to implement security measures to prevent sexually predatory behavior by users against other users. However, a website runs the risk of being deemed an “information content provider” (and falling outside the scope of CDA website operator immunity) if it has a role in creating or soliciting the objectionable content.

Therefore, unless Facebook, MySpace or Twitter somehow had a hand in creating or soliciting any posts that incited the mayhem, it is difficult to see how the city could prevail in a claim for damages against them. This is how it should be. Social media provides networking tools and services to expand group communications, but like broadband and cell phone service, social media is morally neutral — it can be used for good (e.g., the Twitter Revolution in Iran) or ill (a mob of teenage thugs gathering at the Gallery for a fight).

If the operators of social media started losing expensive lawsuits because of their failure to monitor posts for hints of flash mob activity, they would have to charge for their services or go out of business. Internet privacy would probably also take a big hit as Facebook, MySpace and Twitter stepped up their monitoring and sharing of posts with law enforcement authorities. CDA website operator immunity was specifically intended to avoid such chilling effects on free speech.

More generally, the city of Philadelphia’s threats against social media betray the unfortunate mindset of big government nowadays that antisocial and self-destructive behavior must always be the fault, in whole or in part, of some business or society, not (or not simply) that of the persons engaging in the antisocial or self-destructive behavior. For example, childhood obesity is the fault of McDonald’s and other disseminators of “exploitive advertising,” not the fault of kids who eat Big Macs every day or their parents who let them. Plaintiffs’ lawyers aid and abet this erosion of personal responsibility and accountability by filing suits against businesses for failing to fulfill some fictitious duty to prevent every conceivable social harm.

At the risk of inciting political controversy, I respectfully disagree. The way to handle incidents like last week’s mayhem is not to sue technology companies on the West Coast, but to police known flashpoints such as the Gallery more aggressively and to mete out severe punishment for uncivilized behavior, which means jail time, not probation or community service. (In Philadelphia, the penalty for violating probation is often more probation, but that’s a separate issue.)

As a Center City resident who lives several blocks from the Gallery, I certainly share the city’s outrage over this latest flash mob incident. That is why I support the Philadelphia Police Department, the SEPTA transit police, and the Office of the District Attorney. But we’ve got to solve our own problems in Philadelphia, so let’s not pick on social media.

Personally, I enjoy Twitter (can’t deny it, since you’ll see my tweets all over www.baerbizlaw.com!). I understand its value as a promotional tool for entrepreneurs, and, as a technology and social media lawyer, I relish the legal mind-benders it raises. Still, I can’t say that millions of tweets like “Lying on the couch!” or “I’m sipping a capuccino!” make me shiver with voyeuristic delight or enrich the world.

Speaking of legal mind-benders, consider Horizon Group Management v. Bonnen, a Cook County, Illinois circuit court case in which a property management company brought a defamation suit against a former tenant who tweeted, “Who said sleeping in a moldy apartment was bad for you? Horizon realty thinks it’s okay.” The case is interesting because it involves not only the content of Ms. Bonnen’s tweet (defamation and libel require factual content, specifically the publication of a false statement of fact; pure opinions are not defamatory), but also how it should be interpreted in the Twitter context.

Ms. Bonnen was represented by attorneys at The John Marshall Law School Center for Information Technology and Privacy Law. In their motion to dismiss, counsel for the defense cited a 2009 study in which more than 40 percent of tweets were deemed “pointless babble.” (ONLY 40 percent?) “When one considers Ms. Bonnen’s allegedly defamatory tweet in the social context and setting in which the statement was published,” they argued, “its nature as rhetorical hyperbole is readily apparent.” Or, to put the argument more bluntly, given the widely acknowledged stupidity of Twitter and the verbal diarrhea of many of its adherents, no one should reasonably have read a factual dimension into Ms. Bonnen’s moldy tweet.

Circuit Judge Diane Larsen granted Ms. Bonnen’s motion to dismiss without issuing a written opinion, although she did note in court that the complaint was too vague. The result, therefore, turned on the judge’s view that the complaint was not well constructed enough to satisfy the Illinois defamation standard.

Although I admit I was not in the courtroom, I find the outcome a bit surprising because the tweet does seem to state, or at least clearly imply, that Ms. Bonnen was or is a tenant in an apartment managed by Horizon and that she experienced mold in that apartment. The “social context” of the tweet may be a legitimate focus of inquiry at trial, but essentially holding tweets to be opinion, i.e., not “serious”, at the motion to dismiss stage is a bit hasty.

More broadly, I disagree with the notion that tweets are qualitatively different from other communications from a legal standpoint. You can communicate facts and harm reputations in a 140-character microblog post, just as you can through more traditional media. The medium shouldn’t matter. In its response to the motion to dismiss, the property management company pointed out that, indeed, many tweets are serious — for example, the U.S. Centers for Disease Control and Prevention use Twitter to publish information.

At a national intellectual property law seminar I attended last year, a roomful of IP lawyers representing big law firms, media companies and, of course, Baer Business Law largely agreed that tweets could even be copyrightable, if they contain a “modicum of creativity,” the copyright protection standard stated by the Supreme Court in the Feist case (which held that alphabetical telephone listings are not copyrightable). Twitter may very well be novel, if not epochal, as a unifier of the human family. Having said that, treat with extreme skepticism any claim that tweets are legally different from anything else you write.

Title II of GINA prohibits both the use of individual genetic information in making employment decisions and any action by an employer to “request, require or purchase” genetic information, subject to certain limited exceptions. It also imposes strict confidentiality requirements when an employer or other covered entity comes into possession of genetic information. Title II applies to private and governmental employers with 15 or more employees. “Genetic information” is defined in the statute to include not only information about an individual’s genetic tests, but also genetic tests of family members and family medical history, including the manifestation of a disease or disorder in a family member. “Family members” include dependents as well as relatives of an individual or dependent from the first to the fourth degree. So, to take a completely hypothetical example, the fact that a maternal grandmother died of lymphatic cancer would be protected genetic information. This casts a very wide net indeed.

Employers Are Looking at You Online

The policies behind Title II of GINA are laudable: maintaining privacy and protecting individuals from job-related discrimination due to factors that are totally outside their control and not meaningfully related to their job qualifications or performance (but that may give rise to certain assumptions about insurance costs, work attendance, etc.). However, It’s not difficult to see how such an expansive definition of genetic information can create a legal minefield when blogs and social media are worked into the equation.

Blogs and social media provide the tools for us to share and publicize details about our personal lives, about where we are in this world and what we’re going through right now, as well as to foster an ever-greater interconnectedness that provides a substrate of meaning at the same time as it boosts our audience size. For these reasons, many employers, particularly those hiring for positions involving significant professional responsibility, customer or public exposure, or access to confidential information, Google job applicants and examine personal blogs and social media profiles as part of their due diligence process.

Generally speaking, employers are not legally prohibited from doing this and taking the findings into account when they make decisions about you (as long as the decisions aren’t based on certain impermissible factors defined by the law, such as race, gender, age, disability and now genetic background).

Therefore, if you plan to apply in the future for a financial services position managing the portfolios of wealthy clients, I would strongly advise you not to post a college photo of yourself drowning your svelte naked body in Yuengling. However humorous and compelling such a photo may be — and I really do like Yuengling! — it can easily be pulled up on the Internet years after it is posted, i.e., when you’re older, more professionally oriented and sober.

Finding Family Medical Information Online

All kidding aside, what if someone’s family member is ill and, out of an understandable desire to unburden herself and seek support from her user community, she shares information about the illness and the distress she is experiencing? If an employer then reads the page, does this constitute an illegal acquisition of genetic information?

GINA’s prohibition on requesting, requiring or purchasing genetic information excludes situations “where an employer purchases documents that are commercially and publicly available (including newspapers, magazines, periodicals, and books, but not including medical databases or court records) that include family medical history.” In its proposed regulations issued in March 2009, the EEOC expanded the commercially and publicly available document exception to also cover genetic information from documents that are available “through electronic media, such as information communicated through television, movies, or the Internet, except that a covered entity may not research medical databases or court records, even where such databases may be publicly and commercially available, for the purpose of obtaining genetic information about an individual.” (Such information also would not be covered by GINA’s confidentiality requirements, although it still could not be used to discriminate.)

The EEOC is seeking further comment on how genetic information acquired from personal websites such as blogs and social networking sites should be treated.

Some commenters have recommended a total exclusion for information on publicly available web pages, on the theory that employers should not be penalized for stumbling across information that an individual deliberately posts for the entire world to see (obviously, making an employment decision based on this information would still be forbidden).

Other commenters have urged the EEOC to take into account the site’s user restrictions and privacy settings: if an employer pries its way into a restricted user group (like in the Pietrylo case) whose members can view an individual’s family medical history, that looks more like an illicit attempt to acquire private or protected information than reading a publicly available website.

Still other commenters have suggested a regulatory standard that delves into the employer’s motives: is the employer searching sites for the specific purpose of obtaining genetic information? From the viewpoint of an attorney counseling businesses, I hope the EEOC avoids such a subjective test, since anyone could raise this accusation in a legal or administrative complaint with the flimsiest of evidence (or no evidence whatsoever). Due to the messy factual issue of intent it would be difficult for the employer to get the case dismissed before trial, meaning that costly litigation would be an ever-constant threat. However, the EEOC may already be thinking along these lines, since its proposed rules prohibit an employer from researching publicly available medical databases and court records for the purpose of obtaining genetic information.

Employers: Be Careful Where You Look

Even before the EEOC speaks on these issues, employers should take special note of GINA where online research plays a role in employment-related decisions. My advice to employers is to focus on the presence or absence of naked beer-waterfall photos and other content that is clearly relevant to a candidate’s judgment or his or her qualifications to hold a position; don’t go searching for (or dwell on or document) confessional posts about a sick aunt, however poignant and compelling they may be. If you do, you may risk a claim for either illegal acquisition of genetic information or (if the candidate is turned down or suffers some other adverse employment action) genetic discrimination.

Technology marches on, and, as always, the law struggles to keep up and adapt.

In my view, the disclosure requirements don’t apply to a typical sponsored ad run by an affiliate site because someone looking at the ad is likely to understand it as advertising for which the site is (presumably) being compensated. The disclosure requirements apply to an “endorsement,” which the new rules define as an advertising message that consumers will likely believe reflects the opinions, beliefs, findings or experience of a party OTHER THAN THE SPONSORING ADVERTISER, whether the endorser’s statements are the same as or different from the sponsoring advertiser’s. If a consumer perusing a site is likely to think it is the site owner or blogger speaking, not the seller of the product being written about, then there may be a disclosure obligation if the site owner or blogger is being comped or incentivized somehow for making the posts.

If disclosure is required, it must be “clear and conspicuous.” In FTC parlance, this requires, among other things, putting the disclosure somewhere near the post that constitutes the “endorsement” (i.e., the advertising). I would NOT bury it in the site T&C’s — the FTC has criticized this practice in other contexts (such as behavioral advertising) where it favors clear disclosures. So if there are multiple posts that constitute endorsements, you may need to include a short disclosure at the end of each post (unless you can associate a single disclosure with multiple posts in a way that makes it clear the disclosure relates to all of them).

Having said that, I also don’t think it is necessary to include a paragraph of legalese in each case. You might think about including a simple link entitled “Advertising Disclosure” after each post that causes a pop-up box to appear with a one-sentence disclosure (e.g., “The product reviewed here was provided by ____ free of charge.”). The bottom line is that I don’t believe the FTC is going to take a hard line on bloggers, particularly where there is some good-faith attempt to comply (as described above). The FTC itself has signaled that its primary target for enforcement will be advertisers, not bloggers. On the other hand, the product sellers may end up dictating what sort of disclosure they want, since they are also liable if bloggers don’t make the required disclosure.

Finally, with regard to affiliates who are also bloggers, a big question is what kind of incentive are they getting for writing favorable blog posts? Is it merely the affiliate advertising revenue (i.e., they want to say good things about the product they are running affiliate ads for) or are they getting something else too?

The latter case is easy — I would say include disclosure near the relevant blog posts, as discussed above. In the former case, one could make the argument that the presence of the ad means consumers are likely to suspect that the site owner has a compensated relationship with the product seller and therefore that the blog posts are sponsored advertising; ergo, no additional disclosure is needed. To be safe, I would probably still include some kind of short disclosure about the relationship, but the point is at least arguable. I think an ordinary blogger/affiliate running a site out of his house who isn’t realizing a significant amount of revenue and hasn’t previously been warned by the FTC is not facing a huge risk. (That said, if the FTC reads this blog or my article and comments on ReveNews, they may disagree with me!)

Now for my own disclosure: the foregoing is provided for informational purposes only and does not constitute legal advice on a specific matter. You should consult with an attorney (hopefully me!) before taking any definite action on this or any other legal matter.

On October 5, the FTC issued its final revised Guides Concerning the Use of Endorsements and Testimonials in Advertising (available for download here), the first rewrite of the Guides since 1980. While their title is not particularly noteworthy, these new rules broadly extend the concept of endorsements and testimonials to include as sponsored advertising all sorts of loose new media relationships that are increasingly used by marketers in place of traditional radio and television advertising and paid endorsements. (They also include changes in other areas, such as disclosures that must be made when advertising the results of using a product.) The Guides do not purport to be binding law, but are rather administrative interpretations of the law, issued to provide guidance on what the FTC considers to be deceptive behavior. However, violations are punishable by civil penalties of up to $11,000 per violation. The revised Guides will become effective on December 1, 2009.

For example, a marketer may provide unsolicited samples of its products to members of a blogger network who sign up for the network so that they can review the products on their sites. Or a marketer may supply a product, such as a video game, to one particularly well-read blogger known as an expert or authority in his area in the hope of gaining a positive review. Or the marketer may institute a word-of-mouth or viral marketing scheme where participants receive something of value (such as a payment or an entry in a sweepstakes) to e-mail their friends or send out tweets about the marketer’s product. All of these relationships may now be characterized by the FTC as endorser-advertiser relationships, wherein both the “endorser” (i.e., the person generating the content about the product) and the “advertiser” (the marketer) must ensure the absence of false or misleading statements and the “clear and conspicuous” disclosure of connections that are not reasonably expected by the target audience and are likely to influence purchasers’ assessment of the credibility of the statements.

When is a Favorable Post an “Endorsement”?

The threshold question is obviously what level of incentive turns blogger commentary about a marketer’s product into an “endorsement,” thereby rendering both the blogger and the marketer potentially liable for failure to disclose material connections and for deceptive statements. The FTC notes:

“[A] blogger could receive merchandise from a marketer with a request to review it, but with no compensation paid other than the value of the product itself. In this situation, whether or not any positive statement the blogger posts would be deemed an “endorsement” within the meaning of the Guides would depend on, among other things, the value of that product, and on whether the blogger routinely receives such requests. If that blogger frequently receives products from manufacturers because he or she is known to have wide readership within a particular demographic group that is the manufacturers’ target market, the blogger’s statements are likely to be deemed to be “endorsements,” as are postings by participants in network marketing programs. Similarly, consumers who join word of mouth marketing programs that periodically provide them products to review publicly (as opposed to simply giving feedback to the advertiser) will also likely be viewed as giving sponsored messages.”

As an example, the Guides posit a consumer who purchases a new brand of dog food and reviews its favorably on her personal blog. If she purchases the dog food with her own money or gets it for free because the store routinely tracks her purchases and generates a coupon for a free trial bag of the new dog food, there is no endorsement. However, if the consumer gets the dog food as a result of joining a network marketing program under which she periodically receives various products about which she can write reviews if she wants to, her positive review will be considered an endorsement. As another example, a college student who has earned a reputation as a video game expert receives (as he has in the past) a copy of a newly released video gaming system along with a request from the manufacturer to write about it on his blog. He tests it out and gives it a favorable review. This is also an endorsement, and the FTC comments that because the review is disseminated via a form of consumer-generated media in which his relationship to the advertiser is not inherently obvious, and given the value of the gaming system, the blogger should clearly and conspicuously disclose that he received it free of charge. Furthermore, “[t]he manufacturer should advise him at the time it provides the gaming system that this connection should be disclosed, and it should have procedures in place to try to monitor his postings for compliance.” (Presumably, the Guides’ additional rules on the use of expert endorsements in advertising would also apply here.)

In yet another example given by the FTC, a skin care product manufacturer participates in a blog advertising service that matches up advertisers with reviewers. The marketer requests that the blogger try out its new body lotion and write a review. The blogger, totally on her own initiative and without any direction from the manufacturer, makes an unsubstantiated recommendation that the product cures eczema. Both the manufacturer and the blogger will be liable for the unsubstantiated claim and any failure to disclose that the blogger is being paid.

The FTC has explained that the purpose of the new rules is to treat new media in the same manner as traditional journalistic and advertising outlets. However, as a practical matter, many businesses treat these channels differently and will have to scramble to implement the necessary monitoring and enforcement mechanisms. For example, it is not uncommon for a business to buy a sponsorship from a non-profit organization where one of the benefits of the sponsorship is a favorable mention on the organization’s blog. In many cases, the sponsorship agreement is spotty and does not include detailed restrictions on what the organization can and cannot say about the sponsor’s products, and it is doubtful that anyone at the sponsor is giving the non-profit organization’s Web 2.0 chatter a compliance review. Indeed, the whole point of marketing to bloggers and through social media is to support a spontaneous and unforced style of commentary that has greater authenticity for cynical, tech-savvy consumers. Of course, in response to such comments the FTC has countered that its rules are designed precisely to protect consumers’ ability to rely on this quality of the blogosphere in making purchasing decisions. Liability depends, then, not on the existence of direct control over bloggers, but on whether “the advertiser initiated the process that led to [the] endorsements being made – e.g., by providing products to well-known bloggers or to endorsers enrolled in word of mouth marketing programs ….”

Design a Compliance Program

Unfortunately, corporate legal departments will now have to extend the long arm of compliance over a whole host of Web 2.0 marketing activities that until now may have been loosely policed, if at all. “In employing this means of marketing,” the FTC dryly observes, “the advertiser has assumed the risk that an endorser may fail to disclose a material connection or misrepresent a product, and the potential liability that accompanies that risk.” However, it also states that in the exercise of prosecutorial discretion it will consider “the advertiser’s efforts to advise these endorsers of their responsibilities and to monitor their online behavior ….”

The first step for companies, then, is to get a handle on what their marketing departments are doing to curry favor with bloggers and create buzz through viral online marketing. It is especially important to get a firm handle on the activities of advertising and PR agencies, since the FTC will hold companies responsible for the actions of these third-party agents. If compensation, free products or other valuable incentives (such as sponsorships) are being offered in the hope of stimulating positive reviews, then the company should institute and document a process of advising bloggers and other new media commenters about their duty to disclose material connections and the limits on the factual claims they can make about a products and its beneficial effects. There should also be periodic monitoring of the resulting posts, with documented follow-up action if necessary, to make sure they comply with the FTC’s endorsement guidelines.

If blogger relationships are managed through an advertising agency or other third party, the written contract with that third party should specifically address each party’s rights and obligations with respect to monitoring and compliance. At the very least, a company should reserve the right to audit and pre-approve an advertising agency’s solicitation of bloggers so that the company knows which bloggers the agency is dealing with and whether the relationships are of a type that could lead to advertiser-endorser liability and can monitor the bloggers’ posts about the company’s products.

If all this sounds like overkill (and no doubt it will meet with fierce resistance in some online marketing departments), it is critical to remember that incentivized blogger buzz is now treated the same as any paid endorsement: according to the FTC, both are advertising subject to disclosure requirements and prohibitions on misleading or unsubstantiated claims. The compliance burden may, in fact, prove too onerous for some companies. In this case, their best bet is to implement policies that prohibit the payment of compensation or giving away of valuable products in the hope of generating positive online buzz. Favorable reviews are not “endorsements” within the meaning of the Guides unless they have been incentivized in some way.

Implement a Social Media and Blogging Policy

Promoting compliance within organizations also it makes it essential, now more than ever, to have a social media and blogging policy that covers both references to the company and its products in employees’ personal posts as well as the use of social media and blogs for marketing and other business purposes. Not only is it a best practice to treat company-initiated social media and blog posts as official corporate communications that require consideration of regulatory, securities, litigation and reputational risk issues, and possibly prior legal or regulatory review; the possibility that third-party posts may now be deemed company-initiated endorsements makes it vital to bring all Web 2.0 activities under one comprehensive policy. Furthermore, according the Guides, a company employee who posts messages on an online message board promoting the company’s product (a common practice) must clearly and conspicuously disclose his or her relationship to the company. This requirement should be specifically spelled out in the company’s social media and blogging policy.

Tips for Bloggers

As for bloggers and other online commenters, they should be sure to disclose any compensation or benefits they receive to comment on products and, if they do have such a connection to a marketer, should be very careful to follow the guidelines furnished by the marketer (which the marketer is required to provide) and not make general or sweeping factual claims about the product or any claim that can’t be easily substantiated. If a blogger chafes at submitting to this degree of oversight and control, he always has the option of buying the product himself, for example, rather than receiving it as a freebie. The FTC has indicated that advertisers and not bloggers will be its main enforcement target. However, a blogger who runs a “substantial operation” that violates the rules and who receives a warning will still be at risk. Moreover, the FTC can adopt a more aggressive enforcement stance at any time.

The FTC’s rulemaking will heavily influence the way marketers generate buzz on the Internet and warrants close scrutiny of participation in blogger and viral incentive programs by all parties involved.

Some interesting tidbits from the seminar –

Can you have a copyright in a tweet? In theory, yes. While Twitter requires tweets to be 140 characters or less, there is no reason why a tweet can’t possess the minimal “modicum” of creativity needed to be copyrightable. After all, short poems and haikus are copyrightable. However, “I’m sitting on the couch” probably doesn’t qualify.

Does a copyright owner have an obligation to consider fair use before sending a Digital Millennium Copyright Act take-down notice? Yes, at least according to the federal district court in the famous “dancing baby case” of Lenz v. Universal Music Corp., 572 F.Supp.2d 1150 (N.D.Cal. 2008). A mom had posted a 29-second video on YouTube (you can see it here) showing her toddler bopping up and down with a Prince song playing in the background. The sound quality was awful, to put it charitably. However, Universal issued a DMCA take-down notice, YouTube complied, and then angry mom sued Universal for allegedly misrepresenting in its notice that it had a good-faith belief that the use of the material was unauthorized (a statutory requirement under the DMCA) and for a declaratory judgment that her use of the song was non-infringing. Angry mom won. Everyone at the seminar agreed this was pretty obviously a fair use (it’s non-commercial and the record company is not going to lose any royalties from Prince aficionados duping the song off the video rather than downloading it from iTunes or buying the album). So, all you copyright owners, think before you bring out that big DMCA hammer.

Transform, transform, transform. In the era of digital fair use, everything’s about “transformation,” which can often happen in a mashup or otherwise through the use of digital editing tools. The Copyright Act lists four factors to be taken into consideration when evaluating whether or not a use of copyrighted material is a fair use. One of these is the purpose and character of the use, including whether the use is of a commercial nature (fair use is often, although not exclusively, associated with non-commercial uses like education, criticism, news reporting, etc.) When assessing the purpose and character of a use and in which party’s favor this factor weighs, courts consider whether the use is “transformative” of the original material. This is nowhere in the Copyright Act, but it is all the rage in digital fair use cases.

Bottom line: while there is no simple calculus, if the use you are making of copyrighted material is not a traditional fair use, you can help yourself by making sure it significantly transforms the nature and/or purpose of the content somehow (as opposed to simply reproducing it or reproducing it with modifications). So, for example, when Ben Stein used a 15-second clip of John Lennon’s song “Imagine” in his film Expelled to critique the anti-religious message of the song and comment on the concept of a world without religion, the court in Lennon v. Premise Media Corp., 556 F.Supp.2d 310 (S.D.N.Y. 2008) found Messr. Stein’s use highly transformative.

What should you ask for in your widget development contract? SLA’s and source code escrow (if the developer is going to host the widget), insurance (general liability and E&O to establish that your developer is a real business; however, copyright and trademark infringement insurance may be too expensive), ownership of rights in the widget, acceptance criteria, delivery deadlines.

Embedding third-party content on your site. To reduce the risk of copyright infringement liability, stay away from uses that are clearly infringing, stick to official embed channels for videos from major rights-holders like TV networks, stick to the more popular amateur videos, and where appropriate include commentary, criticism and/or analysis, because that helps you a make a “transformative use” argument (see above).

Enjoy the weekend and stay dry.

Domelights.com is an Internet message board operated by and for Philadelphia police officers (the domain name refers to the rotating colored lights that you do not want to see in your rearview mirror when you are speeding or implicated in some worse offense). Posting anonymously, police officers, firefighters and others use the site to engage in no-holds-barred commentary and criticism about the Police Department and crime and policing issues in Philadelphia generally. The site has gained a substantial following among police officers for its candid and unvarnished content and is widely read within the Department.

A popular website for cops is the focus of a Web 2.0 lawsuit

Last Thursday (July 23), the administrator of Domelights.com, named on the site only as “McQ” (but identified by the press as Police Sergeant Frank McQuiggan), shut down the site in response to the local and national media attention generated by a federal civil rights lawsuit filed by the Guardian Civic League, the National Association of Black Law Enforcement Officers and the NAACP against the Philadelphia Police Department as well as the website, its operators and users in their private capacities. The suit essentially alleges that the operating and moderating of Domelights.com and its frequent viewing and use, all of which allegedly took place both at and outside of work, have created a “racially offensive and hostile work environment” for black police officers in violation of federal anti-discrimination statutes; the plaintiffs are seeking compensatory and punitive damages, as well as an injunction shutting down the site. (As mentioned above, the site has already been voluntarily suspended, although the duration of this hiatus is unknown. Philadelphia Police Commissioner Charles Ramsey has also blocked access to Domelights.com from Police Department computers.)

The demand for action to be taken against the site and the police officers who operate and use it obviously raises First Amendment concerns, but for purposes of this blog, our focus will be the question of whether a website operator can legally be held responsible for racist postings by site users. The Communications Decency Act of 1996 (CDA), 47 U.S.C. § 230 et seq., immunizes a provider of an “interactive computer service” from liability for most state and federal claims arising from objectionable content posted by third parties: “No provider … of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” See 47 U.S.C. § 230(c)(1)). Websites fall within the statutory definition of an “interactive computer service.”

The CDA immunity was enacted to promote robust and unfettered free speech on the Internet by insulating website operators and ISPs from defamation claims and other actions which are triggered by objectionable content originating with third parties and for which the site operator or ISP merely provides a forum or conduit. It would be difficult or impossible for the operator of a website with thousands of users to pre-screen all posts for tortious or other unlawful content, and the law does not require this. Courts have held the CDA immunity to preclude a wide variety of claims against websites relating to offensive, tortious and even dangerous activities of their users, including, in a recent decision involving MySpace, an alleged failure to implement security measures to prevent sexually predatory behavior by users against other users. Sites that exercise the traditional function of a publisher by editing content normally do not lose CDA immunity by virtue of this activity, and the CDA provides a further immunity for restricting access to objectionable content.

However, CDA immunity is not unlimited. The CDA categorically excludes certain types of claims from the immunity, such as intellectual property claims and federal criminal violations. In addition, certain actions of a website in developing or soliciting objectionable material can render the site an “information content provider” with respect to such material (defined as someone “responsible, in whole or in part, for the creation or development of” the material) and thus prevent it from asserting CDA immunity if the material in question is unlawful. For example, aggressive editing that transforms the meaning of a post in an objectionable way (such as by making it defamatory) has been held to strip a website of CDA immunity.

Two recent federal appellate court decisions, both involving the anti-discrimination prohibitions in the federal Fair Housing Act, will be important in determining whether Domelights.com is immune from federal civil rights liability. In Chicago Lawyers Committee for Civil Rights Under Law, Inc. v. craigslist, Inc., 519 F.3d 666 (7th Cir. 2008), the Seventh Circuit held that craigslist was immune from liabiliy for discriminatory housing advertisements posted in its classifieds section. On the other hand, in Fair Housing Council of San Fernando Valley v. Rommmates.com LLC, 521 F.3d 1157 (9th Cir. 2008), the Ninth Circuit reached a different result, holding that a site connecting prospective roommates according to their backgrounds and preferences was not immune from potential Fair Housing Act Liability.

The Fair Housing Council case hinged on a subtle analysis of the site’s role in eliciting information about preferred sexual orientation and other factors in mandatory questionnaires that were used to create member profiles, and then publishing and distributing these profiles in a selective manner (i.e., using a member’s preferences to determine which other members would receives notices about his or her roommate search and/or be permitted to view that user’s profile). The court found that the site’s active role in soliciting and enabling potentially discriminatory communications and decision-making robbed it of CDA immunity. This case is confusing and a bit troubling, especially because other courts have held that a site does not lose CDA immunity simply by providing tools that facilitate user communications.

Based on the legal authority, Domelights.com itself should be able to escape liability for third-party posts it did not have a role in creating or soliciting, even if the creation, distribution and viewing of these posts does rise to the level of a civil rights violation (which is unclear). Of course, the officers involved are in a world of trouble regardless, and the image and integrity of the Philadelphia Police Department have been sullied yet again, which is unfortunate.

In writing this post, I do not mean to excuse the sort of racism alleged in the plaintiffs’ complaint. A couple of the posts cited in the complaint are absolutely appalling, as are certain vicious and threatening posts made on Domelights.com against the Guardian Civic League President Rochelle Bilal in response to her suit. Such conduct is a unacceptable and a disgrace for the City of Philadelphia, even if Ms. Bilal’s suit is not entirely fair to the Police Department and creates a constitutional and cyberlaw conundrum.

I write only as a humble Internet lawyer interpreting the applicable statute and case law. Having said that, since a major part of my job is to represent clients who enable and provide emerging technologies and media, I will confess that, like the drafters of the CDA’s immunity clause, I have a bias in favor of promoting freedom of cyberspeech, even when that expression is (as it so often is) repellent.

In Pietrylo, a bartender at Houston’s Restaurant in Hackensack, New Jersey created a password-protected, invitation-only discussion forum on MySpace for employees to kvetch about the restaurant, company practices, the customers and anything else on their minds. The content of the postings was frequently derogatory and racy. However, the discussion group was created and maintained on the employees’ personal time and without using the employer’s computers or Internet access. A group member light-heartedly showed the discussion group page to a restaurant manager (not so bright move there), only to be asked the following week to provide her sign-in information to another manager. The second manager accessed the MySpace discussion group and was not amused. Pietrylo and a fellow server were told to take a hike.

The two employees then brought suit against Houston’s owners for wrongful termination, invasion of privacy and violations of the federal Electronic Stored Communications Act and New Jersey’s Wiretapping and Electronic Surveillance Control Act, among other things. The case was tried in the federal district court for the District of New Jersey. On June 16, the jury returned a verdict which found liability under the federal and state statutes, but rejected all of the plaintiffs’ other claims, including their claim for invasion of privacy (notably, the jury decided that the plaintiffs had no reasonable expectation of privacy in the online communications).

The result hinged, rather, on what was perceived to be unauthorized accessing by the employer of an invitation-only discussion group, access made possible as the result of a coercive request to turn over the sign-in information. Finding such behavior malicious, the jury concluded that the employer had unlawfully invaded protected electronic communications and awarded the plaintiffs $17,000 in back pay and punitive damages.

A limited victory for Pietrylo, to be sure. However, if the employer had not been so ham-handed, the result would probably have been different. For example, instead of accessing the discussion group directly, the restaurant manager could have asked a member to provide printouts or screenshots. Or it could have documented the hand-over of the sign-in information so as to dispel any suggestion of coercion. The case does NOT stand for the proposition that employees cannot be fired for criticizing their employer on their own time. (With that said, employers should still implement Internet posting policies specifically stating that employees have no expectation of privacy in commentary they post on blogs and social networking sites.)

The great username rush on Facebook highlights a critical problem for trademark owners: what to do about “name squatters” who register usernames on Facebook, Twitter and other social networking websites containing third parties’ trademarks? This behavior is sometimes innocuous (for example, the registrant may be a fan of the trademark owner), sometimes annoying (e.g., a prankster uses a corporate username to make snarky comments critical of the company) and sometimes downright dangerous (e.g., a fraudster impersonates a bank in a phishing scheme intended to obtain sensitive customer information). In their terms of use Facebook and Twitter reserve the right to reclaim usernames, and thus filing a complaint and working with the social networking sites to effectuate a transfer or cancellation of the username is probably a trademark owner’s first and best line of attack against a name squatter (obviously, if the trademark owner gets there first and registers the username itself, that is the most preferable outcome).

With regard to trademark law remedies, the landscape is eerily similar to that which existed in the late 1990’s, when cybersquatting (the bad-faith registration of domain names containing or confusingly similar to others’ trademarks) was rampant, but shoehorning a case into the existing trademark causes of action for infringement and false designation of origin was difficult. As we intellectual property lawyers know, Congress solved that problem in 1999 by passing the Anti-Cybersquatting Consumer Protection Act (15 U.S.C. Sec. 1125(d)). The problem here is that cybersquatting as prohibited in that statute is defined as the registration or use of, or trafficking in, a “domain name” with a bad-faith intent to profit. One could argue, of course. that inclusion of a third party’s trademark in a Facebook vanity URL constitutes registration of a domain name, but this seems dubious: an argument at least equally powerful can be made that the trademark is contained outside of the domain name.

Under the circumstances, the classic causes of action for trademark infringement (15 U.S.C. Sec. 1114) and false designation of origin (15 U.S.C. Sec. 1125(a): in a nutshell, this is using a word or term or making a false or misleading statement which is likely to cause confusion, deception or mistake about the sponsorship, affiliation, origin or approval of a person or its goods or services) are probably the trademark owner’s best bets. If the name squatter can be identified (increasingly a difficult task in the online world), the plaintiff can request the court to award treble damages and, in exceptional cases, attorneys’ fees. These remedies are mandatory if the court finds that the defendant intentionally used a counterfeit mark. However, the defendant’s activities must constitute use of the plaintiff’s mark in commerce and must be in a manner that is likely to confuse or deceive, or to cause mistake by, the public. Therefore, the fans and pranksters mentioned above are less likely to be liable, since they are not using the mark in connection with goods or services (other than referring to the trademark owner’s) and, in any event, are not likely to be confused with the trademark owner. On the other hand, a fraudster who impersonates the trademark owner to obtain money or information and a competitor who uses the owner’s mark in a username to attract traffic to a profile or page promoting its own goods or services is more likely to satisfy the statutory requirements. The first lawsuits have barely been filed, so it will take a year or two to see how all this shakes out — assuming Congress doesn’t act first by passing some sort of anti-social media squatting legislation.

As always, stay tuned ….